View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
December 15, 2014

Could Tor fall victim to a DDoS attack in 2015?

Andrew Conway claims the network is "reasonably fragile".

By Jimmy Nicholls

Tor users could be targeted by police next year as governments seek to combat crime and reduce political dissent, according to a researcher at the security firm Cloudmark.

Andrew Conway claimed the anonymity network is "reasonably fragile", with police able to unmask service providers by comparing traffic spikes, generated by distributed-denial-of-service (DDoS) attacks, from just a small number of endpoints.

He added that the network was at risk of a complete shutdown if a government decided to launch a massive DDoS attack against it, which would overload the system with traffic.

Conway said: "There are only a few thousand endpoints where Tor connects to the rest of the internet. Attacking those with a DDoS is well within the capability of many organisations and states."

"I think some oppressive regimes may decide that they have had enough of their dissidents using it and just want to shut the thing down, or some group in law enforcement may decide the same."

The security of Tor was called into question when the FBI arrested Blake ‘Defcon’ Benthall in November for his alleged work on the second iteration of Silk Road, an ecommerce site specialising in contraband that could only be accessed through Tor.

Conway added that the police mole planted in the second Silk Road admin team was "probably" involved in the arrests that caused the first version’s collapse, and that he suspected they had used the DDoS and endpoint approach to monitor network traffic.

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

Despite this, he said police are still unable to track down Tor user’s IP addresses, which would be necessary to identify those purchasing contraband online.

"[Tor] still does give a level of anonymity for people looking for child pornography, but not if they are providing it," he said.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.