German police have been able to identify individuals using the Tor network, link them to certain criminal activities, and have them arrested and later convicted of the crimes, according to multiple German media outlets, which recently reported on law enforcement using so-called “timing analysis” attacks.
Tor’s leaders, on the other hand, claim that the network is completely secure and that the arrested individual was in fact using outdated software that revealed his identity to police. The register found.
The Onion Router (Tor) is a privacy-focused network that enables anonymous communication by routing Internet traffic through a series of volunteer-run servers, or nodes. It hides users’ IP addresses and encrypts their data, making it difficult to trace their online activity.
Unmanaged IT
In its report, the German newspaper writes Panorama briefly explains the logic behind timing attacks: “By timing individual data packets, anonymized connections can be traced back to the Tor user, even though data connections in the Tor network are encrypted multiple times.” That would presumably require law enforcement to add or compromise the nodes and use them to observe clues about users sending traffic to the network.
It seems like a long shot, and Tor network administrators believe the individual gave himself away by using outdated third-party software. Namely, an anonymous messaging app called Ricochet, which had no protection against so-called guard attacks. A “guard” is an entry node — the first to receive data that is later moved through the Tor network.
By obtaining a list of all subscribers connecting to a specific guard (in this case by asking a telecommunications provider for the information) and then cross-referencing that data with Ricochet, police were able to remove the anonymity of one user, an individual known as “Andres G,” who allegedly operates a website with child sexual abuse content.
“The claim that the network is ‘not healthy’ is simply not true,” Pavel Zoneff, Tor’s PR director, told The register.