- How to watch ‘Detective Pikachu’ right now 5 Years Ago
- Walmart is suing Tesla over fires at stores with solar panels 5 Years Ago
- Jeremy Renner asks nicely for Sony to let Spider-Man back in the MCU Today 2:51 PM
- The best and safest torrenting sites you should be using in 2019 Today 2:47 PM
- ‘Beyoncé’s Assistant for a Day’ creator is releasing more games on storytelling app Yarn Today 1:54 PM
- Why does everyone keep falling for that Instagram and Facebook hoax? Today 1:46 PM
- A bunch of celebrities fell for that viral Instagram hoax Today 1:17 PM
- Former Die Antwoord crew member says video shows ‘homophobic attack’ Today 1:13 PM
- How to stream all the MLS Rivalry Week matches Today 1:13 PM
- Nevada officials issue warnings for people prepping to ‘Storm Area 51’ Today 12:55 PM
- These are the 8 best fighting games available today Today 12:43 PM
- Pluto TV and the NFL launch the NFL Channel Today 12:40 PM
- Trump: ‘I am the chosen one’ Today 12:33 PM
- Video shows arrest of 15-year-old who threatened school shooting online Today 12:11 PM
- Woman finds massive diamond after watching YouTube video on how to find diamonds Today 11:30 AM
Hackers promise to break Tor on a $3,000 budget
Can one of the most popular and powerful anonymity tools on the Internet be broken?
Is Tor, one of the most popular and powerful anonymity tools on the Internet, broken?
Two hackers are promising to show how they’re able to deanonymize Tor users with a measly $3,000 budget at Black Hat 2014, a major hacking conference in Las Vegas next month.
“In this talk, we demonstrate how the distributed nature, combined with newly discovered shortcomings in design and implementation of the Tor network, can be abused to break Tor anonymity,” the presenters, Alexander Volynkin and Michael McCord, explain.
The briefing is titled, “You Don’t Have to be the NSA to Break Tor: Deanonymizing Users on a Budget.”
With “a handful of powerful servers and a couple gigabit links”—easily within the resources of the world’s major intelligence agencies, criminal collectives, hacktivist groups, private companies, and more—thousands of Tor clients and hidden services can be revealed “within a couple of months,” the pair says.
Volynkin, a research scientist, and McCord, a software vulnerability analyst, haven’t revealed many specifics to the public yet, but many Tor community members are hoping that they’ve followed responsible disclosure practices and have notified Tor’s developers of any potential exploits that can put the anonymity of millions of users at risk.
Documents revealed in 2013 due to Edward Snowden’s NSA leaks revealed details that the intelligence agency had tried but largely failed to break Tor. The NSA slides even called Tor “the King of high secure, low latency Internet anonymity,” with “no contenders for the throne in waiting.” Last week, it was revealed that the NSA targets even those who read about Tor online as “extremists.”
No one has yet seen or reviewed the talk, so it’s impossible to verify the presenters’ claims. Even though the Tor community has been talking at length about the $3,000 demonstration, no official Tor developer has given comment.
The demonstration will cover “the nature, feasibility, and limitations of possible attacks, and then dive into dozens of successful real-world de-anonymization case studies, ranging from attribution of botnet command and control servers, to drug-trading sites, to users of kiddie porn places,” the presenters say.
Black Hat USA 2014 takes place Aug. 2-7 in Las Vegas.
Photo via Alex/Flickr (CC BY 2.0)
Patrick Howell O'Neill is a notable cybersecurity reporter whose work has focused on the dark net, national security, and law enforcement. A former senior writer at the Daily Dot, O'Neill joined CyberScoop in October 2016. I am a cybersecurity journalist at CyberScoop. I cover the security industry, national security and law enforcement.