Antenna of Freedom and XtraNotes
Friday, 01 April 2011
The collection of information via intelligence appliances with the aid of modern technical procurement operations is one of the essential tasks of TRON-DELTA.ORG.

Therefore the ongoing search for new technologies to achieve this aim is essential. During that search our organization regularly makes use of a large amounts of diverse information sources, including thousands of RSS feeds, newsletters and forums of various websites [1]. Also, different information search systems, mainly in the form of specific person, image, or metasearch engines, are taken into account. Using these machines includes inter alia looking for a number of key words in various combinations, and using search engine compatible queries with logical conjunctions and Boolean operators. During a search commenced, members of staff found an article, on the right-wing website "Politically Incorrect", which primarily focuses on political issues.

Regardless of the political content of this magazine, which is not relevant for our organization nor was it for this research, the article "Plugin-weapon against one-sided reporting" with the keyword combination "reporting", "antenna", "plugin", "information" and "verify" aroused our attention. This combination is pretty unique and for that reason more than 40 days passed from the date when the article went online until our systems actually revealed it. In this course we were able to find even more sources on that topic, such as those of the online magazine "Blue Narcissus", that contained an article, about that yet unknown technology, called "Plagiarism warning! The digital weapon against one-sided reporting". Both articles contained a reference on the website "Antenna of Freedom", which was then subjected to scrutiny as a result. "Antenna of Freedom" can be downloaded from the creators' official website [2].

Through the "Install Now" tab a Firefox plugin along with a brief guide for installation, plus an installation recommendation, was visible for everyone. The functionality of that plugin was already known to us due to the the aforementioned articles. Interesting in this context was a first explicit indication that the plugin, apparently responsible for the aggregation of content, can be downloaded and used without registration or login, in an anonymous and free fashion. One paragraph expressly stated: "Also no IP addresses will be captured or saved. No one, including the participating blogs, has information on the number of users or user behavior". This was surprising considering the fact that the link tinyurl.com/6jsho9h with parameter "psn=123456" refered to the plugin on xtranotes.com [3]. The procedure itself is usual when users should not be given any direct information about the target of a hyperlink.

Another search for "xtranotes" lead to Layers4Web GmbH in Heidelberg, Germany. In stark contrast to the statement on "Antenna of Freedom", author and CEO Friedrich-Wilhelm Uthe of Layers4Web GmbH required users to register with the service on xtranotes.com. From the perspective of a potential user a lot of data was being collected, such as Name, address, zip code, city and state, without which a download and subsequent use of the plugin did not seem to be possible. It clearly appeared to be about revealing the full identity of a person, which in principle would have been possible already with a reduced number of unique attributes requested.

As a part of further investigation, two members of our organization have put the Firefox plugin "XtraNotes" to a more accurate code analysis. The contents of the file with the extension .xpi were unzipped like this can be done with an archive type of the extension .zip and then unpacked via "jar xf [4]. /xtranotes.jar" in a final step. Within the subdirectory "chrome/content/scripts" the file "xtranotes.js" resided, which was actually the core file of the plugin. In a series of string analyzes (e.g. "server", "send", "get", "onnect", "auth-token", "asswor", "this.execute", "SERVICE", "xtranotes.de", "es.de", "http", "es.com", "er.address", etc.), cross-comparisons, substitutions and other code-audit methods, about 2780 lines of code within the "./scripts" directory were finally evaluated.

The result was in fact not a surprise to our analysts. In several sections of the core scripts, connections to the main server of Layers4Web GmbH were ment to be established [5]. Without going too much into technical details, the main problem of "XtraNotes" in essence is, that one can create complete user profiles from both the operator side and also on the side of the participating websites. From the operator's point of view this is possible, because by the usage/call of the plugin's base functions (e.g. "CMD_LOAD_PAGE_INFO", "CMD_LOGIN", "CMD_NOTIFY_NOTE_- VIEWED", etc.), the transfer of various amounts of data takes place within persistent sessions. This, of course happens while the registration data that resides within the plugin's configuration is loaded. Even in the case of use without prior registration on xtranotes.com, such as recommended by "Antenna of Freedom", any given participating website could still create user profiles, albeit sometimes semi-anonymously.

In any case such tracking of user activity would also be possible, by analyzing the referrer (RFC 2616) with the help of web server log files or, simply by the use of so-called "evercookies" [6]. In both cases the creation of considerable user profiles would be possible. From the perspective of an intelligence organization like TRON-DELTA.ORG such a technology would be quite useful for our adversaries, in addition to the ones they already employ.

References:
Last Updated (Friday, 01 April 2011)
 
 
Folding@Home
 

DOCUMENT TIME

  2017-11-20  ☀  16:00 UTC

CYBER THREATCON

  ✛ΔO CYBER THREATCON: Level BETA

SECURITY MODULE

  ᐅ REQUESTOR / YOU
  ᐊ 1&1 INTR. AG  CDN

POLL / VOTE

Should ✛ΔO engage more in counter-intelligence?
⚫ Yes, there is a need for such operations.
⚫ No, because it may be very dangerous.

BOOKMARK

Press Cmd or Ctrl + D
Press Cmd or Ctrl + D

STATISTICS

  Visitors: 642.250+ ℮

CAMPAIGNS

  25 Years of Linux

TECHNOLOGY BASE

COAT OF ARMS

  Code Of Arms: Frankfurt

OPERATING STATUS

  Facility: open and operating
 
©  2003 - 2017   TRON-DELTA.ORG  (NGO)   –   Nongovernmental  Intelligence  Organization
Portal v5.05.143 R 2 on ✛ΔO LXCMS v1.1