Following a series of arrests and the de-anonymization of darknet platform administrators, users of Tor Browser began questioning the security of this tool. Leading experts involved in its development have attempted to clarify the situation.
A primary concern arose with the revelation that German authorities were able to de-anonymize darknet participants using traffic analysis over time. Among those identified were the owners and active users of Boystown, the largest darknet site involved in illegal activities.
Temporary Analysis and Its Implications
The temporary analysis method is not related to vulnerabilities in the software itself, but through long-term traffic monitoring, authorities can identify a user’s identity.
The Tor team admitted that they are unsure exactly how German authorities achieved de-anonymization, but speculated that a vulnerability in the outdated Ricochet messenger, used by one of the arrested individuals, may have been exploited.
“In addition to improving bandwidth and adding relays, the Tor team has recently implemented new features to enhance protection, speed, and performance,” said Pavel Zoneff, Director of Strategic Communications at Tor, in an interview with Cointelegraph.
However, according to Michal Pospishalski, CEO of MatterFi, attacks using temporal analysis remain a possibility.
Security Loophole
An investigation by Panorama noted that the method used for the attack targeted “guard nodes” or entry servers used for communication via Ricochet.
“We believe the attack on the old version of Ricochet was related to a vulnerability through an attack on the guard nodes,” explained Zoneff.
When traffic passes through Tor, it is routed through three types of nodes—entry, middle, and exit nodes. In services like Ricochet, the exit node is absent, and the traffic does not leave the Tor network, making it harder to track. However, experts believe that law enforcement may have captured several middle nodes, increasing the chances of successful traffic analysis.
“This is a typical Sybil attack,” said Or Weinberger, CEO of Brute Brother, adding that significant resources are required to execute it.
Outdated Method and Improvements
Although the described attacks have caused concern, three years have passed since the incident, and the Tor team has significantly improved its security system. In particular, Ricochet has been updated to the new Ricochet-Refresh version with the Vanguard protection mechanism, making such attacks more difficult.
“Any security system can always be attacked, but developers promptly address discovered vulnerabilities,” said Liza Laud, Executive Director of the Secret Foundation.
Germany’s Dominant Role
Today, most Tor network relays are located in Germany, raising additional questions about the potential for traffic tracking. According to the latest data, Germany hosts 1,852 out of 8,085 relays.
“Your Tor client is more likely to choose a high-performance guard node, making attacks more likely from states,” explained Weinberger.
Most experts agree that for regular users, Tor remains secure, but criminals should be cautious.
“Online anonymity can still be preserved, but it depends on how technologies evolve,” concluded Laud.
It is worth noting that in the summer of 2023, some ransomware operators began shifting their activities from the darknet to Telegram.
Cryptol – your source for the latest news on cryptocurrencies, information technology, and decentralized solutions. Stay informed about the latest trends in the digital world.