Tor is an important service on the Internet when it comes to anonymity. It's free and can be used by anyone to hide information such as a device's public IP address.
Tor is used by people around the world to avoid censorship. Although it is used for good purposes, it is also misused. Cybercriminals are using Tor for the same purpose: to remain anonymous and evade law enforcement.
This is also interesting: Tor recently launched the WebTunnel bridge as a new way to overcome censorship
cracks of obscurity
Law enforcement agencies in Germany have monitored Tor servers for months to identify individual users. The agencies managed to identify a server of the ransomware group Vanir Locker, which the group operated from within the Tor network.
The group announced that it would release the data it copied from one of its recent campaigns on the server. Law enforcement agents managed to identify the location of the server using a technique called timing analysis.
Timing analysis is used to relate the connection of nodes in the Tor network to local Internet connections. This method relies on monitoring as many Tor nodes as possible, as this increases the chance of detection.
This confirms that law enforcement agencies are monitoring Tor nodes. It seems that German law enforcement agencies are not the only ones using this technique for identification.
A state office of criminal investigation took control of the ransomware group's Tor address and redirected it to a new page. This prevented the stolen data from being released on the page.
Reporters from ARD (a publicly funded broadcaster) were able to view documents that confirmed four successful identifications in a single investigation. ReportsThe agencies used this technique to identify members of child exploitation forums.
Closing words
It is not only law enforcement agencies that use this technique to identify criminals. Oppressive regimes can also use this method to identify users who try to remain anonymous to avoid prosecution.
A blog post There is some light shed on this issue on the Tor Project blog. It addresses identification in a child exploitation case. The maintainers admit they did not have access to the sources, but they believe Tor is still one of the best options for most internet users to stay anonymous.
They will want to have access to the information to see if there is a problem with the service that can be fixed.
What is your opinion on this? Do you use Tor? Leave a comment below.
Thanks for reading..
