0
ARS TechniaThink that anonymizing BitTorrent tracker connections through Tor makes you harder to track? Think again. A vulnerability was used to identify over 10,000 users' IP addresses via their BitTorrent tracker connections. But it's not just your BitTorrent downloads that are at risk: an attacker can use your BitTorrent connections to de-anonymize other, more secure applications run over Tor.
In a paper released a few weeks ago at the USENIX conference's workshop on Large-scale Exploits and Emergent Threats (LEET), researchers from INRIA France revealed a class of vulnerabilities in the Tor system which threatens the anonymity of many BitTorrent users. The research team, led by Stevens Le Blond, explained an attack methodology which it developed and deployed. The attack exploits a feature of Tor originally introduced to improve anonymity and efficiency, but it also relies on certain aspects of the BitTorrent protocol.
Tor is a system for protecting online anonymity that works by forwarding TCP traffic over a low-latency "onion-routing" network of nodes maintained by volunteers. Tor establishes circuits of three nodes to pass traffic across; the actual operation is quite complex, but it's explained lucidly on the Tor Project website. The end result is that connections are slower but more secure than they would otherwise be, and a user's original IP address is obscured.
One Tor efficiency and anonymity feature involves multiplexing many different TCP streams over the same circuit. This improves efficiency, because it takes a lot of computationally intensive public-key encryption work to set up a circuit, but established circuits are not computationally taxing to use. In addition, there's a privacy benefit, because reusing circuits reduces the total number of nodes used, and therefore reduces the risk of coming into contact with a "hostile" node (one set up, for instance, by a government trying to peek at the Tor traffic of dissidents or mobsters).
Read More
