https://www.blackhat.com/us-14/briefings.html#you-dont-have-to-be-the-nsa-to-break-tor-deanonymizing-users-on-a-budget
On Thu, Jul 3, 2014 at 2:05 PM, grarpamp <[email protected]> wrote: > You Don't Have to be the NSA to Break Tor: Deanonymizing Users on a Budget > Alexander Volynkin / Michael McCord > > [...] > Looking for the IP address of a Tor user? Not a problem. Trying to > uncover the location of a Hidden Service? Done. We know because we > tested it, in the wild... > > In this talk, we demonstrate how the distributed nature, combined with > newly discovered shortcomings in design and implementation of the Tor > network, can be abused to break Tor anonymity. In our analysis, we've > discovered that a persistent adversary with a handful of powerful > servers and a couple gigabit links can de-anonymize hundreds of > thousands Tor clients and thousands of hidden services within a couple > of months. The total investment cost? Just under $3,000. During this > talk, we will quickly cover the nature, feasibility, and limitations > of possible attacks, and then dive into dozens of successful > real-world de-anonymization case studies, ranging from attribution of > botnet command and control servers, to drug-trading sites, to users of > kiddie porn places. The presentation will conclude with lessons > learned and our thoughts on the future of security of distributed > anonymity networks. > -- > tor-talk mailing list - [email protected] > To unsubscribe or change other settings go to > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
