Delivery-Date: Thu, 03 Jul 2014 14:12:08 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 01A741E0CAF
	for <archiver@seul.org>; Thu,  3 Jul 2014 14:12:06 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 0DCC929027;
	Thu,  3 Jul 2014 18:12:02 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 6CDD52AA70
 for <tor-talk@lists.torproject.org>; Thu,  3 Jul 2014 18:05:12 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id sRbkalq_lBbB for <tor-talk@lists.torproject.org>;
 Thu,  3 Jul 2014 18:05:12 +0000 (UTC)
Received: from mail-ve0-x22d.google.com (mail-ve0-x22d.google.com
 [IPv6:2607:f8b0:400c:c01::22d])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 4BAE62707C
 for <tor-talk@lists.torproject.org>; Thu,  3 Jul 2014 18:05:12 +0000 (UTC)
Received: by mail-ve0-f173.google.com with SMTP id db11so617835veb.32
 for <tor-talk@lists.torproject.org>; Thu, 03 Jul 2014 11:05:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:date:message-id:subject:from:to:cc:content-type;
 bh=23/q/e/dc2ktk+qT/yWdJVomdzGmJhymiTgPSF+dn4Q=;
 b=YC1md5t99OD/LZu/J3HoY/cF/yH8RX37Wr83nrQlZ0MJHru8TECT2FnsrXFSMkXsnM
 5flPxYbOH3eRO80wdYarFAizWA22Okg8hZzdw8eISvZRRdt2XIiS49CaZ7S6E/igI+v7
 T8xa/+7MoT6diDL0WPTZRnE9s+9GVSg5/6P8ebh+JypnI0hKV44bsi52JfxlO1gthZ1F
 JhYTvFbnoHvPM9zdpOJPlzbNqsICd1pe26abgAMoXwFm8LoB374oZZH7ABgHe2bwIBAO
 dZW7XPJ2AabLI4oRgbv4OHduA3cdD2kg+sZhrlpUurf97TYs5QU25ARXpdKhzt4/Q0PW
 h8CQ==
MIME-Version: 1.0
X-Received: by 10.221.40.193 with SMTP id tr1mr2683000vcb.31.1404410709683;
 Thu, 03 Jul 2014 11:05:09 -0700 (PDT)
Received: by 10.221.65.198 with HTTP; Thu, 3 Jul 2014 11:05:09 -0700 (PDT)
Date: Thu, 3 Jul 2014 14:05:09 -0400
Message-ID: <CAD2Ti28UgXbB6wEry3VZjaWg4-8j7Ddi6stAfP7y+DrXWQn-0A@mail.gmail.com>
From: grarpamp <grarpamp@gmail.com>
To: tor-talk@lists.torproject.org
Cc: cypherpunks@cpunks.org
Subject: [tor-talk] BlackHat2014: Deanonymize Tor for $3000
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

You Don't Have to be the NSA to Break Tor: Deanonymizing Users on a Budget
Alexander Volynkin / Michael McCord

[...]
Looking for the IP address of a Tor user? Not a problem. Trying to
uncover the location of a Hidden Service? Done. We know because we
tested it, in the wild...

In this talk, we demonstrate how the distributed nature, combined with
newly discovered shortcomings in design and implementation of the Tor
network, can be abused to break Tor anonymity. In our analysis, we've
discovered that a persistent adversary with a handful of powerful
servers and a couple gigabit links can de-anonymize hundreds of
thousands Tor clients and thousands of hidden services within a couple
of months. The total investment cost? Just under $3,000. During this
talk, we will quickly cover the nature, feasibility, and limitations
of possible attacks, and then dive into dozens of successful
real-world de-anonymization case studies, ranging from attribution of
botnet command and control servers, to drug-trading sites, to users of
kiddie porn places. The presentation will conclude with lessons
learned and our thoughts on the future of security of distributed
anonymity networks.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

