Virtual Event Now Live: Zero Trust Strategies Summit! - Login for Access
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Tracking & Law Enforcement

Tor Responds to Reports of German Police Deanonymizing Users

The Tor Project has responded to claims that German law enforcement has found a way to deanonymize users.

Tor and Tails merge

The maintainers of the Tor anonymity network have responded to reports that German law enforcement has found a way to deanonymize users.

Germany’s Panorama TV program and investigative journalism outfit STRG_F have obtained evidence showing that the country’s Federal Criminal Police Office (BKA) and the Public Prosecutor General’s Office in Frankfurt were able to identify at least one user suspected of being involved in the distribution of child sexual abuse materials on the dark web. 

Law enforcement leveraged extended monitoring of Tor nodes and timing analysis to determine exactly which nodes had been used by the perpetrator, ultimately obtaining information on his real identity from the ISP. 

The law enforcement operation was carried out between 2019 and 2021 and resulted in a long prison sentence being handed out to the suspect in late 2022. 

Security experts from Germany’s famous Chaos Computer Club (CCC) have reviewed technical details of the attack and confirmed that the deanonymization method works. 

A CCC representative and German media suggested that the Tor Project needs to make significant improvements considering that the method could be used by not only law enforcement but also by authoritarian regimes to unmask Tor users.

The Tor Project, on the other hand, has not received the technical information and says it’s left with more questions than answers. The organization is hoping to obtain the same information that was provided to the CCC to be able to conduct a detailed investigation.

However, the Tor Project says the information it has been presented with suggests that users can continue to confidently rely on the anonymity network to protect their identity. 

Advertisement. Scroll to continue reading.

The Tor Project explained:

The Tor Project highlighted that since the operation conducted by law enforcement in 2019-2021, new features have been added to protect against these types of timing attacks, which require long-lived user connections. 

Related: Tor Code Audit Finds 17 Vulnerabilities

Related: Okta Warns of Credential Stuffing Attacks Using Tor, Residential Proxies

Related: Tor Network Removes Risky Relays Associated With Cryptocurrency Scheme

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Former Darktrace CEO Poppy Gustafsson has joined the UK government as Minister for Investment.

Nupur Goyal has joined cloud identity security and management solutions provider Saviynt as VP of Product Marketing.

Threat intelligence firm Intel 471 has appointed Mark Huebeler as its COO and CFO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.