the end of anonymity on anonymous networks
TRANSCRIPT
TOR, I2P, FREENET… FOR WHAT?
DEANONYMIZATOR… THE END OF ANONYMITY ON ANONYMOUS NETWORKS
Denis Makrushin (@difezza), Maria GarnaevaGlobal Research and Analysis Team
«I KNOW WHAT YOU DID LAST SUMMER»
… BUT HOW?!
EXPLOITS, FINGERPRINTING… YEP-YEP.
FLASH, HTML5, ENTRY-NODE DETECTION… YEP-YEP.
BUT HOW …
… did they found my mega-private-0day-forum?!
… did the found me?!
PASSIVE DATA COLLECTION SYSTEM… OR HOW DID THE FOUND MY MEGA-PRIVATE-0DAY-FORUM?!
>> EXITPOLICY ACCEPT *:*
>>TSHARK –I 1 –W DUMP.PCAP
TOR-USER’S PSYCHOLOGICAL PORTRAIT
PSYCHOLOGICAL PORTRAIT. PART TWO.
BlackMarket; 14.32
DDoS-campaign; 3.03
Finan-cialServices; 2.82
Dark-netHoste
r; 1.86
Russian; 1.70
Leaks&Services;
1.70
Pe-dophile;
1.65
Asian; 0.85
Pornographie; 0.85
Hacker&Malicious; 0.80 Search Engines; 0.64Gambling; 0.53Arabic; 0.11
Other19%
Common59%
No Content22%
ACTIVE DATA COLLECTION SYSTEM… OR KNOCK-KNOCK, DUDE!
TRAFFIC INJECTION… YEP-YEP.
TELL ME, WHO ARE YOU?
SO DIFFERENT COOKIES
MEANWHILE, IN TOR BROWSER
LET ME MEASURE YOUR TEXT
GETBOUNDINGCLIENTRECT()
FONT VALUE
Impact 3409372Georgia 3344049Courier New 3430809Consolas 3392005MS Gothic 3383290
“YEP-YEP, WE KNOW” – TOR PROJECT
PROOF-OF-CONCEPT: PREPARING PATIENT
PROOF-OF-CONCEPT: INJECT IT!
PROOF-OF-CONCEPT: ANALYZE IT!
XSS IS A PAIN OF ONION
VECTOR OF ATTACK
I KNOW YOU BY THE FONTS
THANK YOU! [email protected]@kaspersky.comhttp://twitter.com/difezza