Podcast: Tor peer-to-peer privacy could be hacked

In this edition of Security Wire Weekly, Andrew Christensen of FortConsult explains how the Tor peer-to-peer network can be hacked to track down user identities.

Andrew Christensen, a researcher with FortConsult, explains how the Tor peer-to-peer network of routers, which keeps IP addresses private, can be hacked to reveal user data. Tor is used to make Web browsing, publishing and instant messaging anonymous. The developers say the aim is to "defend against traffic analysis," which can inhibit privacy. But the FortConsult report suggests that users of Tor aren't as anonymous as they may think.

  Researcher Andrew Christensen:  

  Program highlights:  

  • (2:48) Introduction of Andrew Christensen of FortConsult.

  • (3:28) What is Tor?

  • (4:00) Who uses Tor?

  • (4:30) How many people use Tor?

  • (4:45) Why did you decide to conduct this research?

  • (5:36) Are you really private on this peer-to-peer network?

  • (6:18) What does this mean for IT security administrators?

  • (6:51) Are some Web sites blocking Tor?

  • (8:08) Are there any disadvantages for Web sites that block Tor?

  • (8:37) Do you have to be technically savvy to use Tor?

  • (9:20) What surprised you the most from your study?

      Program Links:  

  • Tor network privacy could be cracked: The Tor network is used by those who want to keep their IP addresses private. But new research shows that it's possible to compromise the system and unmask the user.

  • Practical Onion Hacking: Finding the real address of Tor clients.: Read the FortConsult report about how privacy can be compromised on the Tor peer-to-peer network.

  • Arrigo Triulzi of the SANS Internet Storm Center: Read Triulzi's comments about why he believes the FortConsult report is worrisome.

  • Visit the Tor Web site: According to the site, Tor aims to "defend against traffic analysis, a form of network surveillance that threatens personal anonymity and privacy, confidential business activities and relationships, and state security."

  • Information Security podcasts: Visit SearchSecurity's podcast archive.

  • Read more on IT risk management