Tor is one of the most important Internet services that ensures user anonymity. It is free and can be used by anyone who wants to hide, for example, the public IP address of their computer. The project, intended for good purposes, is also being abused by criminals who seek to remain anonymous and evade law enforcement. German law enforcement agencies decided to put an end to this.
German law enforcement agencies have been monitoring Tor servers for months to identify individual users of the dark network. They managed to identify the server of the hacker group Vanir Locker, which it used on the Tor network. Cybercriminals have announced that they will publish data stolen during one of their latest attacks. German authorities were able to determine the location of the resource using a time analysis method.
Timing analysis is used to relate connections to the Tor network and local connections to the Internet. To implement this method, as many Tor nodes as possible are monitored because this increases the likelihood of identification. Thus, law enforcement agencies do monitor Tor nodes, and this is not only done in Germany. German specialists seized control of the resource address of a group of cyber extortionists on the Tor network and redirected it to their page – as a result, the hackers were unable to publish data on their resource.
Reporters from state broadcaster ARD have seen documents that confirm the operation successfully identified four individuals. This method was also used to identify participants in a platform where child abuse material was published. The Tor Project confirmed that law enforcement had succeeded in de-anonymizing several cybercriminals, but said that Tor remains one of the best privacy options for most Internet users.