Tor-busting techniques pulled from Black Hat schedule

July 22, 2014 // 10:41 a.m.

Tags: #alexander-volynkin #anonymity #black-hat #black-hat-conference #hacker #insecurity #privacy #roger-dingledine #security #the-onion-router #tor #tor-project

A presentation on low-cost techniques for de-anonymising users of The Onion Router (TOR) Project network. now known as Tor, has been pulled from the Black Hat 2014 talk schedule for reasons as-yet unknown.

Originally developed in partnership with the US Naval Research Laboratory as part of its investigations into privacy and cryptography on the internet, Tor has won plaudits as being an easy-to-use tool for helping preserve privacy online. Network traffic sent over the Tor network is encrypted, bounced through three separate router systems, and then spat out onto the internet through an exit node that masks the original origin point of the traffic. The software gets used by everyone from human rights activists and whistleblowers to terrorists and drug dealers, and despite the recent discovery that the US National Security Agency had been working to exploit holes in the network and run traffic analysis on exit nodes the system continues to prove popular.

Security researcher Alexander Volynkin was scheduled to give a talk at the Black Hat conference on ways that individuals can attempt to ascertain the original source of Tor traffic without the need for the access and budget of the NSA. Dubbed 'You Don't Have to be the NSA to Break Tor: Deanonymizing Users on a Budget', the talk has been pulled by his employer for reasons unknown. 'Unfortunately, Mr. Volynkin will not be able to speak at the conference,' a legal representative for the Carnegie Mellon University's Software Engineering Institute told the event organisers, 'since the materials that he would be speaking about have not yet approved by CMU/SEI for public release.'

Those behind the Tor project have denied that they were responsible for the sudden retraction. 'We did not ask Black Hat or CERT to cancel the talk. We did (and still do) have questions for the presenter and for CERT about some aspects of the research, but we had no idea the talk would be pulled before the announcement was made,' Roger Dingledine stated in a post to the mailing list. 'In response to our questions, we were informally shown some materials. We never received slides or any description of what would be presented in the talk itself beyond what was available on the Black Hat Webpage.'

Dingledine has said that he encourages Volynkin to practice 'responsible disclosure,' whereby the Tor Project is informed of flaws in its system prior to public disclosure to give it time to resolve the issues, but thus far Volynkin has been silent on what he plans to do with the materials originally prepared for the conference.
Discuss this in the forums

QUICK COMMENT

SUBSCRIBE TO OUR NEWSLETTER

WEEK IN REVIEW

TOP STORIES

SUGGESTED FOR YOU