- What is the TikTok drink and can you still get it? Thursday 9:27 PM
- “Party, Party, Party” TikTok meme grapples with party culture Thursday 8:43 PM
- Baby Yoda was just added to Sims 4 Thursday 7:54 PM
- Religious conservatives petition Netflix to pull ‘gay Jesus’ Christmas comedy Thursday 7:19 PM
- Kylie Jenner criticized for yet another expensive car post Thursday 5:57 PM
- Apex Legends became a major Pornhub search in 2019 Thursday 5:15 PM
- CBS accidentally interviewed InfoWars host as regular Trump supporter Thursday 4:31 PM
- TLC accused of fatphobia, fetishization with show about ‘mixed-weight’ couples Thursday 3:41 PM
- Betting odds show KSI could fight FaZe Sensei, Jake Paul, or Justin Bieber next Thursday 3:20 PM
- Nick Cannon releases another thirsty Eminem diss track Thursday 2:59 PM
- Dogs at polling stations are helping bark out the vote in the U.K. Thursday 1:00 PM
- Streamers dominated Pornhub searches in 2019 Thursday 12:59 PM
- Pro and anti-boot factions emerge in wake of ‘Wonder Woman 1984’ trailer Thursday 12:31 PM
- The ‘Rise of Skywalker’ press tour has turned into a rehash of ‘The Last Jedi’ Thursday 12:18 PM
- What’s in a TikTok username? Thursday 12:00 PM
Hackers promise to break Tor on a $3,000 budget
Can one of the most popular and powerful anonymity tools on the Internet be broken?
Is Tor, one of the most popular and powerful anonymity tools on the Internet, broken?
Two hackers are promising to show how they’re able to deanonymize Tor users with a measly $3,000 budget at Black Hat 2014, a major hacking conference in Las Vegas next month.
“In this talk, we demonstrate how the distributed nature, combined with newly discovered shortcomings in design and implementation of the Tor network, can be abused to break Tor anonymity,” the presenters, Alexander Volynkin and Michael McCord, explain.
The briefing is titled, “You Don’t Have to be the NSA to Break Tor: Deanonymizing Users on a Budget.”
With “a handful of powerful servers and a couple gigabit links”—easily within the resources of the world’s major intelligence agencies, criminal collectives, hacktivist groups, private companies, and more—thousands of Tor clients and hidden services can be revealed “within a couple of months,” the pair says.
Volynkin, a research scientist, and McCord, a software vulnerability analyst, haven’t revealed many specifics to the public yet, but many Tor community members are hoping that they’ve followed responsible disclosure practices and have notified Tor’s developers of any potential exploits that can put the anonymity of millions of users at risk.
Documents revealed in 2013 due to Edward Snowden’s NSA leaks revealed details that the intelligence agency had tried but largely failed to break Tor. The NSA slides even called Tor “the King of high secure, low latency Internet anonymity,” with “no contenders for the throne in waiting.” Last week, it was revealed that the NSA targets even those who read about Tor online as “extremists.”
No one has yet seen or reviewed the talk, so it’s impossible to verify the presenters’ claims. Even though the Tor community has been talking at length about the $3,000 demonstration, no official Tor developer has given comment.
The demonstration will cover “the nature, feasibility, and limitations of possible attacks, and then dive into dozens of successful real-world de-anonymization case studies, ranging from attribution of botnet command and control servers, to drug-trading sites, to users of kiddie porn places,” the presenters say.
Black Hat USA 2014 takes place Aug. 2-7 in Las Vegas.
Photo via Alex/Flickr (CC BY 2.0)
Patrick Howell O'Neill is a notable cybersecurity reporter whose work has focused on the dark net, national security, and law enforcement. A former senior writer at the Daily Dot, O'Neill joined CyberScoop in October 2016. I am a cybersecurity journalist at CyberScoop. I cover the security industry, national security and law enforcement.