Tor users’ IP addresses can be identified by exploiting routers

Tor users' IP addresses can be identified by exploiting routers

Tor users’ IP addresses can be identified by exploiting routers now,  however it has previously been a tough target for law enforcement for years and FBI has spent millions of dollars to de-anonymize the identity of Tor users, the latest research suggests that more than 81% of Tor clients can be “de-anonymised” by exploiting the traffic analysis software ‘Netflow’ technology that Cisco has built into its router protocols. NetFlow is a network protocol designed to collect and monitor network traffic.

It exchanged data in network flows, which can correspond to TCP connections or other IP packets sharing common characteristics, such UDP packets sharing source and destination IP addresses, port numbers, and other information.The research was conducted for six years by professor Sambuddho Chakravarty, a former researcher at Columbia University’s Network Security Lab and now researching Network Anonymity and Privacy at the Indraprastha Institute of Information Technology in Delhi.

Here’s how his team did it, in simple terms: they repeatedly injected typical HTML files a Tor user would access into a router’s connection. Since Netflow was designed to break down and analyze traffic depending on what you use the internet for (say 25 percent email and 50 percent web browsing), they could check who accessed those HTML files and get their IP addresses. He’s convinced that a large organization (like, well, the government) can easily uncover the identities of Tor users if it wanted. In fact, he says one doesn’t even need the resources of a powerful organization to do so, as a single autonomous system programmed to de-anonymize Tor clients can monitor up to 39 percent of the browser’s traffic.

Jayson Street of Pwnie Express advises people to rely not just on one method if they truly want to be anonymous on the internet. As he told International Business Times:

End users don’t know how to properly configure it — they think it’s a silver bullet. They think once they use this tool, they don’t have to take other precautions. It’s another reminder to users that nothing is 100 percent secure. If you’re trying to stay protected online, you have to layer your defenses

Related posts

ANY.RUN Discovers Tricky Phishing Attack Using Fake CAPTCHA

Kia Dealer Portal Vulnerability Risked Millions of Cars

Latest Octo Malware Variant Mimics Popular Apps Like NordVPN, Chrome