According to researchers at MIT, they have found a way to identify websites hidden by use of the Tor anonymity service. Tor is known as the most respected online anonymity service in the world promising an 88 percent accuracy rate.
Each day 2.5 million Tor users from around the world surf the web anonymously and rely on the service for activities such as hacking, spoofing, and using the tool to bypass government censorship.
Tor, an acronym for “The Onion Router,” was developed by the U.S. military to enble American intelligence sources communicate with Washington freely without the worry of being tracked and traced by an adversarial government.
Today, since the software has gone public, it has attracted journalists, dissidents, child pornographers and millions of other Internet users who create websites within Tor's hidden services section. It is within those hidden services that computer scientists at MIT have identified a weakness.
Tor achieves anonymity for the end user by masking their true site's IP address and other identifying information.
The attack works by collecting a vast amount of network data from already known Tor hidden services in advance, assigning a digital fingerprint to each of the services in question.
By following that fingerprint through computer connection points around the world, and analyzing traffic patterns, the team found that those connections could find a hidden service computer's information 88 percent of the time. They did all of this without breaking Tor's encryption.
“Our goal is to show that it is possible for a local passive adversary to deanonymize users with hidden services actives without the need to perform end-to-end traffic analysis,” wrote MIT researchers in a new paper with the Qatar Computing Research Institute.
Sign-up for our free newsletter to kick off your day with the latest technology insights, or share the article with your friends and contacts on Facebook, Twitter or Google+ using the icons below.