[tor-talk] BlackHat2014: Deanonymize Tor for $3000
Matthew Kaufman
mkfmncom at gmail.com
Thu Jul 3 19:28:11 UTC 2014
https://www.blackhat.com/us-14/briefings.html#you-dont-have-to-be-the-nsa-to-break-tor-deanonymizing-users-on-a-budget
On Thu, Jul 3, 2014 at 2:05 PM, grarpamp <grarpamp at gmail.com> wrote:
> You Don't Have to be the NSA to Break Tor: Deanonymizing Users on a Budget
> Alexander Volynkin / Michael McCord
>
> [...]
> Looking for the IP address of a Tor user? Not a problem. Trying to
> uncover the location of a Hidden Service? Done. We know because we
> tested it, in the wild...
>
> In this talk, we demonstrate how the distributed nature, combined with
> newly discovered shortcomings in design and implementation of the Tor
> network, can be abused to break Tor anonymity. In our analysis, we've
> discovered that a persistent adversary with a handful of powerful
> servers and a couple gigabit links can de-anonymize hundreds of
> thousands Tor clients and thousands of hidden services within a couple
> of months. The total investment cost? Just under $3,000. During this
> talk, we will quickly cover the nature, feasibility, and limitations
> of possible attacks, and then dive into dozens of successful
> real-world de-anonymization case studies, ranging from attribution of
> botnet command and control servers, to drug-trading sites, to users of
> kiddie porn places. The presentation will conclude with lessons
> learned and our thoughts on the future of security of distributed
> anonymity networks.
> --
> tor-talk mailing list - tor-talk at lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
More information about the tor-talk
mailing list