Anonymity and the need for privacy are often associated with suspicious or even criminal activity. For instance, in the Cyber Security sector, one of the major challenges around breach detection and attribution is the fact that most attackers use technologies such as the TOR network, VPN providers, and encryption. There are other much more ethical reasons why an individual would need to use such tools, however. Think of a human rights activist within a country controlled by a suppressive regime. In such cases preserving anonymity is sometimes a matter of life and death.
Cyber Security professionals sometimes need to preserve their anonymity as well. When gathering threat intelligence from unofficial sources, it is best practice to operate in such a manner that the operator of the system hosting the intelligence cannot trace the collector back to their source. A malware author or a DDoS-as-a-Service operator could monitor visitors to their hosted information for instance and change tactics or even hide their services from being visible to the interested threat intelligence gatherer altogether. As an example, quite often malware hosting infrastructure servers block any connection from IP ranges belonging to certain targeted companies.
The need for legitimate anonymous internet access becomes especially important when dealing with dynamic malware analysis systems such as Cuckoo sandboxes. These systems can optionally reach out to the internet when a first stage malware sample tries to connect to a server to download its second stage. These outgoing, so-called “dirty-lines” need to be untraceable otherwise the malware controller could learn their code is detected and is being analyzed and act.
Traditional tools to preserve privacy and anonymity have mainly focused on rerouting the traffic via public nodes such as exit nodes on the TOR network or (usually paid) VPN services. This usually works quite well. VPN services (Read more...)
*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Frank Siemons. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/iVHdeWbEspE/