Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Tuesday July 23 2019, @08:07PM   Printer-friendly
from the still-trying dept.

Russian Secret Intelligence Contractor Tried to Deanonymize Tor Users

Hackers have leaked data obtained from Russia's Federal Security Service (FSB), showing that a contractor called SyTech was trying to deanonymize users of the Tor anonymity network, as reported by Forbes. The group, called 0v1ru$, stole 7.5 terabytes of data by gaining access to SyTech's entire network.

The hacking group shared the data with Digital Revolution, a different hacking group that last year breached the servers of another FSB contractor, called Quantum. Digital Revolution then shared more details about SyTech's data on Twitter and with Russian journalists.

SyTech has been working on the Tor deanonymization project, Nautilus-S, since 2012. Academics from the Swedish university Karlstad were able to identify 25 malicious servers that attempted to deanonymize Tor users. Eighteen of those servers were located in Russia.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2, Interesting) by Anonymous Coward on Wednesday July 24 2019, @12:46AM

    by Anonymous Coward on Wednesday July 24 2019, @12:46AM (#870550)

    And GNUnet/Freenet had their own 'adjacent node' deanonymization attacks a few years back.

    I2P currently has both documented security and anonymity flaws and treasury mismanagement (started just before they recruited an SJW, instituted a CoC and paid annual salaries and travel expenses to the bureaucrats while neglecting bug bounties and feature fixes.) And now becoming a haven for white nationalists from europe to the us. I think Runaway, TMB, and some other company here might have found their new hangout :)

    Tor v2 onions have been showing signs of duplicate packet attacks for at least a year, circuit creation, as seen by TBB's onion icon seems to converge on a limited set of 8-16 common nodes which will vary positions in the circuit chain, likely because of latency biases making them TOO favorable to whatever weighting algorithm tor is using now. The end result is the pool of nodes needed to compromise your traffic is FAR smaller than the claims made on the tor website. Tor itself has been having funding issues for a while and a lot of positions as well as software is being neglected due to a lack of funds for software, including documentation writers. All this has resulted in an ecosystem where the anonymity publicly described does not match up with the practicalities of the network actually available.

    That said, the Tor daemon itself, and likely the java I2P daemon do not appear inherently insecure, but the anonymity promises both make seem very suspect at this time, and relying on them for anonymous hidden services access or hosting is not worth the risk, while outproxy services from either network may be, so long as the remote content is not controversial within your domestic legal framework, or across the information gathering reach of the 5 eyes intelligence apparatus.

    P.S. Tor needs a geoip equivalent of /16 filtering to ensure nodes aren't all in the same country code, or all located in Tier 1 5 eyes countries. With default settings they are 95+ percent of the time, running similar risks to a Sybil attack utilizing passive compromised nodes.

    Starting Score:    0  points
    Moderation   +2  
       Interesting=1, Informative=1, Total=2
    Extra 'Interesting' Modifier   0  

    Total Score:   2