A few weeks ago, researchers from Carnegie Mellon University’s computer emergency response team (Cert), Alexander Volynkin and Michael McCord, announced that they are able to de-anonymise users Tor users and planned to reveal their discovery during the next Black Hat Conference in August.
We were all waiting for the presentation when the organization of the BlackHat had been contacted by the university’s lawyers which informed it that the researchers will not participate in the event.
“Unfortunately, Mr Volynkin will not be able to speak at the conference since the materials that he would be speaking about have not yet [been] approved by Carnegie Mellon University/Software Engineering Institute for public release,” states the message posted on the official website of the event.
“I think I have a handle on what they did, and how to fix it. We’ve been trying to find delicate ways to explain that we think we know what they did, but also it sure would have been smoother if they’d opted to tell us everything. The main reason for trying to be delicate is that I don’t want to discourage future researchers from telling us about neat things that they find. I’m currently waiting for them to answer their mail so I can proceed.” “Based on our current plans, we’ll be putting out a fix that relays can apply that should close the particular bug they found. The bug is a nice bug, but it isn’t the end of the world.” he added.
Christopher Soghoian, principal technologist with the American Civil Liberties Union, has speculated that the researchers might have feared to be sued by criminal prosecution for illegal monitoring of Tor exit traffic.
“Monitoring Tor exit traffic is potentially a violation of several federal criminal statutes,” he added.
The reality is that law enforcement agencies and intelligence all over the world are trying to develop capabilities to track users in the deepweb, and in particular on Tor networks. Hacking Tor is a goal for many Intelligence agencies as demonstrated also by the collection of documents leaked by Edward Snowden, that explicitly refers to a project named ‘Tor Stinks’ which has the scope to track Tor users.
“Briefly, this payload connects to 188.8.131.52:80 and sends it an HTTP request that includes the host name (via gethostname()) and the MAC address of the local host (via calling SendARP on gethostbyname()->h_addr_list). After that it cleans up the state and appears to deliberately crash.“
The code is considered the first sample captured in the wild of the FBI’s “computer and internet protocol address verifier,” aka CIPAV, the law enforcement spyware first reported by WIRED in 2007.
Recently German broadcaster ARD reported that NSA experts were monitoring two Tor directory servers in Germany to de-anonymize IP addressed of Tor users using them.
What’s about Russians?
Russia’s Interior Ministry has posted a tender to recruit companies and organization which are interested to “study the possibility of obtaining technical information about users (user equipment) TOR anonymous network”.
We will never know why these researchers have cancelled their participation to the BlackHat, but the unique certainty is that government are spending a huge effort to track users on anonymizing network and probably they have exploited and are exploiting zero-day flaws in these systems.
Security Affairs – (Tor, hacking)