web analytics

Tor Says Platform Is Safe After German Police Interception – Source: www.databreachtoday.com

tor-says-platform-is-safe-after-german-police-interception-–-source:-wwwdatabreachtoday.com
Rate this post

Source: www.databreachtoday.com – Author: 1

Cybercrime
,
Fraud Management & Cybercrime

German Law Enforcement Reportedly Deanonymized Tor User in 2021

Akshaya Asokan (asokan_akshaya) •
September 19, 2024    

Tor Says Platform Is Safe After German Police Interception
German police may have used a Tor guard discovery attack against a child sexual abuse material administrator in 2021. (Image: Shutterstock)

The Tor Project on Wednesday reassured users that they remain anonymous after media reported that German police successfully used Tor to trace the alleged administrator of a child pornography site.

See Also: OnDemand | 2024 Phishing Insights: What 11.9 Million User Behaviors Reveal About Your Risk

The nonprofit privacy network said Tor users can continue to use the browser “securely” and that the “Tor Network is healthy.” The statement came after German broadcaster Panorama and YouTube channel STRG_F reported the Federal Criminal Police Office of Germany was able to identify “Andreas G.” as the admin of Boystown, a child sexual abuse material dark website that authorities busted in May 2021.

Boystown was primarily accessible through the Tor Browser, also known as The Onion Router, which provides anonymity to users on the clear web and serves as an entry point into the darknet – websites that use the anonymity of the Tor network to hide their servers’ location. Tor touts itself as a human rights tool for privacy and an aid to activists in authoritarian countries. But the darknet also serves as a haven for illegal online marketplaces, CSAM material and cybercrime operators, including ransomware groups that host leak sites.

“Like many of you, we are still left with more questions than answers,” Tor said of the German police operation, and added that the browser continues to be the “best solution” for privacy-focused communication.

Tor said that based on limited information, it appears police were able to deanonymize a user because he used a Ricochet, a “long-retired application” peer-to-peer instant messaging system for use on the Tor network. Police may have used a guard discovery attack, in which an attacker-controlled relay point establishes a circuit to the “guard node” that’s the first relay in a Tor circuit – allowing the attacker to expose the actual IP address of the user.

Tor released fixes for the issue in 2018, suggesting the deanonymized user didn’t deploy a defense that Tor dubbed Vanguards.

German authorities did not respond to a request for comment seeking further information on the operation. The agency may have invoked the Federal Criminal Police Office Act that allows the German police to employ a range of surveillance measures to track criminals, said Dennis-Kenji Kipker, a professor of IT security law at the University of Bremen.

A Tor spokesperson said the browser has “very limited information” on the police operation. Tor asked anyone with additional information on the operation to come forward to assist the browser with its threat analysis. It also recommended Tor users patch their applications immediately.

Original Post url: https://www.databreachtoday.com/tor-says-platform-safe-after-german-police-interception-a-26328

Category & Tags: –

Views: 0

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post

Joas Antonio
ChatGPT for Cybersecurity by Joas Antonio dos Santos – malwareanalysis #reverseengineering
ChatGPT for Cybersecurity by Joas...
CISO2CISO Notepad Series
How Can We Structure Cybersecurity Teams To Better Integrate Security In Agile At Scale?
How Can We Structure Cybersecurity...
OCCUPYTHEWEB
Linux Basics for Hackers by Occupytheweb
Linux Basics for Hackers by...
NIST
Digital Forensics and Incident Response (DFIR) Framework for Operational Technology (OT) by NIST – Eran Salfati and Michael Pease
Digital Forensics and Incident Response...
Think Big Blog
Top 10 TED Talks to Learn about Cyber Security
Top 10 TED Talks to...
NCSC
NCSC Cyber Security for Small Business “SMEs” Guide.
NCSC Cyber Security for Small...
Marcos Jaimovich
The Silent Spectre Haunting Your Network: QPhishing, the CISO’s Unspoken Nightmare.
The Silent Spectre Haunting Your...
Marcos Jaimovich
Goodbye to Traditional: Why Conventional Cybersecurity Tools are No Longer Sufficient for the Future of Digital Threats ?
Goodbye to Traditional: Why Conventional...
Marcos Jaimovich
Why do we compare a SOC (Security Operations Center) with the cockpit of a commercial airplane? by Marcos Jaimovich
Why do we compare a...
Joas Antonio
Security Operations Center (SOC) – Tools for Operations Development by Joas Antonio
Security Operations Center (SOC) –...
IZZMIER
Incident Response Playbooks & Workflows Ready for use in your SOC & Redteams
Incident Response Playbooks & Workflows...
LOGPOINT
396 Use Cases & Siem Rules Code ready for use for Mitre Attacks Events Detection in Your SOC by Logpoint
396 Use Cases & Siem...

LASTEST PUBLISHED POSTS

ACN
Guidelines for secure AI system development
Guidelines for secure AI system...
Incibe
Ciberseguridad en Smart Toys
Ciberseguridad en Smart Toys
Flashpoint
Global Threat Intelligence Report
Global Threat Intelligence Report
HSBC
A new payments paradigm
A new payments paradigm
WORLD BANK GROUP
Global Cybersecurity Capacity Program
Global Cybersecurity Capacity Program
Gary Hinson
Getting started withsecurity metrics
Getting started withsecurity metrics
EDPS
Generative AI and the EUDPR.
Generative AI and the EUDPR.
Bright
2024 Guide to Application Security Testing Tools
2024 Guide to Application Security...
HADESS
Hacker Culture
Hacker Culture
Quuensland Govermment
RISK ASSESSMENT PROCESS HANDBOOK
RISK ASSESSMENT PROCESS HANDBOOK
Ministry of MOS Security
HIPAA SIMPLIFIED
HIPAA SIMPLIFIED
Hacker Combat
How Are Passwords Cracked?
How Are Passwords Cracked?

More Latest Published Posts

IGNITE Technologies
A Detailed Guide on Covenant
A Detailed Guide on Covenant
NIST
Computer Security Incident Handling Guide
Computer Security Incident Handling Guide
IGNITE Technologies
DIGITAL FORENSIC FTK IMAGER
DIGITAL FORENSIC FTK IMAGER
Accedere
Cloud Security Assessment
Cloud Security Assessment
YL VENTURES
CISO Reporting Landscape 2024
CISO Reporting Landscape 2024
CISO Edition
Reporting Cyber Risk to Boards
Reporting Cyber Risk to Boards
CIOB
CIOB Artificial Intelligence (AI) Playbook 2024
CIOB Artificial Intelligence (AI) Playbook 2024
INCIBE & SPAIN GOVERNMENT
Nuevas normativas de 2024 de ciberseguridad para vehículos
Nuevas normativas de 2024 de ciberseguridad para vehículos
INNOVERY
RESILIENCIA
RESILIENCIA
CEH
Certifications Preparation Guide
Certifications Preparation Guide
Sandhya Kaushik
Checklist for Securing Your Android Apps
Checklist for Securing Your Android Apps
aDvens
May Cyber Threat Intelligence monthly report
May Cyber Threat Intelligence monthly report
Insikt Group
Caught in the Net
Caught in the Net
IGNITE Technologies
BURP SUITE FOR PENTESTER TURBO INTRUDER
BURP SUITE FOR PENTESTER TURBO INTRUDER
SYED ABUTHAHIR
BUG BOUNTY AUTOMATION WITH PYTHON
BUG BOUNTY AUTOMATION WITH PYTHON
Foresiet
Brand Impersonation Attacks
Brand Impersonation Attacks
Google Cloud
Board of Directors Handbook for Cloud Risk Governance
Board of Directors Handbook for Cloud Risk Governance
ISACA
Blueprint for Ransomware Defense
Blueprint for Ransomware Defense
Shaurya Rawal
Blockchain Security
Blockchain Security
RISK academy
BEST RISK MANAGEMENT PROMPTS FOR CHATGPT
BEST RISK MANAGEMENT PROMPTS FOR CHATGPT
IGNITE Technologies
Best Alternative of Netcat
Best Alternative of Netcat
aws
AWS Security Incident Response Guide
AWS Security Incident Response Guide
DevSecOps Guide
Attacking Rust
Attacking Rust
DevSecOps Guide
Attacking Pipeline
Attacking Pipeline
DevSecOps Guide
Attacking Golang
Attacking Golang
HADESS
Assembly for Hackers
Assembly for Hackers
BIONIC
Application Security Posture Management
Application Security Posture Management
Wallarm
API ThreatStatsTM Report
API ThreatStatsTM Report