Feeds

Study finds fraudsters foist one-third of all Tor traffic

Anonymizing network 'disproportionately associated' with online skullduggery

Website security in corporate America

People who access the internet through the anonymizing Tor network are much more likely to be up to no good than are typical internet users, according to a study by online reputation–tracking firm Iovation.

The company announced on Tuesday that 30.2 per cent of the transactions it logged as coming from the Tor network during the month of August were fraudulent, compared to a 1 per cent fraud rate for internet transactions as a whole.

Tor disguises the source of internet connections by shuttling them through hard-to-follow network routes and assigning them IP addresses at random from a pool distributed around the globe. While it's not too hard to tell whether a connection is coming from Tor, it's extremely difficult to know just who is behind any given connection, or even where in the world they are located.

For that reason, while Tor has often been used for political activism, whistleblowing, and other risky but laudable activities, it is also home to a shady underworld of less-praiseworthy dealings, ranging from drug trafficking to child pornography. The online black market Silk Road conducts its business entirely over Tor.

Online criminals have recently begun experimenting with using Tor as a cover for other kinds of internet traffic, as well. The number of clients accessing the network on a daily basis doubled in August when the Mevade.A botnent began using Tor to route its command and control data.

Little wonder, then, that Iovation found that nearly a third of all Tor transactions were suspect – and the company isn't just talking about sales on Silk Road, either.

"Transactions simply means any online action at one of our customer sites like online purchases, account registrations, credit applications, logins, wire transfers, comments, etc," Scott Olson, Iovation's VP of product, told The Reg via email. "Any interaction where fraud or abuse are of concern to our subscribers."

Iovation's ReputationManager 360 service can't identify individual Tor users, but it can spot traffic that originates from known Tor IP addresses, called "exit nodes." To conduct its study, it analyzed 240 million transactions conducted in August 2013 and compared the fraud rate of Tor traffic to that of the whole.

Iovation is making the ability to identify Tor traffic generally available to its ReputationManager 360 customers at no charge beginning on Tuesday.

"Tor in itself isn't a bad service," Olson told El Reg. "It can be used for positive things as well as fraudulent things. For our clients, they are concerned with mitigating risk and in this case, Tor is disproportionately associated with a much higher fraud rate for online purchases, account applications, logins (through account takeovers), etc."

Iovation isn't the first to identify this problem. As recently as August, the head of Russia's Federal Security Service said he would like to block Tor traffic at the national level as part of the country's anti-terrorism efforts.

Although blocking all Tor traffic would be challenging, blocking traffic that re-enters the mainstream internet via Tor exit nodes is comparatively easy. Wikipedia prevents editing by Tor users, for example, and if Tor's reputation for being rife with bad actors grows, more sites may choose to do the same. ®

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
'Kim Kardashian snaps naked selfies with a BLACKBERRY'. *Twitterati gasps*
More alleged private, nude celeb pics appear online
Snowden, Dotcom, throw bombs into NZ election campaign
Claim of tapped undersea cable refuted by Kiwi PM as Kim claims extradition plot
Freenode IRC users told to change passwords after securo-breach
Miscreants probably got in, you guys know the drill by now
THREE QUARTERS of Android mobes open to web page spy bug
Metasploit module gobbles KitKat SOP slop
BitTorrent's peer-to-peer chat app Bleep goes live as public alpha
A good day for privacy as invisble.im also reveals its approach to untraceable chats
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.