de-Anonymize Tor Users | Breaking Cybersecurity News | The Hacker News

One of TOR's primary software developers, Isis Agora Lovecruft , has fled to Germany, following the threat of a federal subpoena. Lovecruft is a well-known cryptographer and lead software developer for Tor project from many years. She has worked for a variety of other security and encryption products, such as Open Whisper Systems and the LEAP Encryption Access Project. Since November 2015, the FBI special agents in the United States have been trying to meet with her, but they will not tell her or her lawyer exactly why. When her lawyer reached out the FBI Special Agent Mark Burnett and asked why he wanted to meet with her, the agent assured the lawyer that she is not the target of any investigation, but also said that… Also Read:   Mozilla asks Court to disclose Firefox Exploit used by FBI to hack Tor users . The FBI have their agents on the streets in 5 cities in the United States hunting for her, intending to simply ask her some questions without her lawyer's pre

Mozilla has filed a brief with a U.S. District Court asking the FBI to disclose the potential vulnerabilities in its Firefox browser that the agency exploited to unmask TOR users in a criminal investigation. Last year, the FBI used a zero-day flaw to hack TOR browser and de-anonymize users visiting child sex websites. Now, Mozilla is requesting the government to ask the FBI about the details of the hack so that it can ensure the security of its Firefox browser. TOR is an anonymity software that provides a safe haven to human rights activists, government, journalists but also is a place where drugs, child pornography, assassins for hire and other illegal activities has allegedly been traded. TOR Browser Bundle is basically an Internet browser based on Mozilla Firefox configured to protect the user's anonymity via Tor and Vidalia. In 2015, the FBI seized computer servers running the world's largest dark web child pornography site 'Playpen' from a web host in Lenoir, No

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

Last month, the Federal Bureau of Investigation (FBI) was ordered to reveal the complete source code for the TOR exploit it used to hack visitors of the world's largest dark web child pornography site, PlayPen. Robert J. Bryan, the federal judge, ordered the FBI to hand over the TOR browser exploit code so that defence could better understand how the agency hacked over 1,000 computers and if the evidence gathered was covered under the scope of the warrant. Now, the FBI is pushing back against the federal judge's order. On Monday, the Department of Justice (DOJ) and the FBI filed a sealed motion asking the judge to reconsider its ruling, saying revealing the exploit used to bypass the Tor Browser protections is not necessary for the defense and other cases. In previous filings, the defence has argued that the offensive operation used in the case was " gross misconduct by government and law enforcement agencies, " and that the Network Investigative Technique (NIT)

There are several encrypted messaging apps for mobile and desktop platforms that shipped with "The Most Secure" tagline but ends up in de-anonymizing the real identity of its users in some or the other way. In fact, very few encrypted messaging apps available today deal with the core problem of Metadata .  The majority of apps offer end-to-end encryption that kept the content of your messages away from prying eyes, but your metadata will still be accessible to them, which is enough to know who you really are, and who you're talking to. But, one messenger app stands out of the crowd by providing superb anonymity to its users, and it is dubbed as " Ricochet ." Ricochet is a peer-to-peer instant messaging system available for Windows, Mac, and Linux and you can trust it as the app has already cleared its first professional security audit carried out by cyber security company NCC Group . What's so Promising about Ricochet? Unlike

The non-profit Tor Project has accused the FBI of paying the security researchers of Carnegie Mellon University (CMU) at least $1 Million to disclose the technique they had discovered that could help them… …Unmask Tor users as well as Reveal their IP addresses as part of a criminal investigation. As evidence, the Tor Project points to the cyber attack that it discovered last year in July. The team discovered more than hundred new Tor relays that modified Tor protocol headers to track people who were looking for Hidden Services – web servers hosted on Tor that offers more privacy. The Evidence The unknown attackers used a combination of nodes and exit relays, along with some vulnerabilities in the Tor network protocol that let them uncovered users' real IP addresses. The attack reportedly began in February 2014 and ran until July 2014, when the Tor Project discovered the vulnerability. Within few days, the team updated its software and rolled out new ve

A critical vulnerability in Tor — an encrypted anonymizing network considered to be one of the most privacy oriented service, which is used by online users in order to hide their activities from law enforcement, government censors and others — was probably being used to de-anonymize the identity of Tor users, Tor project warned on Wednesday. 115 MALICIOUS ToR RELAYS WERE DE-ANONYMIZING USERS According to a security advisory , Tor Team has found a group of 115 malicious fast non-exit relays (6.4% of whole Tor network), those were actively monitoring the relays on both ends of a Tor circuit in an effort to de-anonymize users. " While we don't know when they started doing the attack, users who operated or accessed hidden services from early February through July 4 should assume they were affected, " Tor said. When you use Tor anonymizing network, your IP address remains hidden and it appears that your connection is coming from the IP address of a Tor exit rela