If you want to use Tor, then Tails is your best friend. Tails is a version of Linux that sends data through the Tor network.

All Internet traffic to/from Tails goes through Tor, making it resistant to end user mistakes. Tails is not normally installed on a computer, instead it's run from a bootable DVD, USB flash drive or flash memory card. Compared to the Tor Browser Bundle, Tails is unquestionably the way to go. Ed Snowden uses it.

A new version of Tails, version 1.1, was released on July 22, 2014 with bug fixes. On top of that, security firm Exodus Intel announced that they discovered bugs in this just-released version.

All of this is par for the course.

There is, however, another, less obvious, danger for Tails users - the Tails website (tails.boum.org) itself.

Lets take a step back.

If I ran a spy agency, the users of Tails Linux would be among the people I most wanted to spy on. Simply by using Tails, they have declared to the world that they want to hide something. As a spy, I would try to trick people into downloading a spyware-infested copy of Tails.

A great way to do that, would be to create a scam copy of tails.boum.org. An evil twin, if you will.

One of the most recent NSA revelations by Glenn Greenwald, on July 14th, was about GCHQ’s Joint Threat Research Intelligence Group (JTRIG). Greenwald published a catalog of their assorted tools and techniques. One of the tools in the catalog is called HAVOK. It is the second item on page 8 of the document. HAVOK does "real time website cloning with on-the-fly alterations."

I have no idea if there is an evil twin of tails.boum.org, but if there were, re-directing people to it, would be fairly easy.

As I discussed a few days ago in my HOPEX conference presentation (Securing a Home Router), a compromised router can easily re-direct victims to evil twin websites. And compromising a router is easier than it should be.

The classic attack on home routers is to change the DNS servers. Thus, rather than resolving tails.boum.org to 204.13.164.188, it resolves it to 1.2.3.4, the IP address of the scam copy of the Tails website. This would fool almost all users of Tails.

Techies may configure their computers to use specific DNS servers, perhaps those from Google or OpenDNS. At first glance this seems to offer protection from a router configured with malicious DNS servers.

But the router may have its firmware compromised too, and DNS requests are easily identified (UDP on port 53). Compromised firmware could process 99.99% of DNS requests normally, but when it sees a request for tails.boum.org, it could reply itself with 1.2.3.4 (the IP address of the evil twin website). That is, the DNS request to resolve tails.boum.org might never make it out to the Internet at all.

Techies may also try to avoid DNS completely and directly access tails.boum.org at 204.13.164.188. There are three issues with this.

1. How does anyone know the legitimate IP address of tails.boum.org?

2. A compromised router may look at outgoing traffic and change any reference to 204.13.164.188 to 1.2.3.4 (evil twin website)

3. Even if the router is not compromised, the Internet Service Provider (ISP) may be. ISP routers may be influenced by a spy agency to send people to the evil twin website.

Then too, the computer used to download Tails may itself be infected with malware that re-directs the end user to an evil twin website.

This, however, does not scale well and is more likely to be detected. That said, the safest computer to download Tails from, is a Chromebook running in guest mode. After downloading the ISO, it will have to be moved to another machine however, to make the bootable media.

The Tails website does not address the issue of validating itself. Then again, how could it? Needless to say, any scam website will offer instructions that prove the scam site is legitimate.

What's needed is what techies call an out-of-band solution. Simply put, getting a second opinion.

Other trusted websites have to tell us how to validate tails.boum.org.

The classic way that websites prove their identity is with a digital certificate. Secure web pages send the web browser a certificate/file carrying a promise from another company that it's legit. Secure website providers have to pay for that promise and many companies are in the business of selling promises; they are called Certificate Authorities or CAs.

But the Certificate Authority system is brutally flawed.

For example, the copy of tails.boum.org that I see, has a certificate from Gandi SAS. There is no way for anyone to know that the Tails developers actually contracted with Gandi. For all we know, their actual certificates carry a promise from DigiNotar and the Gandi certificate is a fraud.

On top of this, the CA system requires that we trust hundreds of different CAs. Most people have no idea who they are. Heck, even getting the list of trusted CAs built into your web browser or operating system is nearly impossible. Steve Gibson's classic example of a trusted Certificate Authority is the Hong Kong Post Office. That pretty much says it all.

Techies may point out that tails.boum.org supports HSTS (HTTPS Strict Transport Security) to insure that all web pages it serves use SSL/TLS. But HSTS does not insure that the digital certificate is from the correct Certificate Authority. It is reasonable to assume that a US government spy agency can issue its own, technically valid yet fraudulent, certificates. HSTS does not prevent an encrypted connection to an evil twin website.

Back in April of 2013 Steve Gibson tried to address this issue by offering a second opinion on the fingerprint of digital certificates. I blogged about it at the time.

Simply put, his server, with a direct connection to the Internet, reports on the fingerprint of the digital certificate for any website you chose to check. A certificate has many fields and lots of data, but the fingerprint serves as a unique serial number. You can compare the fingerprint Gibson's server was given with the one in your browser and, if all is well, they should be the same.

In retrospect, I'm not sure that Gibson was pessimistic enough. His system was, after all, created prior to the Edward Snowden NSA revelations. He might have a high enough profile that his server warrants special treatment by a spy agency. Still, I recommend using it. It is the only independent audit we have.

We need trusted organizations to validate that the copy of tails.boum.org we see in our browsers is the real deal. Specifically, we need to know:

The IP address of tails.boum.org

The Certificate Authority that vouches for the site

Whether the certificate is a regular one or extended validation (seems to be regular)

The issue date and expiration date of the certificate

Some way to insure that the certificate we see in our browser is the right one. Perhaps the serial number of the certificate or its MD5 fingerprint or its SHA1 fingerprint.**

Who might provide this information? Perhaps the EFF, Pro Publica, The Intercept (or its parent First Look), the ACLU, the Freedom of the Press Foundation, the mainstream media?

Don't get your hopes up.

UPDATE: July 25, 2014. Some have pointed out that this issue is not unique to Tails, which is true. But tails.boum.org is among the most important websites. That's why I used it as an example in my HOPE presentation. DNS poisoning has been used to send victims to scam banking sites to capture passwords. But some people depend on Tails Linux for things more important than even banking passwords. And, what of the miserable authentication scheme embodied in Certificate Authorities? Techies know how broken the system is. By not advertising the flaws over and over, techies contribute to the scam.

* My HOPEX presentation on Securing a Home Router is available at my personal website michaelhorowitz.com, right at the top of the home page.

** Frankly, choosing between these three seemingly unique identifiers is where my technical understanding of digital certificates ends

For what it's worth, the SHA1 fingerprint that Gibson reported for tails.boum.org today is:

78:F1:3B:80:FA:77:35:74:18:87:59:D3:64:86:03:13:0B:91:CD:4D

This matched the one in my browser