Saturday, 1 August 2015

How Spies Could Unmask Tor Users without Cracking Encryption


How Spies Could Unmask Tor Users without Cracking Encryption
The Onion Router (Tor) is weeping Badly!

Yes, Tor browser is in danger of being caught once again by the people commonly known as "Spies," who's one and only intention is to intrude into others’ network and gather information.

A team of security researchers from Massachusetts Institute of Technology (MIT) have developed digital attacks that can be used to unmask Tor hidden services in the Deep Web with a high degree of accuracy.

The Tor network is being used by journalists, hackers, citizens living under repressive regimes as well as criminals to surf the Internet anonymously. A plethora of nodes and relays in Tor network is used to mask its users and make tracking very difficult.

Any user when connects to Tor, the connection gets encrypted and routed through a path called a"circuit." The request first reaches an entry node, also known as a 'Guard' that knows the actual IP address of the user, and then goes through every hop in the route and finishes off a communication circuit via "exit nodes."

However, in some cases, an attacker could passively monitor Tor traffic to figure out the hidden service accessed by a user and even reveal the servers hosting sites on the Tor network.

Revealing identities without decrypting the TOR Traffic


Recently, Net Security team from MIT and the Qatar Computing Research Institute claimed to find a new vulnerability in the Tor's Guard gateway that can be exploited to detect whether a user is accessing one of Tor's hidden services.

They explained, Tor's Guard Gateways could be masqueraded and the packets coming from the user could be made to travel through attacker’s malicious ‘setup’ node acting as an Entry node.

In a proof-of-concept attack published this week, the researchers described this technique as "Circuit Fingerprinting,"...

...kind of behavior biometric, which includes series of passive attacks, allowing spies to unmask Tor users with 88 percent accuracy even without decrypting the Tor traffic.

This new alternative approach not only tracks the digital footprints of Tor users but also reveals exactly which hidden service the user was accessing; just by analyzing the traffic data and the pattern of the data packets.
"Tor exhibits fingerprintable traffic patterns that allow an [enemy] to efficiently and accurately identify and correlate circuits involved in the communication with hidden services," says the team.

"Therefore, instead of monitoring every circuit, which may be costly, the first step in the attacker's strategy is to identify suspicious circuits with high confidence to reduce the problem space to just hidden services."
The technique nowhere breaks down the layered encrypted route of Tor network, so being encrypted doesn't make your identity anonymous from others.

Does the vulnerability Really utter Truth?


The Tor project leader Roger Dingledine raises a question to the researchers asking about genuineness of the accuracy that the Traffic fingerprinting technique delivers....

... leaving the researchers and the users confused.

As for the Tor, it is considered to be a popular browser that protects your Anonymity while accessing the Internet. However, with the time and successful breaches, it seems that this phenomenon of the Tor network could get depleted.

According to the MIT News article, the fix was suggested to Tor project representatives, who may add it to a future version of Tor.

4 comments:

Anonymous said...

I love your post because I like the way you collaborate and share your opinions, great blog, carry on. Cheats 2015

Raghu said...


Best tricks

Basic tricks

Click here

seoselebrate said...

to get more information click here
Online Cashback Deals
Online Cashback Offers

Hacker said...

Hire hacker

❤ BUSINESS FOR
SERIOUS BUYERS ONLY ❤

♣ BILLS PAY
♣ HOTEL BOOKING / AIR TICKET BOOKING
♣ BANK TRANSFER AVAILABLE
♣ WESTERN UNION TRANSFER AVAILABLE
♣ ATM / DUMPS / TRACKS
♣ CREDIT CARD / DEBIT CARD

We Also provide You To Transfer Money From any Hacked Bank Logins With No ChargeBack.
WE HAVE REPLACEMENT POLICY AND WE PROVE BEFORE ANY BUSINESS
INBOX ME ASAP

ICQ : 728612475
Gmail : arturooboris@gmail.com

Post a Comment

Related Posts Plugin for WordPress, Blogger...
 
TRICKS AND TIPS CREATED BY SUSHIL UPADHYAY| Grants for single moms