RE: interesting thread about UltraSurf
cutting to the chase heres what UltraSurf proxy software actually does.
Quote:It will be included in my Blackhat talk in vegas.
We gave the talk so here is the answer:
UltraSurf and Gtunnel and likely all products put out by the Global Internet Freedom Consortium / Internet Freedom.org, are infact secret trojans. They give you a 1-hop proxy but use your system to launch attacks against financial institutions, government and energy websites, education, etc. Now here is the scary thing, if you are logged into one of these domains, like your bank, then they can get access to your authenticated session / cookie and potentially break right into your account, THROUGH YOUR OWN COMPUTER.
Imagine if someone with a sensitive US position used ultrasurf. Suddenly their military login has been compromised. Not likely? They've been around twice as long as tor, and this exact thing happened on tor last year (see dan egerstadt).
It gets better, any site you visit using the program,turns off SSL cert checking so they can perform MITM and watch your entire session and logins. It is also capable of auto-updating, and spiders into your system when you install it, capturing not only IE but now Firefox and DNS and most other traffic. So everything you are doing, they have access to and may be logging and using against you.
GIFC / Internet Freedom org are a huge scam. They are likely run by by a private chinese intelligence firm to monitor dissidents and us citizens while attacking critical infrastructure in the USA and Taiwan. They have fooled everyone for nearly a decade, and are seeking a $40m grant as an internet anti-censorship software.
We have proof, wireshark logs, video, live audit, and a list of their attack patterns. Special thanks to Moxie Marlinspike for assistance.
For those of you who don't know what the audit means:
1. UltraSurf scans military, financial, educational, and critical infrastructure sites, using your real home IP address, immediately flagging you personally to any firewall and alerting any surveillance. This is extreme anti-anonymity, the exact opposite of what the software is purported to do.
2. UltraSurf turns off SSL Certificate Checking, which is an outrageously gross violation of security protocol and means your browser will accept any certificate, including forged ones, to make it possible to perform Man In The Middle attacks. If only someone had a proxy network where they could inject traffic they could slurp up all your credentials and watch your sessions... oh wait, that is exactly what Ultra Surf does.
There are tons of questionable things about UltraSurf, such as that all past versions of them set off trojan virus alarms; but none of the above are questionable, possibly legitimate things. They are absolutely damning, with no room for contention or plausibility.
What you see right now from UltraSurf behavior is landscape surveillance. This is the first step in cyber-warfare. You need to know your surroundings and establish surveillance over critical infrastructure.
UltraSurf is equipped with a sort of remote auto-update feature. It gets it's targets from a sophisticated distribution system offloaded to Google. It uses an encrypted RSS feed in Google Reader. It appears that the Google Reader encrypted feed is for Google Docs URLs. The Google Docs documents are encrypted blocks that UltraSurf likely decodes and contains the new targets. Another operating procedure of cyber-warfare is the executive. Potentially, with the flip of a switch, it could go from "scan" to "attack".
btw, dw246 is right about gov resources. They are very limited and inefficient to say the least. When we showed this to the FBI six months ago and asked when we could expect results, they told us they "Move at the speed of justice." Now let's differentiate... the FBI isn't the same caliber or field as DoD Cyber-warfare / DIA / NSA. FBI are just federal police, DoD is massive and disjointed, and the NSA et al are cloaky intelligence gathering orgs. And it is no secret that the US needs lots and lots of help and resources in cyber-warfare.
Pretty nasty piece of software that advocates Privacy, Security and Freedom.
Anyone willing to give it a try ?