Feeds

Study finds fraudsters foist one-third of all Tor traffic

Anonymizing network 'disproportionately associated' with online skullduggery

Top 5 reasons to deploy VMware with Tegile

People who access the internet through the anonymizing Tor network are much more likely to be up to no good than are typical internet users, according to a study by online reputation–tracking firm Iovation.

The company announced on Tuesday that 30.2 per cent of the transactions it logged as coming from the Tor network during the month of August were fraudulent, compared to a 1 per cent fraud rate for internet transactions as a whole.

Tor disguises the source of internet connections by shuttling them through hard-to-follow network routes and assigning them IP addresses at random from a pool distributed around the globe. While it's not too hard to tell whether a connection is coming from Tor, it's extremely difficult to know just who is behind any given connection, or even where in the world they are located.

For that reason, while Tor has often been used for political activism, whistleblowing, and other risky but laudable activities, it is also home to a shady underworld of less-praiseworthy dealings, ranging from drug trafficking to child pornography. The online black market Silk Road conducts its business entirely over Tor.

Online criminals have recently begun experimenting with using Tor as a cover for other kinds of internet traffic, as well. The number of clients accessing the network on a daily basis doubled in August when the Mevade.A botnent began using Tor to route its command and control data.

Little wonder, then, that Iovation found that nearly a third of all Tor transactions were suspect – and the company isn't just talking about sales on Silk Road, either.

"Transactions simply means any online action at one of our customer sites like online purchases, account registrations, credit applications, logins, wire transfers, comments, etc," Scott Olson, Iovation's VP of product, told The Reg via email. "Any interaction where fraud or abuse are of concern to our subscribers."

Iovation's ReputationManager 360 service can't identify individual Tor users, but it can spot traffic that originates from known Tor IP addresses, called "exit nodes." To conduct its study, it analyzed 240 million transactions conducted in August 2013 and compared the fraud rate of Tor traffic to that of the whole.

Iovation is making the ability to identify Tor traffic generally available to its ReputationManager 360 customers at no charge beginning on Tuesday.

"Tor in itself isn't a bad service," Olson told El Reg. "It can be used for positive things as well as fraudulent things. For our clients, they are concerned with mitigating risk and in this case, Tor is disproportionately associated with a much higher fraud rate for online purchases, account applications, logins (through account takeovers), etc."

Iovation isn't the first to identify this problem. As recently as August, the head of Russia's Federal Security Service said he would like to block Tor traffic at the national level as part of the country's anti-terrorism efforts.

Although blocking all Tor traffic would be challenging, blocking traffic that re-enters the mainstream internet via Tor exit nodes is comparatively easy. Wikipedia prevents editing by Tor users, for example, and if Tor's reputation for being rife with bad actors grows, more sites may choose to do the same. ®

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
Webcam hacker pervs in MASS HOME INVASION
You thought you were all alone? Nope – change your password, says ICO
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
USB coding anarchy: Consider all sticks licked
Thumb drive design ruled by almighty buck
Attack reveals 81 percent of Tor users but admins call for calm
Cisco Netflow a handy tool for cheapskate attackers
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.