Category: Chokepoint

Pacemaker – a #HeartBleed probing utility

Here’s a really cool quick & dirty utility that Chokepoint has made:
pacemaker

Pacemaker is a utility that scans the Alexa Top 1 million websites [1] and attempts to connect to their port 443. If this succeeds, Pacemaker tries to inject the HeartBleed [2] vulnerability (http://heartbleed.com/) in order to retrieve data from the servers’ memory. An initial scan was performed on April 11th, where approximately 30 000 vulnerable websites were uncovered. Since then, Chokepoint Project have been re-scanning those URLs to see whether they have been patched, and that number has shrunk by about 10 000.

By now we all know how serious an issue heartbleed is, affecting nearly all aspects of our use of networks. We were very interested to know more about the rate of adoption of patch implementation. Despite the very good adoption in the Alexa top 1 Million, given the severity of this particular bug it is a little depressing to see that at the time of writing (2014-04-15 20:24:08.) there are still 19721 sites unpatched. This might seem like a small number, but given that there are more than 246 million domains in the world and we have scanned only the top 1 Million according to Alexa, and have only scanned for webservers not for anything else, it is not unlikely that there might still be more than 5 million unpatched systems out there” said Chokepoint Project´s Ruben Bloemgarten.

 

What Pacemaker does not do :

The URL probing tool has a 5 second timeout to complete the request. If said request does not return within that time frame, it is marked as unresponsive, and therefore not considered vulnerable anymore. These timed out urls are not rechecked afterwards. In the same vein, it would be interesting to keep scanning the total of 1 million urls in case servers have been patched temporarily but are now again vulnerable, or some site owners took the website down (timing out the request, or failing) but failed to patch properly. URLs that do not have SSL are also marked as non-vulnerable and currently not re-checked. For full details, see https://github.com/l-r/heartbleed-masstest.

 

[1] About Alexa

Alexa Internet, Inc. is a subsidiary company of Amazon.com which provides commercial web traffic data. Its toolbar collects data on browsing behavior and transmits it to the Alexa website, where it is stored and analyzed, forming the basis for the company’s web traffic reporting. As of 2014, Alexa provides traffic data, global rankings and other information on 30 million websites, and its website is visited by over 8.8 million people monthly. https://en.wikipedia.org/wiki/Alexa_Internet

[2] About Heartbleed

Heartbleed is a security bug in the open-source OpenSSL cryptography library, widely used to implement the Internet’s Transport Layer Security (TLS) protocol. This vulnerability is due to a missing bounds check in the handling of the Transport Layer Security (TLS) heartbeat extension. http://en.wikipedia.org/wiki/Heartbleed

Knight News Challenge proposal

Chokepoint’s joint proposal with OONI has made it to the “semi-finals” of the Knight News Challenge. The theme is How can we strengthen the Internet for free expression and innovation? The proposal is posted below but please head over to our Knight challenge page and “applaud” it. 🙂

Global Internet Monitoring Project

The internet’s potential as a medium for innovation and self-expression is hampered by increasingly invasive surveillance and censorship practices, which stifle the freedom of expression and the empowerment of marginalized voices worldwide. The incidental, anecdotal reporting on these practices is insufficient to provide policy makers, researchers and the general public with a comprehensive perspective on the scope and reach of these practices. Our goal is to provide a monitoring platform that delivers structured, up-to-date information that reflects the reality of internet censorship and surveillance, using open software, an ethical data governance framework, and peer reviewed methodologies.
knight

With the rapid growth of censorship and surveillance practices that directly or indirectly violate civil and human rights, it has become of vital importance to augment our incidental and anecdotal understanding of these practices with on-going, evidence-based reporting on what is actually happening on our networks. To achieve this requires a globally distributed network of standardized network measurement nodes, as well as powerful analysis and visualization tools.

We, the Tor project and Chokepoint Project, have over the past two years amassed extensive technical and domain-specific expertise on the detection, analysis and reporting of surveillance and censorship events. The Tor Project has been developing open standards, software and a methodology for conducting measurements. Chokepoint Project has been working on near real-time processing, analysis, visualization and contextualization of this type of data.

For this proposal, we aim to extend, improve and integrate the existing software systems and analysis tools, with the goal of enabling more comprehensive, evidence-based, and up-to-date reporting on censorship and surveillance events. Our proposal works towards this goal with a three-pronged approach:

1. Expand and improve Tor’s ooni-probe software suite, which provides the basic infrastructure to support a globally distributed measurement network.

  • Support for running ooniprobe on raspberry pi devices.
  • Running tests periodically, making ooniprobe a system daemon.
  • Support for remotely provisioning probes with tests and inputs to run based on their geographical location and ASN.

2. Integrate and enhance Chokepoint’s data analysis and visualization tools, to incorporate and report on data from the ooniprobe software suite.

  • Automated processing of ooniprobe yaml reports.
  • Automated analysis of ooniprobe yaml reports.
  • Automated collection of ooniprobe yaml reports
  • Support for automated generation of analytics visualization and analytic data downloads.

3. Reach out to Tor’s and Chokepoint’s extensive list of contacts to plan the deployment of ooniprobes “on the ground”, in a selected set of 10 to 20 countries.

  • Survey creation and distribution to determine country specific internet use
  • User feedback features
  • Training material
  • Plan for software distribution

Since no country is alike, and internet use is equally diverse, any measurement needs to be contextualized into a regional socio-political framework. Surveys will be distributed to on-the-ground partner organizations to construct a measurement methodology that yields culturally relevant results.

In ONE sentence, tell us about your project to strengthen the Internet for free expression and innovation.
We believe that open and continuous knowledge detailing the innards of internet censorship reveals the cost it encumbers to freedom of expression and global innovation.

 

Who will benefit from what you propose? What have you observed that makes you think that?
We believe that access to up-to-date, properly contextualized, empirically verifiable information on surveillance and censorship benefits policy makers, researchers and the general public. Currently, this information, if it is available at all, is extremely fragmented, out of date, and/or unverifiable. While the past years have seen some laudable efforts on the part of influential actors to share more information more broadly, they do not generally meet the requirements of broad (geographical) scope, timeliness, and verifiability. Since it is imperative that decisions influencing internet freedom are formulated based on facts rather than anecdotal reports, policy makers will benefit from the ability to focus on actual, rather than suspected (or merely publicized), issues. Furthermore, researchers, in particular those who explore the socio-political ramifications of the internet within the context of freedom of expression and the right to privacy, will benefit from open access to a large repository of continuously updated information. Finally, the general public will benefit, by gaining a deeper understanding and increased awareness of the prevalence of internet censorship and surveillance in their local communities and worldwide. Having spoken extensively to both policy makers and researchers over the past two years, and noting the impact of high profile intelligence revelations on public discourse worldwide, we have been strengthened in our conviction that access to timely, verifiable information, presented in an understandable fashion, is paramount to preserve the internet’s capability for innovation and self-expression in a globally connected world.

 

What progress have you made so far?
The Tor Project has developed a tool for collecting the measurements (https://gitweb.torproject.org/ooni-probe.git, https://gitweb.torproject.org/ooni-backend.git), a peer reviewed paper published (https://www.usenix.org/conference/foci12/workshop-program/presentation/filast%C3%B2) on the methodology used, specifications of the data format and the tests (https://github.com/TheTorProject/ooni-spec) and collected some results from a set of countries (https://ooni.torproject.org/reports/0.1/). Chokepoint Project has developed and is running a platform for the collection, processing, analysis and contextual presentation of data from multiple sources in near real-time, some live results can be seen here: https://beta.chokepointproject.net/country/CN?show=2014-03-13 , code is not publicly available as yet, it consists of collection, processing and analytics code as well as a distributable graphic presentation front-end. More about the Chokepoint Project´s approach here: https://chokepointproject.net/about-2/

 

What would be a successful outcome for your idea or project?
Improvement of the mitigation of censorship and interference, providing faster actionable information for policy makers, tool makers, publishers and journalists to counteract impediments on free speech and innovation. An improved, continuously up-to-date overview of what is censored where, how and by whom.

 
Who is on your team, and what are their relevant experiences or skills?
Arturo Filastò He is a developer at GlobaLeaks and The Tor Project. He studied Mathematics and is currently student of Computer Science at Università di Roma “La Sapienza”. He is a well known security researcher and regularly gives lectures at international conferences. He has trained activists in the use of security and censorship circumvention technologies. He is also the lead developer of OONI (Open Observatory of Network Interference), a project aimed at detecting and monitoring censorship in the world.

Pascal Haakmat Is an analyst at Chokepoint Project. He has studied Artificial Intelligence at the University of Amsterdam and is currently studying Law at the University of Amsterdam. He has several decades of experience as a programmer in both free/open source and proprietary environments. Prior to working at Chokepoint, Pascal has been employed as co-founder and CTO of the digital agency Lightmaker Amsterdam.

Ruben Bloemgarten is architect at Chokepoint Project. He has over 18 years of experience in information technology, the past 15 years as a systems engineer in the telecom industry and as an independent systems architect.

Laurier Rochon is a developer at Chokepoint Project. He has studied the socio-political impacts of Free Libre Open Source Software in the Networked Media Program of Rotterdam’s Piet Zwart Institute. He has experience working on both FLOSS and prorietary projects for the last 10 years.

Location

Rome, Italy; Amsterdam, The Netherlands; Montreal, Quebec, Canada