Home & Office

Anonymize for safety, Cottrell tells feds

Unprotected visits to groups' sites can result in DDoS attacks, physical identification of agents, and inadvertant exposure of secrets, Anonymizer founder tells FOSE.
Written by ZDNet UK, Contributor

When you're surfing the Web, you're basically hanging out there naked. Your computer will expose your IP address for any and every site to log. The fact that it is being logged, as well as your search history, your online purchasing records, and just about everything else imaginable, gives some users cause for concern. That's nothing, Lance Cottrell, founder of Anonymizer, told the FOSE federal computer trade show, according to Government Computer News.

Federal employees and agents researching terrorist activity online frequently expose themselves to terror techies, with dire consequences, Cottrell said.

The criminal and terrorist organizations also increasingly are blocking all traffic from North America or from Internet Protocol addresses that point back to users who rely on the English language. ...  Among the risks of the terrorist cloaking practice are that the organizations can provide bogus passwords to covert meetings. By doing so they can pinpoint federal intelligence agents who attend the meetings, making them vulnerable to being kidnapped or becoming the unwitting carriers of false information, Cottrell said.

Cottrell told about some of the scams he has helped crack and the vulnerabilities he's exposed.

  • In one, hackers predefined set critera for their members - for instance, Linux and the Netscape browser. When the site is visited by a Windows PC running IE, "the hackers' system immediately mounted a distributed denial-of-service attack against the federal system."
  • Cottrell said his company had helped humanitarian activists in the former Yugoslav republic of Kosovo shield themselves from attacks by paramilitary goons employed by Serbian strongman Slobodan Miloševi?. The Miloševi? paramilitaries were using the activists' IP addresses to pinpoint their physical locations and follow up with attacks aimed at preventing the activists' campaigns against specific human rights abuses.
  • Cottrell described a situation in which Anonymizer employees had worked on a Navy aircraft carrier that allowed sailors to access the Web. He noted that by analyzing Web traffic that could be traced back to that ship via the IP addresses of its public browsers, hostile intelligence services could determine the name of the ship, the port it was visiting and other information.
Cottrell called for government IT managers to carefully consider such risks and the benefits of his company's offerings, software that stops users' IP addresses from being broadcast to servers.



Editorial standards