- Hong Kong protesters wear LeBron James masks Wednesday 7:58 PM
- Gina Rodriguez has said N-word before, Twitter discovers Wednesday 6:54 PM
- How to stream Chiefs vs. Broncos on Thursday Night Football Wednesday 6:00 PM
- Feds take down dark web’s largest known child porn site Wednesday 5:33 PM
- Ben Shapiro says his ‘man body’ is just as controlled as women’s Wednesday 5:06 PM
- Genius turns Kylie Jenner’s ‘rise and shine’ meme into alarm ringtone Wednesday 4:14 PM
- In ‘Tell Me Who I Am,’ twin brothers grapple with hidden trauma Wednesday 4:13 PM
- Panama Papers law firm sues Netflix over ‘The Laundromat’ Wednesday 3:07 PM
- ‘Motherless Brooklyn’ is a gorgeous noir with little below the surface Wednesday 1:14 PM
- Jameela Jamil and Sara Sampaio got in a Twitter feud over ‘long-starved’ models Wednesday 12:52 PM
- Freddie Prinze Jr. will straight-up school you about the Force don’t @ him Wednesday 12:18 PM
- Woman hosts Instagram funeral after she ‘killed’ $102K in student debt Wednesday 11:45 AM
- YouTube beats Netflix as go-to streaming platform for teens Wednesday 11:41 AM
- The tallest man in America posts emotional YouTube video from hospital room Wednesday 11:31 AM
- Nintendo Switch subreddit implodes amid Hong Kong protests Wednesday 11:14 AM
Hackers promise to break Tor on a $3,000 budget
Can one of the most popular and powerful anonymity tools on the Internet be broken?
Is Tor, one of the most popular and powerful anonymity tools on the Internet, broken?
Two hackers are promising to show how they’re able to deanonymize Tor users with a measly $3,000 budget at Black Hat 2014, a major hacking conference in Las Vegas next month.
“In this talk, we demonstrate how the distributed nature, combined with newly discovered shortcomings in design and implementation of the Tor network, can be abused to break Tor anonymity,” the presenters, Alexander Volynkin and Michael McCord, explain.
The briefing is titled, “You Don’t Have to be the NSA to Break Tor: Deanonymizing Users on a Budget.”
With “a handful of powerful servers and a couple gigabit links”—easily within the resources of the world’s major intelligence agencies, criminal collectives, hacktivist groups, private companies, and more—thousands of Tor clients and hidden services can be revealed “within a couple of months,” the pair says.
Volynkin, a research scientist, and McCord, a software vulnerability analyst, haven’t revealed many specifics to the public yet, but many Tor community members are hoping that they’ve followed responsible disclosure practices and have notified Tor’s developers of any potential exploits that can put the anonymity of millions of users at risk.
Documents revealed in 2013 due to Edward Snowden’s NSA leaks revealed details that the intelligence agency had tried but largely failed to break Tor. The NSA slides even called Tor “the King of high secure, low latency Internet anonymity,” with “no contenders for the throne in waiting.” Last week, it was revealed that the NSA targets even those who read about Tor online as “extremists.”
No one has yet seen or reviewed the talk, so it’s impossible to verify the presenters’ claims. Even though the Tor community has been talking at length about the $3,000 demonstration, no official Tor developer has given comment.
The demonstration will cover “the nature, feasibility, and limitations of possible attacks, and then dive into dozens of successful real-world de-anonymization case studies, ranging from attribution of botnet command and control servers, to drug-trading sites, to users of kiddie porn places,” the presenters say.
Black Hat USA 2014 takes place Aug. 2-7 in Las Vegas.
Photo via Alex/Flickr (CC BY 2.0)
Patrick Howell O'Neill is a notable cybersecurity reporter whose work has focused on the dark net, national security, and law enforcement. A former senior writer at the Daily Dot, O'Neill joined CyberScoop in October 2016. I am a cybersecurity journalist at CyberScoop. I cover the security industry, national security and law enforcement.