New research conducted by researchers at Massachusetts Institute of Technology (MIT) and Qatar Computing Research Institute have found a way to locate and identify websites hidden within the Tor privacy and anonymity network, ARS Technica reports.
Tor, an acronym for ‘The Onion Router’ is the most trusted and respected anonymity service in the world. The router network was originally developed by the U.S. military to help facilitate communications between American intelligence sources (spies) and Washington without being tracked or intercepted. As a software designed for complete anonymous communications online, Tor has an estimated 2.5 million users every day.
A leaked NSA presentation aptly titled ‘Tor Stinks’ summed up Tor’s sturdy security features in an excerpt taken from the document. It reads:
“We will never be able to de-anonymize all Tor users all the time. With manual analysis we can de-anonymize a very small fraction of Tor users.”
At that particular point in time, the NSA was ultimately unsuccessful in its process of trying to identify anonymous users individually on Tor.
Tor offers enhanced privacy by anonymizing user requests through multiple layers of encrypted connections or nodes. This is how it works:
- The first contact is made at the entry node, also known as the guard. This is the only part where a user’s real IP address is known.
- The next node only knows the IP of the entry node.
- The next node only knows the previous node’s encrypted IP address.
- This process is repeated over and again until the destination is reached.
“Our goal is to show that it is possible for a local passive adversary to deanonymize users with hidden service activities without the need to perform end-to-end traffic analysis,” the researchers from the Massachusetts Institute of Technology and Qatar Computing Research Institute wrote in a research paper in a joint-effort.
The exploit targets previous nodes, specifically. In other words, an attacker configures a computer on the Tor network as an entry node or the guard before waiting for requests to come through from users looking to be anonymous online. When a connection is established, data is exchanged. Researchers at MIT used machine-learning advanced algorithms to monitor that very data and count the number of packets of data. With this metric alone, they were able to determine what resource the user is accessing on a real-time basis, with 99% accuracy.
The researchers also achieved a success rate of 88% when attempting to reach and compromise Tor’s hidden services which protects the identification of websites accessed by users.
“We assume that the attacker is able to monitor the traffic between the user and the Tor network. The attacker’s goal is to identify that a user is either operating or connected to a hidden service. In addition, the attacker then aims to identify the hidden service associated with the user,” the researchers added.
More importantly, the research teams from both institutes have already worked on establishing proper defenses for the vulnerabilities discovered and have been in active contact with developers at the Tor project to implement the fixes.