German authorities apparently cracked Tor anonymity, but onion heads say its still safe
One user was identified, and subsequently convicted.
German police were able to identify individuals using the Tor network, link them to certain criminal activity, and have them arrested and later convicted of the crimes. This is according to multiple German media outlets, who recently reported on the law enforcement using so-called “timing analysis” attacks.
Tor’s heads, on the other hand, argue that the network is perfectly fine and safe, and that the person that was arrested was, in fact, using outdated software that exposed its identity to the police, The Register found.
The Onion Router (Tor) is a privacy-focused network that enables anonymous communication by routing internet traffic through a series of volunteer-operated servers, or nodes. It hides users' IP addresses and encrypts their data, making it difficult to trace their online activity.
Unmanaged IT
In its writeup, the German outlet Panorama briefly explains the logic behind timing attacks: “By timing individual data packets, anonymised connections can be traced back to the Tor user, even though data connections in the Tor network are encrypted multiple times.” That would presumably require the law enforcement to add, or compromise, the nodes, and use them to observe clues about users sending traffic into the network.
It seems to be a long shot, and the maintainers of the Tor network believe the individual gave themselves away by using outdated third-party software. Namely, an anonymous messaging app called Ricochet, which didn’t have protections against so-called guard attacks. A “guard” is an entry node - the first one to receive data that’s later moved through the Tor network.
By getting a list of all subscribers connecting to a specific guard (in this case, by asking a telecommunications provider for the information), and then cross-referencing this data with Ricochet, the police were able to de-anonymise one user, an individual known as “Andres G”, allegedly operating a website hosting child sex abuse content.
"The claim that the network is 'not healthy' is simply not true," Tor's PR director Pavel Zoneff told The Register.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
More from TechRadar Pro
- Tor has a new HTTPS-esque feature to help beat censorship
- Here's a list of the best firewalls around today
- These are the best endpoint security tools right now
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.