Monthly Archives: November 2015

Also known as “The Onion Router,” Tor is a free anonymization service that allows people to hide their IP addresses and thus surf the web anonymously. When the Tor software is installed, it routes users’ internet traffic through Tor’s network of randomly selected volunteer-run relays that exist all over the world. All of that traffic gets encrypted and re-encrypted multiple times until it reaches the exit node, which decrypts only the last layer of encryption and send it to the proper destination without revealing who the sender is.

silk roadAccording to the Tor website, “Tor helps to reduce the risks of both simple and sophisticated traffic analysis by distributing your transactions over several places on the Internet, so no single point can link you to your destination. The idea is similar to using a twisty, hard-to-follow route in order to throw off somebody who is tailing you- and then periodically erasing your footprints. Instead of taking a direct route from source to destination, data packets on the Tor network take a random pathway through several relays that cover your tracks so no observer at any single point can tell where the data came from or where it’s going.”

The anonymity that Tor makes accessible has been both appreciated and reviled; it protects ethical political dissidents in repressive regimes and whistleblowers, for example, but criminals also use it to partake in illegal activity like buying drugs off the Silk Road and sex trafficking.

Unfortunately for Tor and it’s users, the service may not promise as much anonymity as it claims.

According to Tor Project Director Roger Dingledine, Carnegie Mellon researchers “were paid by the FBI to attack hidden services users in a broad sweep, and then sift through their data to find people whom they could accuse of crimes.” He also claimed that the payment to CMU was at least $1 million.

carnegie mellonMatthew Green, a professor in the computer science department at Johns Hopkins University, explained how the service users were identified: “If a person controls a large fraction of the computers that operate the Tor network, there are attacks they can run that correlate where a user’s traffic is being bounced around the network. By doing that, you can de-anonymize the users, actually track them back to their real address.”

Tor identified that a group of computers was undergoing this exact process back in 2014 and kicked them off the network. It did not immediately understand the source of the attack, but when two CMU researchers were scheduled to present a session titled “You Don’t Have to Be the NSA to Break Tor: De-anonymizing Users on a Budget,” Tor didn’t miss a beat.

Their presentation included methodology reminiscent of the one that hacked Tor: “In our analysis, we’ve discovered that a persistent adversary with a handful of powerful servers and a couple gigabit links can de-anonymize hundreds of thousands of Tor clients and thousands of hidden services within a couple months.”

When the talk was promptly cancelled, Tor suspected the researchers must have been behind the attack on the network earlier in the year.