Before the arrest of Silk Road creator Ross Ulbricht made headlines a few years ago, most everyday web users had never heard of Tor. Originally developed by US Naval Research Laboratory employees, Tor (an acronym for “The Onion Router”) is a popular piece of software designed to enable truly anonymous communications online. Today, it’s estimated that approximately 2.5 million users use Tor on a daily basis.
Highlighting Tor’s robust privacy features, a leaked NSA presentation titled ‘Tor Stinks’, courtesy of Edward Snowden of course, reads in part:
We will never be able to de-anonymize all Tor users all the time. With manual analysis we can de-anonymize a very small fraction of Tor users.
The presentation further added that the NSA, at that point in time, was unsuccessful in its efforts to identify an individual anonymous user in response to specific requests.
Suffice it to say, Tor is pretty secure as far as keeping exploits on the web as private as can be.
Nonetheless, researchers at MIT and the Qatar Computing Research Institute have come up with a clever way to track what users on Tor are up to.
[Tor] offers anonymous access to online resources by passing user requests through multiple layers of encrypted connections. It all starts at the entry node, sometimes called the guard. That’s the only system that knows your real IP address, but the next node in the chain only knows the IP of the entry node, the next only knows the previous node’s address, and so on until you reach the destination.
The attack targets the previously mentioned entry nodes, as have several attacks in the past. Basically, the attacker sets up a computer on the Tor network as an entry node and waits for people to send requests through it. When a connection is established over Tor, a lot of data is sent back and forth. MIT researchers used machine learning algorithms to monitor that data and count the packets. Using only this metric, the system can determine with 99% accuracy what kind of resource the user is accessing (i.e. the open web, a hidden service, and so on).
All of this without even having to break encryption.
The report further adds that researchers achieved an 88% success rate when attempting to compromise Tor’s hidden services, a feature which protects the specific identification of websites a user is accessing.
The researchers involved plan to discuss Tor’s software vulnerabilities next month at the Usenix Security Symposium. Notably, the researchers have also come up with some proper defenses to their published attacks and have been in contact with representatives of the Tor project about implementing them.