Thread: TOR users unmasked.

Research by a computer science professor formerly of Columbia University has shown that 81 per cent of Tor users can be ‘de-anonymised.’
Tor is a free encryption software program known as an onion router that provides anonymity to the user by running internet activity through a worldwide network of volunteer servers.
The software is the most popular of its kind and has been embraced by a growing number Australians seeking to keep their internet activities private.
However, the anonymity that Tor is premised on may not be so ironclad.
In research conducted between 2008 and 2014, Professor Sambuddho Chakravarty published a number of papers that claimed a 100 per cent ‘de-cloaking’ success rate under laboratory conditions and 81.4 per cent in the actual Tor network.
The de-cloaking method involves introducing disturbances into the highly regulated environs of onion router protocols and then exploiting the Cisco netflow tool built into its routers to analyse router data.

Dr Chakravarty has said that it’s not even necessary to be a highly resourced in order carry out such a traffic analysis attack.
“A powerful, yet non-global adversary could use traffic analysis methods … to determine the various relays participating in a Tor circuit,” he said.
Tor responded to the hack in a recent blog post saying that traffic correlation attacks “are not a new arena” and that they have already worked to implement security measures.
This is not the first scare that Tor users have had, earlier in the year the heartbleed bug not only compromised a majority of internet sites but also rendered the anonymity of Tor users vulnerable.
While ‘dark websites’ that require encryption software continue to be used across Australia the anonymity of such activities seems to be less and less certain.

Tor software hacked

Did he really only just realise that?

Originally Posted by Necron99

TOR users unmasked.

No:1 - Harry Barracuda

Oh Albert how dreadfully amusing.

Ho Ho.

Ho.

Originally Posted by Necron99

TOR users unmasked.

Or unbucketed?

What they're referring to is folks using the Tor Browser Bundle to surf the web. That bounces your traffic through three tor relays and then on to the website you are visiting. The last node on the hop, the exit node, can be ran by a 'malicious' operator who injects information into the data stream. Certain non-patched routers will respond to this injected information, and if your first hop is one of those routers, it can then say that the person that visited this website came from this IP address originally.

tor stands for The Onion Router, and is a series of protocols based on having several layers of contact and encryption. Tor devs always warn users that just using a tor based product, like the tor browser bundle, doesn't ensure anonymity if it's not used properly, and connecting to insecure public services isn't using it properly.

They may not yet be able to target specific Tor users, but for all intents and purposes Tor is an open book for the NSA.

Not that I use it anyway, it's for paedos, criminals and Chinese dissidents.

Originally Posted by harrybarracuda

Not that I use it anyway, it's for paedos, criminals and Chinese dissidents.

I use Torchat because I send very confidential drawings and documentation to my patent attorney mainly because we don't trust the normal internet highway.

You quote above is way off the mark Harry. Do you have facts and figures to back up your claim?

Originally Posted by Loy Toy

Originally Posted by harrybarracuda

Not that I use it anyway, it's for paedos, criminals and Chinese dissidents.

I use Torchat because I send very confidential drawings and documentation to my patent attorney mainly because we don't trust the normal internet highway.

You quote above is way off the mark Harry. Do you have facts and figures to back up your claim?

*Cough*.

It's for paedos, criminals, Chinese dissidents and Loy Toy.

Tor Project puzzles over how the law shredded anonymity in Operation Onymous

by Lisa Vaas on November 12, 2014 | 8 Comments

When the administrator of Silk Road 2.0 was busted last week, the agent who penned his indictment was tight-lipped about how, exactly, the FBI got its hands on the supposedly hidden server the dark net market was using, saying that the Bureau simply "identified the server located in a foreign country," and that law enforcement managed to image it sometime around 30 May 2014.



In or about May 2014, the FBI identified a server located in a foreign country that was believed to be hosting the Silk Road 2.0 website at the time (the “Silk Road 2.0 Server”). On or about May 30, 2014, law enforcement personnel from that country imaged the Silk Road 2.0 Server and conducted a forensic analysis of it. Based on posts made to the SR2 Forum, complaining of service outages at the time the imaging was conducted, I know that once the Silk Road 2.0 server was taken offline for imaging, the Silk Road 2.0 website went offline as well, thus confirming that the server was used to host the Silk Road 2.0 website.

That's it. That's all that law enforcement was willing to share about how it managed to slice through the layers of the Tor network, which is designed to mask users' identity by means of software that routes encrypted browsing traffic through a network of worldwide servers.

Image of head and question marks courtesy of ShutterstockNow, the keepers of Tor - the nonprofit group The Tor Project - are trying to puzzle out how identities were laid bare in the farflung, multi-nation bust, dubbed Operation Onymous, that snared 410+ supposedly hidden services running 27 markets, including Silk Road 2.0.

The Tor user base doesn't just include bad guys - the drug lords, drug buyers, illicit arms traffickers, money launderers and child-abuse image swappers.

It also includes activists and others for whom it's crucial to protect privacy so as to ensure safety from persecution, be it from oppressive regimes or dangerous stalkers.

The Tor Project doesn't know how the anonymizing service was foiled, but it has possibly relevant information it shared on Sunday.

As Tor project executive director Andrew Lewman wrote, in the previous few days, The Tor Project had received reports that several Tor relays had been seized by government officials (The Tor Project doesn't know how or why) - specifically, three Torservers.net systems (used to run Tor exit nodes) that blinked out of existence.

The "How" of the onion-router slicing has a few possible avenues of inquiry.

One of those paths involves blaming the unmasked victims themselves for using inadequate operational security.

This is "the first and most obvious explanation", writes Tor project executive director Andrew Lewman:

"The project has received reports about websites being infiltrated by undercover agents, while [Benthall's indictment] states various operational security errors."

Other possibilities Lewman suggested:

SQL injection. Lewman notes that many of the sites discovered in Operation Onymous were likely "quickly-coded e-shops with a big attack surface" that could well have been vulnerable to SQL injection.

Bitcoin de-anonymization. Recent research from Cornell University describes a way to de-anonymize Bitcoin users that allows for the linkage of user pseudonyms to the IP addresses from which the transactions are generated, even when used on Tor.

Attacks on the Tor network. Given the number of takedowns and the seizure of Tor relays, the Tor network was possibly attacked to reveal the location of the hidden services. Lewman lists a number of attacks that have been discovered on the Tor network over the past few years - attacks with the potential aftermath of de-anonymizing previously hidden services.
In fact, two Carnegie Mellon researchers canceled a Black Hat 2014 talk about how easy they found it to break Tor.

The researchers claimed that it was possible to "de-anonymize hundreds of thousands of Tor clients and thousands of hidden services within a couple of months," and promised to discuss examples of their own work identifying "suspected child pornographers and drug dealers."

From the original description, before Carnegie-Mellon's lawyers had the talk yanked from the lineup:

There is nothing to prevent you from using your resources to de-anonymize the network's users ... by exploiting fundamental flaws in Tor design and implementation. And you don't need the NSA budget to do so.

Looking for the IP address of a Tor user? No problem. Trying to uncover the location of a hidden service? Done. We know because we tested it, in the wild...

At the time, The Tor Project confirmed that yes, somebody or somebodies were picking it apart, and the assaults may have unmasked those who run or visit Tor-hidden sites.

In the meantime, Lewman asks relay operators to get in touch if their server was recently compromised or they lost control of it.

Originally Posted by harrybarragoomba

Ho Ho. Ho.

Stop it you onion ring - you're making me cry

Originally Posted by Nathan Napalm

Stop it you onion ring - you're making me cry

Aw diddums.

The problem is/was not Tor, It's the user, you can still use it without being unmasked, regardless of what the media or FBI says, it is just not possible for the average user and they average skill/tech to stay anonymous,
all you need is a IPMCA