- Twitter thread roasts bathtub tray ads for women Monday 7:21 PM
- Nintendo set to release two new models of the Switch—possibly in 2019 Monday 6:45 PM
- Viral cat video ‘Dear Kitten’ finds new life in TikTok challenge Monday 5:30 PM
- Here’s every show that was announced at the Apple TV+ kickoff Monday 3:53 PM
- ‘Shazam!’ embraces the spectacle and heart of the superhero genre Monday 3:45 PM
- How to mute Twitter’s suggested tweets on your timeline Monday 3:02 PM
- What you need to know about Apple’s new streaming service Monday 2:32 PM
- Text-message fanfiction is taking over Instagram Monday 1:54 PM
- Your Asus computer might have a secret backdoor Monday 1:06 PM
- Trump is already fundraising off the Mueller report—even though no one’s seen it Monday 1:01 PM
- Michael Avenatti charged with trying to extort $20 million from Nike Monday 12:51 PM
- Logan Paul says being a YouTuber is ‘wack’ Monday 12:14 PM
- James Comey posts from a forest in wake of Mueller report Monday 10:35 AM
- These are the only online dating sites worth your time Monday 10:29 AM
- Jameela Jamil sparks conversation about women having to make the ‘boyfriend excuse’ Monday 10:23 AM
Can one of the most popular and powerful anonymity tools on the Internet be broken?
Is Tor, one of the most popular and powerful anonymity tools on the Internet, broken?
Two hackers are promising to show how they’re able to deanonymize Tor users with a measly $3,000 budget at Black Hat 2014, a major hacking conference in Las Vegas next month.
“In this talk, we demonstrate how the distributed nature, combined with newly discovered shortcomings in design and implementation of the Tor network, can be abused to break Tor anonymity,” the presenters, Alexander Volynkin and Michael McCord, explain.
The briefing is titled, “You Don’t Have to be the NSA to Break Tor: Deanonymizing Users on a Budget.”
With “a handful of powerful servers and a couple gigabit links”—easily within the resources of the world’s major intelligence agencies, criminal collectives, hacktivist groups, private companies, and more—thousands of Tor clients and hidden services can be revealed “within a couple of months,” the pair says.
Volynkin, a research scientist, and McCord, a software vulnerability analyst, haven’t revealed many specifics to the public yet, but many Tor community members are hoping that they’ve followed responsible disclosure practices and have notified Tor’s developers of any potential exploits that can put the anonymity of millions of users at risk.
Documents revealed in 2013 due to Edward Snowden’s NSA leaks revealed details that the intelligence agency had tried but largely failed to break Tor. The NSA slides even called Tor “the King of high secure, low latency Internet anonymity,” with “no contenders for the throne in waiting.” Last week, it was revealed that the NSA targets even those who read about Tor online as “extremists.”
No one has yet seen or reviewed the talk, so it’s impossible to verify the presenters’ claims. Even though the Tor community has been talking at length about the $3,000 demonstration, no official Tor developer has given comment.
The demonstration will cover “the nature, feasibility, and limitations of possible attacks, and then dive into dozens of successful real-world de-anonymization case studies, ranging from attribution of botnet command and control servers, to drug-trading sites, to users of kiddie porn places,” the presenters say.
Black Hat USA 2014 takes place Aug. 2-7 in Las Vegas.
Photo via Alex/Flickr (CC BY 2.0)
Patrick Howell O'Neill is a notable cybersecurity reporter whose work has focused on the dark net, national security, and law enforcement. A former senior writer at the Daily Dot, O'Neill joined CyberScoop in October 2016. I am a cybersecurity journalist at CyberScoop. I cover the security industry, national security and law enforcement.