Tor anonymity infiltrated: Law enforcement monitors servers successfully
Tor is an important service on the Internet when it comes to anonymity. It is free and can be used by anyone to hide information such as a device's public IP address.
Tor is used by people from all over the world to overcome censorship. While it is used for good, it is abused as well. Cybercriminals are using Tor for the very same purpose: to stay anonymous and evade law enforcement.
Also of interest: Tor launched WebTunnel Bridge recently as a new way to overcome censorship
Anonymity cracks
Law enforcement agencies in Germany have monitored Tor servers for months to identify individual users. The agencies managed to identify a server of the ransomware group Vanir Locker that the group operated from within the Tor network.
The group announced that it would release copied data from one of its latest coups on the server. Law enforcement agents managed to identify the location of the server by using a technique that is called Timing Analysis.
Timing Analysis is used to link connections to nodes in the Tor network to local Internet connections. The method depends on the monitoring of as many Tor nodes as possible, as this increases the chance of identification.
This confirms that law enforcement is monitoring Tor nodes. It seems likely that German law enforcement agencies are not the only ones using the technique for identification.
A state office of criminal investigations took over the Tor address of the ransomware group and redirected it to a new page. This prevented the release of the stolen data on the page.
Reporters from ARD, a publicly financed broadcasters, were able to view documents that confirmed four successful identifications in a single investigation, according to reports. Agencies used the technique to identify members of a child abuse platform.
Closing Words
It is not only law enforcement agencies that may use the technique to identify criminals. Oppressive regimes may use the very same method to identify users who try to stay anonymous to evade prosecution.
A blog post on the Tor Project blog sheds some light on the issue. It addresses the identification in the child abuse case. The maintainers admit that they did not have access to sources, but believe that Tor continues to be one of the best options to stay anonymous for the majority of Internet users.
They would like to receive access to the information to find out if there is an issue with the service that may be fixed.
What is your take on this? Do you use Tor at all? Feel free to write a comment down below.
tor was a program written by the US.GOV (an egency of,) what makes anyone think, LE doesnt have ability to see whos trying to hide? If your that worried- good luck, sounds your fucked already
All those saying they have nothing to hide…I wonder, do you goto a toilet with stall door open in public? We all know what people do on toilets….but you’ve got nothing to hide, right?
COINTELPRO disinfo to discourage Tor use.
Tor still works and does what it says on the tin, as free and open source software.
Tor is beyond dead. It’s something like 3 data centers hosting most of the nodes now. Thank the increasingly Orwellian internet laws sweeping the globe, all being championed by newly elected “populist” politicians, ensuring there are very few countries where you can safely host Tor nodes unless you want the gestapo at your door. I also can’t believe these moronic comments. This world is truly regressing to medieval levels of stupidity, if the predominant narrative has become “let’s surrender all of our rights to privacy because .001% of the population likes kids too much.” Never thought I’d see such stupidity on ghacks of all places. This world is cooked.
Would we continue striving to keep our rights to privacy given only .001% of the population likes kids too much if the kid abused by .001% of the population was ours?
I spend my life, real and digital, with freedom, privacy and security as my essential and main perspectives, but I’d rather be imprisoned than know that my legitimate ideals have participated to a child being hurt.
From there on, if some authorities and administrations take advantage of this drama to better track us, it’s their problem, not mine.
Time to find a local prison, Tom.
“my legitimate ideals have participated to a child being hurt”, they probably already have, in some way that you do not directly know of. Which is why it’s a very stupid (and shortsighted) criteria to make.
From Tor Blog 2104HRS 24 SEP 24
“This blog post is a response to an investigative news report about a large-scale law-enforcement attack that managed to de-anonymize a user of an old version of the long-retired app Ricochet.
This blog post aims to provide insight into what we know so far.
Nothing that the Tor Project has learned about this incident suggests that Tor Browser was attacked or exploited.
Tor users can continue to use Tor Browser to access the web securely and anonymously.”
Tor is a good utility for people who want to leak information without getting assassinated. In the modern day everyone has to deal with corrupt politicians, organized crime & foreign intelligence everywhere.
“It is not only law enforcement agencies that may use the technique to identify criminals. Oppressive regimes may use the very same method to identify users who try to stay anonymous to evade prosecution.”
With Western countries spying on their citizens, shutting down political discussions, and planting informers in activist groups, there’s not much of a line between “oppressive regimes” and our own so-called “democracies” nowadays. Germany and the US both bend over backwards to demonize and infiltrate pro-Palestinian groups — as if the only terrorists in Palestine are the guys WITHOUT an air force.
“If it connects to the internet, it is insecure”…
This is cliché, but also it has never been not true….
Maybe I’m naive,,,but I thought Tor was Loki’s half brother.
Thanks Martin, nice article.
First off, I think the German Stasi aka BND and the ARD (one of several state owed communist media outlets) are compatriots in attacking non-communists in any way they can, including spreading lies to intimidate the public, aka cybercriminals, to prevent them from using TOR. If you’re not SPD, CDU, Green, FDP etc you’re AfD –“ the enemy, a criminal organization, a threat to democracy that must be destroyed by any means necessary.” That’s a quote from Nancy Fraser, BMI Minister (GY Homeland Secuirty chief).
Since there is no proof they have in fact broke TOR, its just more lies from the ARD. There is no public announcement anywhere on German media websites about catching child abuse platforms, aka facebook, Instagram etc.. using TOR.
I don’t believe a word what they say. Keep using Tor folks. Confound them.
“Timing analysis” is not the only technique that state terrorists use to spy on their own citizens. They can set up Tor servers of their own and capture much more information from WITHIN the Tor system. Also, does anyone recall WHO invented Tor in the first place?
Yup, the US military.
Everyone who uses Tor has something to hide…. otherwise wouldn’t be a reason to use it at all.
I use it it to circunvent censorship in the EU, so that I can view alternative media in the USA. I started doing it after I saw a few people injured by the covid vaccine and it’s mostly forbidden, i.e. not officially but it’s a tabu, to talk about it here…
If that makes me have “something to hide” so be it, I’m sick and tired of censoring coward tyrants..
Response: what business is it of yours or anyone else what I look at on the internet, what I write to others? I certainly don’t care what you look at.
Awaiting your response.
Agreed. The normal internet does a pretty good job of hiding personal data, the “nothing to hide huh? give me your address then” argument is bullshit – there’s enough defense for regular people and enough openings for pedophiles and political extremists to get caught when they use the regular web.
It’s dangerous technology that does more harm than good. I get how a person living in a totalitarian regime can find this useful but that’s a sacrifice I’m willing to make if pedophiles living in our society get caught.
Your math doesn’t add up. At least in the US, the number of pedophiles is just over 1,150. In a nation of 330 million this is 0.000348485%.
https://www.ussc.gov/sites/default/files/pdf/research-and-publications/quick-facts/Sexual_Abuse_FY21.pdf
Of these, I would assume most are perverts who look at, rather than produce, content. So the number of dangerous individuals is probably orders of magnitude less than that. With such tiny numbers, I would argue that it is NOT worth the tradeoff in privacy and civil liberties to spy on EVERYBODY to monitor so few individuals.
Well EVERYONE has something to hide.
You don’t ?
Ok, please publicly post your:
full name, address, age, occupational state, education, employer, your credit card no, CCV, pin, used banks and all bank account no., all bank account balances, size of debts, mortages and further contractual liabilities, atm card no, atm card magnetic strip data and your atm pin, all used email addresses and corresponding account passwords for all accounts.
Please also post your sexual preferences, drinking habits, number of arrests and the name of all your Ex’s and their contact addresses, so they can be queried about you and your potential shortcomings..
I mean, usually I would ask, but as you’ve got nothing to hide, I guess that’s fine with you.
“Anonymous”- that is none-sense. All of your personal info is online. All it takes is a background check on anyone, and you will have their personal info. Guaranty! and I stand with my first post. There is no reason to use Tor or a VPN for that matter other than to break the Law. Especially Tor…Tor is known to be used by pedophiles/criminals all over the world.
You are right, Tor IS indeed used by criminals, extremists and whatever all over the world. No discussion about that. But they also wear pants and use knifes, spoons, scissors, hammers, pen and paper, computers, smart phones and televisions. Wanna outlaw all of that too ?
If we are on that trip, why not generally prohibit strong encryption for personal use at all ?
The privacy of mail correspondence, guaranteed by most constitutions, may also be abused by the type of people above, so it also needs to go, right ? Same for unmonitored telephone and video calls, right ? Who knows what evil things may be planned, if not a morally superior state supervisor is listening on every single call. They may even criticize the beloved the glorious leader, which would clearly be unacceptable behavior.
If that’s under control, terrorist might have clandestine meetings in person to discuss things. That also needs to be prevented at all costs, so there need to be tamper proof state controlled cameras and microphones in every room in the country (including bathrooms and sleeping rooms of course), to prevent such things, so that the state can control, that nobody is planning anything illegal and thus guarantee security for all innocent citizens.
This is of course only, so that everyone can live happily and securely in total freedom. At least for as long, as everyone does, what he/she is being told.
What people like you need to learn is:
a) where there are freedoms, there will be individuals who abuse them. The only way to generally prevent this, is to abolish all freedoms, which is nothing any thinking individual might want. As long as there is the opportunity to commit a crime, there will be crime.
b) constitutions and civil rights are protections of the citizen from the outreach of the state, that could otherwise do with you, whatever it pleases (and arbitrarily killing you, as it is not common in many less democratic states, is by far not the worst. There are far worse things humans can do to others and there are always a few disturbed individuals who will be willing to do such things, if they are not prevented from doing so.).
While anarchy (total freedom) obviously doesn’t work, an oppressive totalitarian system (no freedoms at all) is not better either. Democracy means permanently keeping the delicate balance between these 2 extremes, with as many freedoms as possible and as few controls and regulations as necessary.
The naive believe of many people in a strong state, that takes care of everything for them and guarantees security and happiness and prosperity for everyone, is absurdly dumb, as it doesn’t lead to paradise, but to to an oppressive state, that will be implemented, the moment a single individual with enough criminal energy decides to abuse the systems and controls in place and makes use of them for his/her personal ambitions. Just look at all socialist states of the past or present, where only “the collective” represented by “the parties” leadership is important, and the individual and his/her freedoms are irrelevant and expendable.
BTW, your argumentation also just shows, why the storage of personal data by the state should also be limited to an absolute minimum. Eg the Nazis were only capable of exterminating people of Jewish believe in the Netherlands so efficiently, because the dutch state stored the information about their religious affiliation centrally. Once this centrally stored information got into the wrong hands, the slaughter started. Without that, millions may have survived. The lesson learned is, that also the information storage by the state needs to be minimized, because it’s also just not a question of IF, but rather WHEN this information is being abused, even if you are currently living in a benevolent, democratic state.
Don’t forget, It’s not uncommon that working democracies are suddenly being terminated on voting day, by the majority of the population voting for a populist, totalitarian tyrant, who simply promises eg security, restoring former glory or pretty much heaven of earth, while one day later turning things rather into hell on earth. This has happened often enough in the past 50 years, so one shouldn’t even blindly trust seemingly benevolent democracies. Not because they would all be inherently evil, but because they can turn that way in the blink of an eye on voting day if the majority of the population is just dumb enough.
You took the words out of my keyboard. Extremism is not the answer, be it that of freedom or of justice, and aiming either of the two exclusively is a denial of democracy, the only regime which strives for both in a perpetual balance between them because aiming both. Democracy is not politically oriented, it is not an ideology but rather a supervisor to put it simplistically. Democracy cannot survive with radicalism. We have to deal with that or become extremists ourselves.
@Lizard
I don’t agree at all. Using a VPN is not all about anonymity. Especially because a good VPN will block advertising, trackers, malware, clickbaits, etc… Makes using the net much more pleasant and safe.
As for Tor, it’s NOT necessarily all about illegal activities. Many regular and law abiding websites are duplicated on Tor. And Tor is a lifeline for those living in countries with repressive regimes.
Live and let live.
That is such a braindead take, privacy is a right. If you have takes like this, I wonder if you go around leaving your phone unlocked, home door unlocked, all of your chats/emails/calls exposed?
Anonymous “privacy is a right.”
Privacy is indeed a right..but the point here is that Tor is only used for criminal activity…No one in their right mind would use Tor out of amusement of wanting Privacy…have you ever used Tor? it’s slow as hell and most popular places will ban you for using it…that’s why regular Internet people do not use it, except of course criminals will put up with slow browsing and all that.
Does everyone with a VPN have something to hide?
VPN is hell too.
I am from the nordic countries and I have noticed when using Tor recently the entry guard always is Germany, for a long time it was some other fixed european country, in the past it was quite random spread among many different countries, now it’s mostly some of SIGINT Seniors Europe countries, aka 14 eyes.
In the past Tor used many more different countries, also many eastern european countries never appear anymore.
Usually when getting on Tor it does a lot of hops in the beginning between different servers, but even then when having opened a web page it would still change the server, I find very problematic because it is very unlikely someone else is surfing on the same web site within seconds.
Have also noticed some times all 3 servers are set to Germany, i find this behavior very worrisome as one country definitely have absolute overview what connections are made within one country.
This is quite easy: it’s because the vast majority of all Tor entry and exit nodes actually ARE physically located in Germany. There are several reasons for this, but the relevant side effect is that, eg the SÄPO won’t have the slightest chance of monitoring Tor and performing a proper traffic analysis, while the German BND can do this with “relative ease”.
In risk management, this (global clustering of resources) is what’s called a cluster risk.
Global node equi-distribution would, from a security and risk management perspective, of course be vastly preferable, but that’s not how things currently are in reality.
And tbh, while this is of course a problem, I would feel much, much worse, if the vast majority of all entry and exit nodes would suddenly be located in eg China, Russia, North Korea, Iran or even France or the UK.
If you wanna help mitigate this cluster risk: you and all other mighty Vikings should simply set up more entry/exit nodes in Scandinavia. Hosting a simple server ain’t that expensive.
Tor is useless in data centres – same data centre, different nodes, what’s the point? In a world where privacy is seen as a nuisance to advertisers, security services, governments, and just about every organisation involved in controlling the public, I have given up using any electronic device for “secure” communications. Just meet in person without the tech if you want to use your privacy rights.
Ditch Tor and use I2P.
The comments here are getting sillier. No, TOR is not “obviously a honeypot”, at least not to rational people, or organizations that have funded TOR like EFF, Brave browser, Mullvad, the US State Dept, and the NYT, unless perhaps the commenter is claiming that he or she has better insight than all those (and dozens of others) combined. It’s very difficult to penetrate, even for a state-level actor.
No, communication tools that allow people in repressive regimes (of which I am one) to access the mostly-free internet don’t “do more harm than good”.
Every privacy tool is constantly under attack, and has to respond and adapt to stay relevant. TOR has proven itself in that regard. And every net user who cares about privacy, especially those whose freedom depends on it, has to keep educating themselves and making intelligent choices about what tools to use. Comments like the above don’t add any value to this process.
well said!
I think that Tor is the first place to avoid if you want to do bad things. Telegram is safer. Note the finest irony, please.
How is Telegram Safer John G?
Telegram is Not Encrypted by Default.
Tor Nodes are Encrypted by Default.
Did you ever find out how to uninstall the Edge Browser yet?
Must be that learning curve again for yourself.
Thanks for the Lulz Again…
@Dark, please do learn to read properly > “Note the finest irony”. Thank you.
Anyway, if you don’t know why Telegram is safer than Tor, it’s not my fault.
I wanted to uninstall Edge in the past, and even Defender. However, I was completely unable to uninstall them without breaking something. So I left them and after a while I didn’t care anymore. It’s amazing how someone can adapt himself to the insidious odor of the unwanted software.
I think something is wrong, my comment about the unistallation of Windows Defender was done weeks ago in other former article.
What that your point replying to yourself John G. ?
Still to this date you can not explain, why the Telgram App is Safer than the Tor Browser?
You got to have something intelligent to add, to prove your point about Telgram being Safer than Tor?
Stupidity isn’t a crime, so you’re free to go.
You should really come with a warning label John G.
It’s impossible to underestimate you.
I’m not insulting you John G.
I’m describing you.
I’m glad to see you’re not letting education get in the way of your ignorance John G.
Learn something John G.
Stop making yourself look stupid!
https://www.youtube.com/watch?v=cOIaEa7dhoU
https://www.youtube.com/watch?v=-uDYvy2jQzM
John G. thing, nothing wrong. See-look, you posted: (#comment-4587376) and (#comment-4587377). Not weeks ago… Most certainty today!
Unless Microshoft Recall has alreedy eaten compute-thing for you. To help you remember past stupidity of you saying: Edge is your Leader, king-thing!
Lots of Anon-y-mouses posting in this article. Also some are very bad-bad filthy looking ones. They may have itchy-fleas or something.
John G. thing check-check, compute-box for nasty-things hiding it… We will smash-crush them like beetle-bugs! I can crush two with one bludgeon, yes-yes.
Regarding comments within post (https://www.ghacks.net/2024/09/19/tor-anonymity-infiltrated-law-enforcement-monitors-servers-successfully/#comment-4587367).
Typically Producing refers to the act of exhibiting, showing, or placing something before one’s view, e.g. obtaining or looking at or visiting a website.
Sick-and-twisted Child fondlers and “perverts” can thus be thus producers of “indecent material” because they “make” the image, e.g. (opening, downloading or storing an image).
For example, even if they were to just “view images” on web browser like Edge or Brave and never get near real child, they still “make” the image.
Because the web browser and computer will “make” them the image. So essentially they become the producer and they have possession of such ‘indecent images’.
A lot of crime is facilitated by the Dark Web. It’s nearer 1 in 100 males that have an unhealthy interest in children.
In the UK, almost 87,000 sexual offences against children were recorded by police in the past year. Child abuse often goes unreported and unrecorded.
“It is not only law enforcement agencies that may use the technique to identify criminals. Oppressive regimes may use the very same method to identify users who try to stay anonymous to evade prosecution.”
The problem with anonymous programs that spies, criminals and terrorists will always be the majority of people using them. That’s the fact. Is it ultimate good to create a program that is used 10% for freedom and 90% for crime? I am not an arbiter.
Let’s all act very shocked and surprised… Maybe the best way to avoid all this is to not be a pedophile terrorist drug dealer? Just a thought. I mean, how hard can it be?
What about being a dissident under a totalitarian regime? Are they the price to pay? Have you ever heard of Ruan Xiaohuan? He himself is an InfoSec Specialist, and yet he has been arrested in 2021 after 12 years of evading surveillance from the CCP regime.
Lokinet is alternative to Tor.
I don’t use Tor myself. If I did I’d always consider that my anonymity does not prevail on hidden criminality.
Pros and cons are rather simplified when living in a free world, far less when a totalitarian regime is blocking one’s freedom.
Generally speaking I’ve never been fond of anonymity (unless, again, I’d need it for vital reasons). As us all I must follow basic rules to handle commercial invasion and intruders’ nuisance, but that’s about it. No proxy, no VPN, no Tor, these make me feel squeezed, imprisoned which may sound paradoxical.
Lastly, and this will make some of you jump to the ceiling, I’m far more revolted by commercial intrusions than by political ones should I be concerned here in what remains whatever our critics a free world : I basically have confidence in the western world administrations. Not in their business.
“… never been fond of anonymity”, “these make me feel squeezed, imprisoned which may sound paradoxical”. No Tom, you clearly are a unique individual, a god if there was one. I envy how you are free of the manias that oppress society nowadays. Please tell us, how do you do it? A mantra that I can use to stay above the fray? Please oh wise one, share your secret, we are all waiting. Lead us to the light.
Tom, you clearly are a unique individual, a digital god. I envy how you are free of the manias that oppress society nowadays. Please tell us, how do you do it? A mantra that I can use to stay above the fray? Please oh wise one, share your secret, we are all waiting. Lead us to the light.
Can’t someone connect to TOR via a third-party regular VPN so that becomes the source IP address?
ofc, would be one way to go – or even use chained vpns
This will probably become the new norm. Connect to a VPN in a different country, then connect to Tor. You could also use double-Hop VNPs or even use multiple different VPN providers and chain the connections.
Connect to this and connect to whatever, then reconnect to this and reconnect to whatever more, while doing all kind of alleged instructions to avoid the possible VPN providers security flaws and everything for nothing. Pure bull**** as always has been, just because if “they” want to find you, “they” will find you. Because “they” are the power behind the curtains itself, “they” know everything about everything and there are backdoors even in the lids of the yogurts that you have in the refrigerator. Surf right, surf nice, surf calm, and above all surf legally.
Are we finally going to start acknowledging the obvious? That Tor has been a honeypot for govt spy agencies and oppressive regimes for many years now, possibly since its inception?
Yeah, what if Snowden was a CIA scheme all along, along with TOR and Tails Linux and so on..? They LURED us all in and now our pagers are blowing our dicks off!
>”Yeah, what if Snowden was a CIA scheme all along”
No, I’m sure Snowden was smart enough not to try to access the clearnet from a Tor session while he was on the run. For the rest of us though, those exit nodes probably can’t be trusted.
It’s the product of the government. Quite literally pulled from the wikipedia.
The core principle of Tor, known as onion routing, was developed in the mid-1990s by United States Naval Research Laboratory employees, mathematician Paul Syverson, and computer scientists Michael G. Reed and David Goldschlag, to protect American intelligence communications online.
Did you not know this???
@Anonymous
Yeah, and Nokia used to make rubber boots. Now they know your foot size. You cannot hide.
Never have used Tor but I am not surprised that wherever bad people go so does law enforcement.
If it’s used to hunt down *** and other people who break their country’s law is it really a big deal? I think tor’s existence does more harm than good.
Unless it’s [Tor] part of your business model, and the ethics of your business are counterproductive to governmental authoritarianism that the “blind sheep” gladly follow.
Sort of like “X” and Brazil. A quick software update by Musk put an end to that insanity.
You have WAAAAYYYY too much trust in government. BTW, Tor was actually a project of the Defense Advanced Research Agency of the U. S. government.