81% of Tor users can be de-anonymised by analysing router information, research indicates
Research undertaken between 2008 and 2014 suggests that more than 81% of Tor clients can be ‘de-anonymised’ – their originating IP addresses revealed – by exploiting the ‘Netflow’ technology that Cisco has built into its router protocols, and similar traffic analysis software running by default in the hardware of other manufacturers.
Professor Sambuddho Chakravarty, a former researcher at Columbia University’s Network Security Lab and now researching Network Anonymity and Privacy at the Indraprastha Institute of Information Technology in Delhi, has co-published a series of papers over the last six years outlining the attack vector, and claims a 100% ‘decloaking’ success rate under laboratory conditions, and 81.4% in the actual wilds of the Tor network.
Chakravarty’s technique [PDF] involves introducing disturbances in the highly-regulated environs of Onion Router protocols using a modified public Tor server running on Linux – hosted at the time at Columbia University. His work on large-scale traffic analysis attacks in the Tor environment has convinced him that a well-resourced organisation could achieve an extremely high capacity to de-anonymise Tor traffic on an ad hoc basis – but also that one would not necessarily need the resources of a nation state to do so, stating that a single AS (Autonomous System) could monitor more than 39% of randomly-generated Tor circuits.
Chakravarty says: “…it is not even essential to be a global adversary to launch such traffic analysis attacks. A powerful, yet non- global adversary could use traffic analysis methods […] to determine the various relays participating in a Tor circuit and directly monitor the traffic entering the entry node of the victim connection,”
Take Home Message
* TOR is being targeted by state actors.
*You really should be using a VPN, even if you don’t know why… a VPN is as critical as your Internet Connection.
*Combine several privacy tools… the EU actively supports PETS (Privacy Enhancing Technology) – use as many as you can – start with your search engine, for this use http://www.startpage.com.
*Look for military grade encryption from your VPN.
Check out IVPN – EFF members
Which is the safest VPN on the market? Who do I use for a VPN?
On the Effectiveness of Traffic Analysis Against Anonymity Networks Using Flow Records