[tor-talk] BlackHat2014: Deanonymize Tor for $3000

Matthew Kaufman mkfmncom at gmail.com
Thu Jul 3 19:28:11 UTC 2014


On Thu, Jul 3, 2014 at 2:05 PM, grarpamp <grarpamp at gmail.com> wrote:

> You Don't Have to be the NSA to Break Tor: Deanonymizing Users on a Budget
> Alexander Volynkin / Michael McCord
> [...]
> Looking for the IP address of a Tor user? Not a problem. Trying to
> uncover the location of a Hidden Service? Done. We know because we
> tested it, in the wild...
> In this talk, we demonstrate how the distributed nature, combined with
> newly discovered shortcomings in design and implementation of the Tor
> network, can be abused to break Tor anonymity. In our analysis, we've
> discovered that a persistent adversary with a handful of powerful
> servers and a couple gigabit links can de-anonymize hundreds of
> thousands Tor clients and thousands of hidden services within a couple
> of months. The total investment cost? Just under $3,000. During this
> talk, we will quickly cover the nature, feasibility, and limitations
> of possible attacks, and then dive into dozens of successful
> real-world de-anonymization case studies, ranging from attribution of
> botnet command and control servers, to drug-trading sites, to users of
> kiddie porn places. The presentation will conclude with lessons
> learned and our thoughts on the future of security of distributed
> anonymity networks.
> --
> tor-talk mailing list - tor-talk at lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

More information about the tor-talk mailing list