All Internet traffic to/from Tails goes through Tor, making it resistant to end user mistakes. Tails is not normally installed on a computer, instead it's run from a bootable DVD, USB flash drive or flash memory card. Compared to the Tor Browser Bundle, Tails is unquestionably the way to go. Ed Snowden uses it.
All of this is par for the course.
There is, however, another, less obvious, danger for Tails users - the Tails website (tails.boum.org) itself.
Lets take a step back.
If I ran a spy agency, the users of Tails Linux would be among the people I most wanted to spy on. Simply by using Tails, they have declared to the world that they want to hide something. As a spy, I would try to trick people into downloading a spyware-infested copy of Tails.
A great way to do that, would be to create a scam copy of tails.boum.org. An evil twin, if you will.
One of the most recent NSA revelations by Glenn Greenwald, on July 14th, was about GCHQ’s Joint Threat Research Intelligence Group (JTRIG). Greenwald published a catalog of their assorted tools and techniques. One of the tools in the catalog is called HAVOK. It is the second item on page 8 of the document. HAVOK does "real time website cloning with on-the-fly alterations."
I have no idea if there is an evil twin of tails.boum.org, but if there were, re-directing people to it, would be fairly easy.
As I discussed a few days ago in my HOPEX conference presentation (Securing a Home Router), a compromised router can easily re-direct victims to evil twin websites. And compromising a router is easier than it should be.
The classic attack on home routers is to change the DNS servers. Thus, rather than resolving tails.boum.org to 22.214.171.124, it resolves it to 126.96.36.199, the IP address of the scam copy of the Tails website. This would fool almost all users of Tails.
Techies may configure their computers to use specific DNS servers, perhaps those from Google or OpenDNS. At first glance this seems to offer protection from a router configured with malicious DNS servers.
But the router may have its firmware compromised too, and DNS requests are easily identified (UDP on port 53). Compromised firmware could process 99.99% of DNS requests normally, but when it sees a request for tails.boum.org, it could reply itself with 188.8.131.52 (the IP address of the evil twin website). That is, the DNS request to resolve tails.boum.org might never make it out to the Internet at all.
Techies may also try to avoid DNS completely and directly access tails.boum.org at 184.108.40.206. There are three issues with this.
1. How does anyone know the legitimate IP address of tails.boum.org?
2. A compromised router may look at outgoing traffic and change any reference to 220.127.116.11 to 18.104.22.168 (evil twin website)
3. Even if the router is not compromised, the Internet Service Provider (ISP) may be. ISP routers may be influenced by a spy agency to send people to the evil twin website.
Then too, the computer used to download Tails may itself be infected with malware that re-directs the end user to an evil twin website.
This, however, does not scale well and is more likely to be detected. That said, the safest computer to download Tails from, is a Chromebook running in guest mode. After downloading the ISO, it will have to be moved to another machine however, to make the bootable media.
The Tails website does not address the issue of validating itself. Then again, how could it? Needless to say, any scam website will offer instructions that prove the scam site is legitimate.
What's needed is what techies call an out-of-band solution. Simply put, getting a second opinion.
Other trusted websites have to tell us how to validate tails.boum.org.
The classic way that websites prove their identity is with a digital certificate. Secure web pages send the web browser a certificate/file carrying a promise from another company that it's legit. Secure website providers have to pay for that promise and many companies are in the business of selling promises; they are called Certificate Authorities or CAs.
But the Certificate Authority system is brutally flawed.
For example, the copy of tails.boum.org that I see, has a certificate from Gandi SAS. There is no way for anyone to know that the Tails developers actually contracted with Gandi. For all we know, their actual certificates carry a promise from DigiNotar and the Gandi certificate is a fraud.
On top of this, the CA system requires that we trust hundreds of different CAs. Most people have no idea who they are. Heck, even getting the list of trusted CAs built into your web browser or operating system is nearly impossible. Steve Gibson's classic example of a trusted Certificate Authority is the Hong Kong Post Office. That pretty much says it all.
Techies may point out that tails.boum.org supports HSTS (HTTPS Strict Transport Security) to insure that all web pages it serves use SSL/TLS. But HSTS does not insure that the digital certificate is from the correct Certificate Authority. It is reasonable to assume that a US government spy agency can issue its own, technically valid yet fraudulent, certificates. HSTS does not prevent an encrypted connection to an evil twin website.
Simply put, his server, with a direct connection to the Internet, reports on the fingerprint of the digital certificate for any website you chose to check. A certificate has many fields and lots of data, but the fingerprint serves as a unique serial number. You can compare the fingerprint Gibson's server was given with the one in your browser and, if all is well, they should be the same.
In retrospect, I'm not sure that Gibson was pessimistic enough. His system was, after all, created prior to the Edward Snowden NSA revelations. He might have a high enough profile that his server warrants special treatment by a spy agency. Still, I recommend using it. It is the only independent audit we have.
We need trusted organizations to validate that the copy of tails.boum.org we see in our browsers is the real deal. Specifically, we need to know:
- The IP address of tails.boum.org
- The Certificate Authority that vouches for the site
- Whether the certificate is a regular one or extended validation (seems to be regular)
- The issue date and expiration date of the certificate
- Some way to insure that the certificate we see in our browser is the right one. Perhaps the serial number of the certificate or its MD5 fingerprint or its SHA1 fingerprint.**
Don't get your hopes up.
UPDATE: July 25, 2014. Some have pointed out that this issue is not unique to Tails, which is true. But tails.boum.org is among the most important websites. That's why I used it as an example in my HOPE presentation. DNS poisoning has been used to send victims to scam banking sites to capture passwords. But some people depend on Tails Linux for things more important than even banking passwords. And, what of the miserable authentication scheme embodied in Certificate Authorities? Techies know how broken the system is. By not advertising the flaws over and over, techies contribute to the scam.
** Frankly, choosing between these three seemingly unique identifiers is where my technical understanding of digital certificates ends
For what it's worth, the SHA1 fingerprint that Gibson reported for tails.boum.org today is:
This matched the one in my browser