2 min read

Tor Admins Call for Calm after Research Attack Reveals 81 Percent of Users

Bianca STANESCU

November 18, 2014

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Tor Admins Call for Calm after Research Attack Reveals 81 Percent of Users

The Tor project has called for calm despite research that shows 81 percent of users could be identified using Cisco’s NetFlow technology, according to The Register. The study revealed that powerful attackers such as nation-state hackers could reveal Tor users’ identity with a false-positive rate of 6.4 percent, while an autonomous system could reveal about 39 percent of users.

The paper On the Effectiveness of Traffic Analysis Against Anonymity Networks Using Flow Records describes how resourceful hackers can mount traffic analysis attacks by observing similar traffic patterns at various points of the network and linking together otherwise unrelated network connections.

“Although the capacity of current networks makes packet-level monitoring at such a scale quite challenging, adversaries could potentially use less accurate but readily available traffic monitoring functionality, such as Cisco’s NetFlow, to mount large-scale traffic analysis attacks,” professor Sambuddho Chakravarty said.

Tor Admins Call for Calm after Research Attack Reveals 81 Percent of Users The attack method can allegedly be put into practice because of the way Tor systems preserve packet interarrival characteristics, such as inter-packet delay. The active traffic analysis method creates and monitors “deliberate perturbances” on server side user traffic, observing output on the client machines through statistical correlations.

After the research was published, Tor admins told users they have no reason to fear their identity can be revealed when using Tor.

The discussion of false positives is key to this new paper too: Sambuddho’s paper mentions a false positive rate of six percent …,” Tor Project leader Roger Dingledine said in a blog post. “It’s easy to see how at scale, this ‘base rate fallacy’ problem could make the attack effectively useless.”

The research was run on a high-performance research server within the Indraprastha Institute of Information Technology in Delhi University, and it partially worked due to the low-latency design of Tor. Low latency allows human-unnoticeable delays between inputs and outputs, providing real time characteristics. Low latency is important for internet connections using services such as Trading, online gaming and VOIP.

tags


Author



Right now

Top posts

Threat actors impersonate Canadian gas retailer to deliver malicious OneNote phishing campaign, Bitdefender Labs warns

Threat actors impersonate Canadian gas retailer to deliver malicious OneNote phishing campaign, Bitdefender Labs warns

January 26, 2023

2 min read
Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns

Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns

January 19, 2023

4 min read
Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

November 29, 2022

2 min read
How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Meta Pays Out Bounties for Account Takeover and Two-Factor Authentication Bypass Exploits Meta Pays Out Bounties for Account Takeover and Two-Factor Authentication Bypass Exploits
Silviu STAHIE

January 31, 2023

1 min read
Hackers steal 10 million customer details from JD Sports Hackers steal 10 million customer details from JD Sports
Graham CLULEY

January 30, 2023

2 min read
North Korean Hackers Tried to Launder $100 Million in Crypto Stolen in 2022 North Korean Hackers Tried to Launder $100 Million in Crypto Stolen in 2022
Silviu STAHIE

January 25, 2023

1 min read