Microsoft MVP says Tor can't foil NSA surveillance or cyber crooks
The Tor Network cannot protect internet users from state sponsored hackers and cyber criminals, according to a security expert.
Andy Malone, Microsoft most valued professional (MVP) in enterprise security and founder of the Cyber Crime Security Forum, said that despite the robust nature of The Onion Router (TOR) network, its use of third-party add-ons means that there are still ways to track, spy and steal data from its users. This comes despite revelations that Tor usage more than doubled following NSA snooping revelations.
"There is no such thing as really being anonymous on the internet. If [hackers and government agencies] want you, they will get you," he said.
"At the moment the Tor network's security has never been broken, but there are flaws around it that can be exploited.
"Tor leaks do occur through third-party apps and add-ons, like Flash. If I was doing forensics on you and thought you were on Tor I wouldn't attack the network I'd attack the weak areas around it."
The Tor network is an anonymising open source project designed to let users surf the internet anonymously and access the dark web, the area of the internet not indexed on public search engines.
It anonymises users' web movements by directing and scrambling internet traffic through a volunteer network of more than 5,000 relays.
However, Malone highlighted several ways in which hackers and government snoops could target Tor users.
"You can get people on TOR in a variety of ways. You could do a time attack, which involves catching traffic between relays," he said. "You could also do entry and exit monitoring, which involves dropping a zero-day on the actual machine accessing Tor or hosting an exit node and monitoring what's going in or out of it."
Malone added that law enforcement agents are actively working to develop other more direct ways to break in to the TOR network and monitor its users.
"I work with, and issue recommendations for, law enforcement and I'm telling you now, the dark web is heavily monitored. The NSA and GCHQ are already monitoring hundreds of Tor relays and exit nodes and trying to find ways to break the network down," he said.
"Many of the unindexed sites you see on Tor also have honey pots set up by law enforcement to monitor and catch the bad people accessing the dark stuff."
Malone's comments come after widespread reports from security providers that criminals are developing new ways to take advantage of the Tor network's anonymising powers.
Experts from Kaspersky Labs reported in March that they had uncovered evidence that criminals plan to release a fresh wave of advanced cyber attack campaigns using the Tor network.
Despite its use by criminals, many legitimate businesses have begun using Tor to protect sensitive communications and intellectual property following the PRISM scandal.
News broke when whistleblower Edward Snowden leaked documents to the press proving that the NSA was exploiting US legislation and backdoors in mainstream security technologies to collect vast amounts of internet users' data.
The NSA's activities have led businesses to consider using open source technologies unaffiliated with any one nation or political body, like Tor, which according to Malone now has an average of 60,000 to 80,000 users per day.