Tuesday, 18 November 2014 06:57

TOR users tracked using Flow records with 81% accuracy

Written by

Reading time is around minutes.

Just when you thought it was safe to get back on the internet privately. Although we have maintained that TOR has never been the end-all of anonymity we are surprised to finally see public conformation of techniques that have been around for years. In a report that discusses the use of flow records for detecting users on proxy networks we find that the tools to track you through TOR and many other networks have been right there all along.

We have always maintained that it is possible to track people through an anonymity service if you know even a little bit of information. We have seen a network back traced simply by knowing the exit IP and time. Once you know that you can hit that node and using the time stamps that typically exist in logs you can follow the trail back. The hard part if finding the IP and date/time information. With Flow records this becomes easier as you can match traffic based on statistics and also entry and exit times to get the data you want.

Setting up this type of monitoring is not all that hard either. Most ISPs will have routers that use the Netflow framework to analyze and monitor traffic. This is pretty much the standard as it allows them to adjust for congestion on their networks. With this in hand and a list of public TOR gateways (again easy to get) you can simply watch the ingress and egress traffic to get your match. In other words. It is probably that the TOR network has not been secure since the introduction of large scale monitoring or traffic by ISPs.  Even TOR admits that it never intended to protect against this type of monitoring with a statement made in 2009: “The Tor design doesn't try to protect against an attacker who can see or measure traffic going into the Tor network and also traffic coming out of the Tor network”

Now there are ways to protect yourself against this type of monitoring, but even those have their draw backs. The use of a no-log VPN service can help obscure your connection into the network on the surface. However, that tunnel can also be traced directly back to you once the VPN gateway is unmasked. It is simply getting harder and harder for regular people to maintain privacy, security and anonymity on the internet. The tools to dig into the packets we send and the ability to monitor our time on the internet are very mature. This new technique is being hailed as 81% accurate, which is more than enough to get permission for further investigation. Lately this can even mean the insertion of custom made malware to spy on what you are really doing on the net.

Just a happy thought for the day.

Tell us what you think in our Forum

Read 4367 times Last modified on Tuesday, 18 November 2014 11:52

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.