Tor Traffic Confirmation Attack -Roger Dingledine Report SUMMARY: On July 4 2014 we found a group of relays that we assume were trying to deanonymize users. They appear to have been targeting people who operate or access Tor hidden services. The attack involved modifying Tor protocol headers to do traffic confirmation attacks. The attacking relays joined the network on January 30 2014, and we removed them from the network on July 4. While we don't know when they started doing the attack, users who operated or accessed hidden services from early February through July 4 should assume they were affected. Unfortunately, it's still unclear what "affected" includes. We know the attack looked for users who fetched hidden service descriptors, but the attackers likely were not able to see any application-level traffic (e.g. what pages were loaded or even whether users visited the hidden service they looked up). The attack probably also tried to learn who published hidden service descriptors, which would allow the attackers to learn the location of that hidden service. In theory the attack could also be used to link users to their destinations on normal Tor circuits too, but we found no evidence that the attackers operated any exit relays, making this attack less likely. And finally, we don't know how much data the attackers kept, and due to the way the attack was deployed (more details below), their protocol header modifications might have aided other attackers in deanonymizing users too. Relays should upgrade to a recent Tor release (0.2.4.23 or 0.2.5.6-alpha), to close the particular protocol vulnerability the attackers used -- but remember that preventing traffic confirmation in general remains an open research problem. Clients that upgrade (once new Tor Browser releases are ready) will take another step towards limiting the number of entry guards that are in a position to see their traffic, thus reducing the damage from future attacks like this one. Hidden service operators should consider changing the location of their hidden service. THE TECHNICAL DETAILS: We believe they used a combination of two classes of attacks: a traffic confirmation attack and a Sybil attack. A traffic confirmation attack is possible when the attacker controls or observes the relays on both ends of a Tor circuit and then compares traffic timing, volume, or other characteristics to conclude that the two relays are indeed on the same circuit. If the first relay in the circuit (called the "entry guard") knows the IP address of the user, and the last relay in the circuit knows the resource or destination she is accessing, then together they can deanonymize her. You can read more about traffic confirmation attacks, including pointers to many research papers, at this blog post from 2009: https://blog.torproject.org/blog/one-cell-enough The particular confirmation attack they used was an active attack where the relay on one end injects a signal into the Tor protocol headers, and then the relay on the other end reads the signal. These attacking relays were stable enough to get the HSDir ("suitable for hidden service directory") and Guard ("suitable for being an entry guard") consensus flags: https://gitweb.torproject.org/torspec.git/blob/HEAD:/dir-spec.txt#l1775 Then they injected the signal whenever they were used as a hidden service directory, and looked for an injected signal whenever they were used as an entry guard. The way they injected the signal was by sending sequences of "relay" vs "relay early" commands down the circuit, to encode the message they want to send. For background, Tor has two types of cells: link cells, which are intended for the adjacent relay in the circuit, and relay cells, which are passed to the other end of the circuit. https://gitweb.torproject.org/torspec.git/blob/HEAD:/tor-spec.txt#l364 In 2008 we added a new kind of relay cell, called a "relay early" cell, which is used to prevent people from building very long paths in the Tor network (very long paths can be used to induce congestion and aid in breaking anonymity): http://freehaven.net/anonbib/#congestion-longpaths https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/110-avoid-infinite-circuits.txt But the fix for infinite-length paths introduced a problem with accessing hidden services: https://trac.torproject.org/projects/tor/ticket/1038 and one of the side effects of our fix for bug 1038 was that while we limit the number of outbound (away from the client) "relay early" cells on a circuit, we don't limit the number of inbound (towards the client) relay early cells: https://lists.torproject.org/pipermail/tor-commits/2009-July/014679.html So in summary, when Tor clients contacted an attacking relay in its role as a Hidden Service Directory to publish or retrieve a hidden service descriptor (steps 2 and 3 on https://www.torproject.org/docs/hidden-services), that relay would send the hidden service name (encoded as a pattern of relay and relay-early cells) back down the circuit. Other attacking relays, when they get chosen for the first hop of a circuit, would look for inbound relay-early cells (since nobody else sends them) and would thus learn which clients requested information about a hidden service. There are three important points about this attack: A) The attacker encoded the name of the hidden service in the injected signal (as opposed to, say, sending a random number and keeping a local list mapping random number to hidden service name). The encoded signal is encrypted as it is sent over the TLS channel between relays. However, this signal would be easy to read and interpret by anybody who runs a relay and receives the encoded traffic. And we might also worry about a global adversary (e.g. a large intelligence agency) that records Internet traffic at the entry guards and then tries to break Tor's link encryption. The way this attack was performed weakens Tor's anonymity against these other potential attackers too -- either while it was happening or after the fact if they have traffic logs. So if the attack was a research project (i.e. not intentionally malicious), it was deployed in an irresponsible way because it puts users at risk indefinitely into the future. (This concern is in addition to the general issue that it's probably unwise from a legal perspective for researchers to attack real users by modifying their traffic on one end and wiretapping it on the other. Tools like Shadow are great for testing Tor research ideas out in the lab: http://shadow.github.io/ ) B) This protocol header signal injection attack is actually pretty neat from a research perspective, in that it's a bit different from previous tagging attacks which targeted the application-level payload. Previous tagging attacks modified the payload at the entry guard, and then looked for a modified payload at the exit relay (which can see the decrypted payload). Those attacks don't work in the other direction (from the exit relay back towards the client), because the payload is still encrypted at the entry guard. But because this new approach modifies ("tags") the cell headers rather than the payload, every relay in the path can see the tag. C) We should remind readers that while this particular variant of the traffic confirmation attack allows high-confidence and efficient correlation, the general class of passive (statistical) traffic confirmation attacks remains unsolved and would likely have worked just fine here. So the good news is traffic confirmation attacks aren't new or surprising, but the bad news is that they still work. See https://blog.torproject.org/blog/one-cell-enough for more discussion. Then the second class of attack they used, in conjunction with their traffic confirmation attack, was a standard Sybil attack -- they signed up around 115 fast non-exit relays, all running on 18.104.22.168/16 or 22.214.171.124/16. Together these relays summed to about 6.4% of the Guard capacity in the network. Then, in part because of our current guard rotation parameters: https://blog.torproject.org/blog/improving-tors-anonymity-changing-guard-parameters these relays became entry guards for a significant chunk of users over their five months of operation. We actually noticed these relays when they joined the network, since the DocTor scanner reported them: https://lists.torproject.org/pipermail/tor-consensus-health/2014-January/004134.html https://gitweb.torproject.org/doctor.git We considered the set of new relays at the time, and made a decision that it wasn't that large a fraction of the network. It's clear there's room for improvement in terms of how to let the Tor network grow while also ensuring we maintain social connections with the operators of all large groups of relays. (In general having a widely diverse set of relay locations and relay operators, yet not allowing any bad relays in, seems like a hard problem; on the other hand our detection scripts did notice them in this case, so there's hope for a better solution here.) In response, we've taken the following short-term steps: 1) Removed the attacking relays from the network. 2) Put out a software update for relays to prevent "relay early" cells from being used this way. 3) Put out a software update that will (once enough clients have upgraded) let us tell clients to move to using one entry guard rather than three, to reduce exposure to relays over time. 4) Clients can tell whether they've received a relay or relay-cell. For expert users, the new Tor version warns you in your logs if a relay on your path injects any relay-early cells: look for the phrase "Received an inbound RELAY_EARLY cell". The following longer-term research areas remain: 5) Further growing the Tor network and diversity of relay operators, which will reduce the impact from an adversary of a given size. 6) Exploring better mechanisms, e.g. social connections, to limit the impact from a malicious set of relays. We've also formed a group to pay more attention to suspicious relays in the network: https://blog.torproject.org/blog/how-report-bad-relays 7) Further reducing exposure to guards over time, perhaps by extending the guard rotation lifetime: https://blog.torproject.org/blog/lifecycle-of-a-new-relay https://blog.torproject.org/blog/improving-tors-anonymity-changing-guard-parameters 8) Better understanding statistical traffic correlation attacks and whether padding or other approaches can mitigate them. 9) Improving the hidden service design, including making it harder for relays serving as hidden service directory points to learn what hidden service address they're handling: https://blog.torproject.org/blog/hidden-services-need-some-love OPEN QUESTIONS: Q1) Was this the Black Hat 2014 talk that got canceled recently? Q2) Did we find all the malicious relays? Q3) Did the malicious relays inject the signal at any points besides the HSDir position? Q4) What data did the attackers keep, and are they going to destroy it? How have they protected the data (if any) while storing it? Great questions. We spent several months trying to extract information from the researchers who were going to give the Black Hat talk, and eventually we did get some hints from them about how "relay early" cells could be used for traffic confirmation attacks, which is how we started looking for the attacks in the wild. They haven't answered our emails lately, so we don't know for sure, but it seems likely that the answer to Q1 is "yes". In fact, we hope they *were* the ones doing the attacks, since otherwise it means somebody else was. We don't yet know the answers to Q2, Q3, or Q4.
gAtO hEaR _UPDATE-
Sudden rise in direct Tor users
On Tuesday 27th, Roger Dingledine drew attention to the huge increase of Tor clients running . It seems that their number has doubled since August 19th according to the count of directly connecting users . According to Roger this is not just a fluke in the metrics data. The extra load on the directory authorities is clearly visible , but it does not look that the overall network performance are affected so far . The cause is still unknown, but there are already speculations about the Pirate Browser  or the new “anti-piracy” law in Russia which is in force since August, 1st . As Roger pointed out, ?some good solid facts would sure be useful.?
Ever since the the NSA Prism program came out something else is going on in Tor. People want privacy and they will use anything they can to get it. Tor is one solution that a lot of people know about but there are other factors about the increase.
Piratebay.sx and it’s users are doing a lot more stuff with the new browser – There has not been a sustained increase in search traffic for the Pirate Browser on Google. Tor and “Tor browser” haven’t shown a spike in search, either. Could it be from users in Syria? Also note that the Google Play Store has been unblocked in Iran, allowing distribution of Orbot/Orweb in that country to phones with the Play Store app installed (partial bootstrapping problem).
Syria had a spike from 1000 to 4000 but that’s a tiny fraction of the recent increase. Iran doubled from 4000 to 8000 which is also only a part of the increase. Is there a page listing each graph by country or overlapping them all?
The Tor Project also pushed out Orbot v12 to Google Play in the last few weeks – 2 separate updates. That would not account for all of the increase, but it could have prodded enough existing users who had not used Orbot in awhile to start the app up again. We have also seen about 75,000 new installs over the last 3 months.
So we have a lot of factors as the Tor network grows larger everyday– gATo oUt
gAtO – reading about tools to enable business to have a proactive intelligence of the dark web for an “ Active Defense”. This new model includes not only traditional but unconventional methods using OSINT to gather the intelligence needed.
Companies are getting sick and tired after years of focusing mainly on the defensive postures like malware used in data breaches and financially motivated hacks, some security experts have begun to turn the spotlight on the attacker himself, attempting to profile the bad actors stealing your blueprints or customer credit card numbers, or leaking your usernames and passwords on Pastebin.
The facts are that corporations are spending millions of dollars in defense and defense-in-depth and best practices, and it’s still not helping. With the new active defense we’re making the adversary earn their medals, but they are still getting in. It may take two days now instead of one but we have a fighting chance.
The corporate world have defense and now adding this new model Active Defense (means = offensive) now you need a little dark web intelligence to bind the two together – gAtO OuT
gAtO pLaYiNg with words in Tor– We just simply counted the number of times a word appeared in our search engine by pages- this is something every search engine does but what it gave us was a picture of what Tor really is. It’s not all crime and ugly but information is number one in Tor. Exactly what it’s supposed to be. Tor was created to share information from the table below we see lot’s of stuff inside Tor.
Tor word data points: We put this report together to see what our word count occurrence was, in our crawled data so far. The chart below gives an interesting picture of the Tor data points that it generates.
We are finding that these are the best categories to put our websites into. The words by site occurrence speaks volumes to understand trends in Tor. For example it shows i2p network in Tor 2 notices above drugs in Tor. Because i2p is fast being intwined with Tor to get better anonymity.
- These are real data point based on 3/27/2013-4/3/2013 – this is a live report from our crawls.
- As we crawl and add more data our picture will change as to the landscape of Tor.
- Bitcoins is the fourth most popular word – currency in the Dark Web is number 1
- Bitcoins are above SEX tell us volumes in that bit coins are the normal exchange currency in Tor.
- Fraud and piracy are the lowest were we would except it to be much higher, People trust more in Tor.
This map does tell us that crime is everywhere in Tor at a more alarming rate than we though.
We are doing the same in the e-mail we found in Tor. In the email table is a place where we can get a better picture of emails in the Tor network. Not all of them go to tormail.org as we thought. As mentioned more i2p and connections with other anonymous networks seems to be a trend, as the growth rate of Tor users increase so is the technical base and more sophisticated users will come on board.
Hope this gives you a better picture of Tor. -gAtO oUt
gAtO ThInKiNg – a car GPS works very simple, It takes the delay time from one geo-positioned satellite and compares is to another geo-positional satellite and estimates the position of the GPS in my CAR – I think they call it satellite triangulation or something cool, it’s been done with radios to guide pilots navigate ever since they developed radios. We do it with satellite and we can use networks too.
With a simple command you can get the time it takes to crawl a website, so you have one server in the U.S one is South America, one in Europe and one in Asia and we run the same command getting the delays from each location. I bet with a little math and some basic network tools we could figure out the geo-location of any given website in Tor. One of my good mentors told me that in my crawls I was capturing timing information, we all see timing information with a simple ping command in the clear web but in Tor – UDP is unsupported so it does not work -//- we must take into account the Tor network thru-put and utilization bit that’s easy to get from a number of Tor tools.
Reverse triangulation of a network server should be easy to find with a little math, just take a good sample and the longer you wait the more data you collect and the better the chance you can find a geo-location of a website. We do this in the clear web all the time we can see bad areas of the world that are bad spammers, and other like mail from Africa Prince Scams offering you millions if you send them some money to cover the transfer, or Russian and Chinese phishing attacks. So we know geo-location and some IP are more prime to bad actors and we can draw a profile, a geo-location of a place and/or country or an ISP so not having the IP of a Tor server may not be neededto find them we could use network triangulation. “triangulated irregular network ” So the same thing can be done with networks and timing delays of data back and forth from a // client <–> Tor OR <–>server.
I got a crazy Idea that may or may-not work, but it sounds good—// so— Now if I can only find a government grant and a good math major to help out and we have a big business model to find the bad guy’s geo-location even in Tor – gAtO oUt…
gAtO iS CrAwLliNg websites-We just completed our new crawl of Tor URL that we found. We started with 2,000 URL’s and we got about 550 positives from this first run. This will change since some sites go up and down for no rhyme or reason. I went back to verify one site that my crawl picked up with all kinds of good information but later when I went back it would not come up. So this is an ongoing thing in order to map out all of Tor’s hidden service websites. From the preliminary data Pedo sites are about 18% of the sites we discovered another 4-6% guns and assassins and another 14-16% of different criminal type’s of sites or scams. So that is over 36% of the sites we found were criminal type, that is not good for anyone.
Tor is an excellent software for being private and having some level of safety but this new light is not good for the people that want to use Tor and the Dark Web to do good things and positive things. Now we see that the bad guys are all over Tor-Dark Web we hope this list will help it become better.
This list is only available to Law enforcement, governments and selected security companies, you must be verified first before you can get a hold of this list of Onion websites in Tor. This is not a free list (we have to recover our cost of r&d) and this is only the first steps we have gained over 12,000 new URL in Tor from this crawl and will be doing more crawls and adding more information to the list.
What really freaked us out was the undocumented website that are not in any hidden wiki in Tor and the number of them being put out by criminals. Now some of the other information that we collected see list below will give us a baseline like — Last-Modified: — will give us an indication of how active they are. The —Server: & Web Application:— will give us the web app they use and from the looks of things some are vulnerable to all kinds of hacking attacks. Tor websites are the same as any site and if you don’t update your website, well your vulnerable to hacking from anyone and in Tor you don’t have a clue because they are protected just like the site.
This will be an ongoing crawl for the next year or so, so expect the list to grow and as new data is collected more will be revealed about the how, and the use of Tor and who uses Tor will become not just theories but facts that we can verify – gAtO OuT
Internal URL’s –
[size_upload] => 0
[size_download] => 124
[speed_download] => 7
Cyber Women please stand Up
CSI creator launch a new Cybergeddon Yahoo Show GREAT –http://cybergeddon.yahoo.com
Pierluigi and gAtO met with Dare To Pass – CSI – Anthony e. Zuiker, Matthew Weinberg and Josh Cadwell to talk about the new Cyber sensation Cybergeddon in Yahoo. I never met any hollywood types but these guy’s were just dead set on making the show great, and real life. They met with Symantec/Norton folks but they were not prepared for Pierluigi’s charm and solid knowledge of what is in the deep dark web and a loco gAtO that has no rules or reason sometimes.
Let’s just say we where informative and entertaining and after the meeting Josh Cadwell CSI’s real geek -(producer, writer, director too) took the lead. I think this relationship will make the show more real, more believable and as they use real tools and how 2- of the black hackers they will be in a position to not just make a great entertainment show but also it may help other online people to become aware of the dangers of cyberspace. CSI broke new bounds and educated people to the cool science and how technology can be use for good things and help solve crimes. Cybergeddon is set to become another CSI but in cyber Space- About cyber Space— IMHO
gAtO does not even own a TV so I had no clue who CSI was- but these guy’s are really very smart, creative and played hardball when it comes to what they want. Anthony is solid TV Producer type, Matt is a cool genius and Josh has so much knowledge about Tor this that it made us feel comfortable, he is a techno class dude…he knows his technology.
This show is so different not just the content but by putting it on Yahoo they have over 50 million points as a distribution model. This is how smart movie executives are not fighting the Internet but they are embracing it and fixing it to make the model work. We all seen Kim DotCom and other pirate distribute content worldwide – movie guys saw this and said WOW we could keep the distribution cost down and get more views and that’s a big win, win for US the viewers and them the creators.
“I wanna be a Hackers” has become a new cool thing. The geek is becoming a superstar – where the football hero and the nerdy computer club president has similar status. This is new a turn for intelligence not just brute force – I’m one geek that got the beauty queen and so will others. Cybergeddon show’s that even the 4 eye nerd can become a person of power and respect – take the character “Rabbit” yeah I can say I know some hacker like him –
Give them a break guy::: I know you can’t hack everything in 15 keystrokes but they have a limited time – Viewer can have the concentration of a nat, so I will give them that and it has to be entertaining and Chloe the lady Hacker is so cool – I have a daughter that is a strong woman and can hack (a little ) but the role model this set’s up for women in technology is great –
I know of 3 cyber women (they are gonna kill me) C3nTuri0n ?@Centauri3 and ?? ?@7JGoldOrlando and Kandy- these are real live cyber queens that know their shit and are very intelligent, strong and vocal – they take no shit from anyone in cyberspace and sorry but that is cool. They dabble with SE, Bot-Nets and they know cyber security – I feel fortunate to know great ladies like this they teach me so much.. Thanks guy’s…
Cyber Women please stand Up
So my Gray hat goes out the CSI team in wanting to show such a good woman role model, this is a change and I seen it with Latino women shouting about TangoDown all over Latino countries – Women in cyberspace are gaining a lead – we men can sometimes communicate with grunts and get the message across (nOt)- I know this show can be great for equality in cyberspace.
I want to thank Lauren -Dare to Pass – Nicole – National Science Foundation for helping Pierluigi and gATO to have a chance to help in this project. el gAtO lOcO had fun talking about “The Deep Dark Web” (our Book) (available in Amazon) and security, Bitcoins market and the other fantastic cyber things we talked about.
Anthony called me up the next day and we talked about helping them on a new show about a cyber cop who dies and get’s re-born and goes out in the Dark Web to get the bad guys- I think the working title is “RESTART” it should be kinda cool. But hollywood types are all takers – pro bono- but they reap the rewards. I guess that gAtO will not be a famous star— gAtO OuT
gAtO lEaRn – On 01-01-213 we hear that Microsoft buys Skype and makes changes to allow Police surveillance. Then on 01-07-2013 we hear that a professor at the Warsaw University of Technology, Wojciech Mazurczyk, found a way to insert secret 70 bits of data and add secret information similar to steganography.
Lawful Intercept is what it’s called and we just heard punch – counter-punch from the government. I just posted about corporations and governments using offensive cyber weapons to fight crime, but this looks like just plain old spying on citizens like China, Iraq and Syria does. Skype is owned by Microsoft and we know that Word and other products have back doors for them to snoop and governments to use in criminal cases. I guess they do it the proper way and get a real FISA document to monitor us it’s citizens.
mEoW 12-30-2012 our re-elected President Obama signs FISA Warrantless Wiretapping Program. STOP – SAY WHAT. mEoW – Forget about gun control how about the privacy of citizens, are we becoming like China, Iraq and Syria the more I find out about this the crazier it becomes. I hate Skypes but now finding this out NO WAY DUDE-
I did a little digging and I found a document from the Straford hack from the LutzBoat crew and this has been on the play board for a long time. More and more governments that play nice with the America and Microsoft will have to live with the fact that they are spying on us, the people. I voted for Obama but I’m pretty sure any president would want to be able to justify this abuse of power to monitor it’s citizens, what get’s me is we scream and yell when other countries do it but here we are doing to ourselves and nobody is talking about this- Hay press wake up. I have nothing to hide but if you do you have been warned – enjoy your government spying on you behind your back – gAtO oUt
IT security continues to be the greatest challenge facing government CIOs worldwide. Most experts agree that governments require stronger partnerships between the public and private sectors for both better protection of government IT systems from intruders and for greater visibility into operators’ network traffic to fight crime. However, government systems and intelligence activities constitute a very sensitive information environment. Governments must proceed with caution when forming technology partnerships for hardening their IT network security. Melissa E. Hathaway, who in February 2009 was named to be the Obama Administration’s top cyber security official, points out how
Criminals, predators and hackers now use chats, blogs, webmail and Internet applications such as online gaming and file-sharing sites to hide their communications.
Qosmos provides law enforcement agencies with a powerful solution to identify a target using multiple virtual IDs and intercept all related IP- based communications. Any trigger, such as a “user login = target” initiates intercept of all IP traffic related to the “target.”
Example of recognized applications and protocols
VoIP Email (POP, SMTP)
Webmail (Gmail, Hotmail, Live Mail, SquirrelMail, Yahoo mail, etc.)
Instant Messaging (Aim, SNM, Skype, Yahoo, Google Talk, QQ, Maktoob, Paltalk, etc.)
Online games (World of Warcraft)
Online classified ads
Audio/Video (H.323, SIP, MGCP, RTP, RTCP, MMSE, RTSP, SHOUTcast, Yahoo Video,
MSN Video, SCCP, etc.)
Web applications (Dailymotion, Google, eBay, Google Earth, HTTP, MySpace, Wikipedia,
Example of information extracted
Caller, phone number, called party, duration of call
Webmail login, email address, sender, receiver, subject matter, attached documents
Instant messaging sender, receiver, contact lists and status
Forum login, IP address, MAC address, mobile ID (IMSI, IMEI)
Protocols identified even for unidirectional traffic (e.g. email by satellite).
CYber Investigation over General Patraeus
gAtO rEaD – NO CRIME committed- that the investigation for the top CIA general was because someone sent an eMail that said” I saw you touching the Generals leg at Dinner -Stop It” Yeah so one lady said to another lady – STOP MESSING WITH MY MAN – Pow – ZAP they get a court order to go thru someones eMail.
So if we take this premise that Judges will sign -COURT ORDERS to search your emails and any other emails that link it because of a jealous lover. It looks to gAtO that they have to much POWER – or the FBI is gonna search everyones emails now – legally. Court Ordered
This should send shock waves thru our industry – everyone is now warned that anyone’s email can be open to LE anytime and just about for any reason. I trusted the system, I trusted the Judges but lack of a crime should of not happened. There was NO CRIME committed the investigation turned out. But it has now taken down the reputation of 2 generals. NO CRIME
Now these are 2 famous generals what chance do mere mortals have that our eMails are going to be court order to investigate why simply because they can now. This shows to me the lack of justice or the erosion of justice that is coming down the cyber pipelines. If this is now a wake up call for security professionals to wake up and smell the coffee. Your email will be next unless we support less government control of our digital rights.
Freedom of Speech in cyberspace is a right not a privilege -gAtO oUt
gATO got- this email from FEMA after the election that’s pretty cool for government – gATO is the first to bItCh and mEoW about Governments – but Good Job Cyber FEMA….– gAtO OuT
—Community Preparedness e-Brief
Follow us on Twitter for preparedness tips and announcements!
Nor’easter Impacting Areas Still Recovering from Hurricane Sandy – Ensure You Are Prepared
A Nor’easter is approaching the northeast today, including those areas still recovering from Hurricane Sandy. This Nor’easter is expected to bring strong winds, rain and even snow throughout today into Thursday. As the storm makes its way up the coast, we are asking you to do the following:
- Read and share this email;
- Visit http://www.ready.gov/winter-weather;
- Like and share FEMA’s Facebook page posts;
- Follow and retweet @ReadyDotGov tweets; and
- Download and share these useful apps: FEMA – Android, Apple, Blackberry
Given the power has not yet been fully restored in some areas, state and local governments are opening warming stations in anticipation of the Nor’easter. To find more about these warming stations and other open shelters, visit:
New York State
For those within an area expected to be impacted by this current storm, below are some simple steps one should take now to prepare:
- Follow the direction of local officials – if told to evacuate, listen to the direction of your local officials and evacuate immediately.
- Know the forecast for your area – listen to your NOAA weather radio and local news reports, or visit weather.gov for conditions in your area.
- Check on your neighbor – make sure they are also prepared for the weather.
- Have an adequate communication plan – be sure friends and family know how to contact you. Text messages can often get around network disruptions when a phone call might not get through.
FEMA continues to support both recovery operations as a result of Hurricane Sandy as well as preparedness efforts associated with the Nor’easter. Additional commodities including food, water, blankets, and generators are currently being delivered to distribution points across the region impacted by Sandy. FEMA is also pre-positioning even more resources and supplies for its state and local partners to respond, if necessary, to the Nor’easter.
Community Relations Teams are on the ground, going door-to-door, letting individuals know how to register with FEMA for financial assistance and how to prepare for the upcoming storm. More than 277,000 people have applied for financial assistance, and more than $250 million in assistance has been approved.
Prepare for hazards in YOUR area
Although you may not be in the path of this forecasted storm, now is a good time to review the potential hazards where you live. Knowing likely risks for your area, whether snow storms, earthquakes or tornadoes and knowing what to do when a disaster strikes is a critical part of being prepared and may make all the difference when seconds matter.
Local emergency management offices can help you identify hazards in your community and can outline the local plans and recommendations for each. Be sure to share this information with family, neighbors, colleagues and friends – talking about preparedness helps everyone be ready, “just in case.” Use the links below to make your family, business and community safer, more resilient and better prepared for any disaster event.
We want to hear your suggestions on how we can improve our communications to you, be sure to email us at email@example.com.