For a long time the Tor network was considered (and continues to be) as the pinnacle of security, a tool that allows its users to browse privately without fear of surveillance by governments or hackers; Thanks to this, its number of users increased steadily. The bad thing (or the good thing, depending on how you look at it) is that this growth has brought with it many prying eyes that have reviewed the functioning of Tor from top to bottom, in some cases for evil purposes. If we add to this recent news such as the closure of Onion pages and the arrest of users by the FBI, the truth is that the network takes a few weeks to forget. Especially if the latest news is confirmed, which talks about the possibility of getting the IP of 81% of Tor users.
Scary figures
This is stated by Sambuddho Chakravarty, a researcher at the Indraprastha Institute of Information Technology, in New Delhi, who took advantage of Netflow technology integrated in Cisco brand routers to achieve success rates of Identification of a 100% IP address in the laboratory and 81% in tests on the Tor network itself. To do this, I set up a Linux Tor server that analyzed the traffic and inserted a particular traffic pattern (such as HTML files) into the TCP connection leaving the target node. By comparing the changes with the traffic flow logs generated by Netflow, I could identify the customer and his location.
Chakravarty ensures that these types of traffic analysis attacks have to be carried out by global organizations. A An attacker who is powerful enough and with sufficient resources can execute these types of traffic analysis attacks. to determine the participants in a connection, and then listen directly from the node used by the chosen victim. The reason that it was able to execute this attack is because of the way Tor tries to compensate for the high latency of its connections; It is not an attack that everyone can do, but it is possible that attackers with a lot of budget will succeed (sound like someone?).
Source | The Stack
