Uber-geek and security expert Steve Gibson explains on his “Tor: Not So Anonymous” Security Now podcast why Tor isn’t secure. He’s not just theorizing and, as always, gets seriously up close and personal with the technical details. You think you’re a geek? Hah. Not compared to Gibson, you’re not… 🙂
The underlying problem is Tor only protects against weak attacks that monitor part of the network. It does not protect against traffic confirmation attacks (which can unmask anonymity.) Even worse, it does not protect against an adversary capable of monitoring all the nodes, because it doesn’t assume that can happen.
The Internet was never designed for anonymity. Source and destination IP addresses were meant to be open so messages and data can find their destination. Researchers deliberately interfered with traffic coming from a server and used existing Cisco router technology to deanonymize Tor users. This was a fuzzy attack. If this can be done by researchers with a Cisco router, then a state actor (NSA, etc.) will certainly be able to do a better and faster job.
From the shownotes:
81% of Tor users can be de-anonymised by analysing router information, research indicates. Using weak but pervasive built-in Cisco “NetFlow” tech and deliberate traffic perturbation. Perturb the traffic from the server a user is connecting to, and watch the exit nodes’ traffic. The point was that even very weak “NetFlow” aggregation was enough. More expensive “per packet” monitoring and analysis was not needed.
Despite the use of Tor, FBI investigators were able to identify IP addresses that allegedly hosted and accessed the servers, including the Comcast-provided IP address of one Brian Farrell, who prosecutors said helped manage SilkRoad
Bottom line… *I* would never rely upon TOR alone. Consider it, itself, another layer of a more full “Defense in Depth.” The dream is that someone can sit at home and be fully anonymous. But that’s not the reality.