Tor No Longer Private

After stealing $1.4 million using the TorRat Trojan 4 men were arrested by the Dutch National High Tech Crime Unit. The criminals used the Trojan to steal money from over 150 accounts.

TorRat is designed to steal online banking credentials. The bank robbers were able to hide their activities by putting their command and control server on the Tor network. This allowed them to funnel all traffic between infected computers and the criminal servers over the anonymous Tor network.

Tor is designed to send data over random routes through several relays in order to cover user tracks. The purpose is to protect users so observers at any single point in the route can not determine where the data came from or where it’s going. And like everything else, even highways and medication, is abused by criminals.

The Tor browser is built on Mozilla’s open source for Firefox. The FBI confirmed that it exploited a Firefox vulnerability in September to arrest another Tor user. It is not known if this was how the Dutch caught the robbers. Now that the genie is out of the bottle it means even the Tor network is no longer private. Which doesn’t bode well for those if us who have a legitimate need for privacy.

Tor was developed by the U.S. Navy for intelligence gathering. It is also used by journalists to communicate with whistle blowers, law enforcement agencies hiding their identity on stings, citizens in countries with strong internet censorship (like China), by companies wanting to keep their inventions from falling victim to corporate espionage, intelligence agencies communicating with field operatives and anyone needing privacy.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s