Tor as a threat to bank security
In a closed report of the US Treasury Department, which fell into the hands of the KrebsOnSecurity resource in early December, reports from various banks on the so-called are summarized and analyzed. suspicious activities related to the Internet. The report was prepared by FinCEN , the Bureau of the Ministry of Finance for the Prevention of Financial Crimes. In the reports from 2001 to 2014, number 6048, the bureau, among other things, looked for references to the known ip-addresses of the output nodes of the Tor network (of which there are just over 6000). As a result, 975 matches were found with the addresses of these nodes and it was estimated that about $ 24 million were involved in suspicious activities.
The report concludes: “When analyzing the reports, it was revealed that few of the banking specialists who reported suspicious activities were aware that the ip addresses they identified belonged to the Tor network. Our analysis showed that most of the facts of this activity, related mainly to the abduction of accounts, could have been prevented if the bank knew that they were connecting to their network from Tor’s IP addresses. ” There is also an increase in hacker activity: “From October 2007 to March 2013, the number of suspicious activity reports increased by 50%. And from March 2013 to July 2014 - already at 100% "
Nicholas Weaver, a researcher at the ICSI, International Institute for Computational Science, says that although banks have the ability to track requests and block the IP addresses of the Tor network, this is unlikely to seriously affect cybercrime. “Mentions of Tor are not at all surprising - for malware, this is a very easy way to escape. However, the massive blocking of the Tor network will not help to increase security - there are many other simple ways to encrypt. ”
')
For their part, Tor developers noticed an increasing desire of website owners in the summer, and issued a “ call to arms ” - they asked for an open letter to help the Internet community in finding ideas for improving the network situation and activists who could translate these ideas into a life. Weaver notes the difficulty that webmasters face when trying to decide on Tor users: “If you treat them as enemies, attackers will always find ways to get around the restrictions. If you treat them kindly, you will have to withstand the flow of ill-wishers. For sites like Wikipedia, you can come up with a compromise, and as far as banks are concerned, this is another story. ”
The report concludes: “When analyzing the reports, it was revealed that few of the banking specialists who reported suspicious activities were aware that the ip addresses they identified belonged to the Tor network. Our analysis showed that most of the facts of this activity, related mainly to the abduction of accounts, could have been prevented if the bank knew that they were connecting to their network from Tor’s IP addresses. ” There is also an increase in hacker activity: “From October 2007 to March 2013, the number of suspicious activity reports increased by 50%. And from March 2013 to July 2014 - already at 100% "
Nicholas Weaver, a researcher at the ICSI, International Institute for Computational Science, says that although banks have the ability to track requests and block the IP addresses of the Tor network, this is unlikely to seriously affect cybercrime. “Mentions of Tor are not at all surprising - for malware, this is a very easy way to escape. However, the massive blocking of the Tor network will not help to increase security - there are many other simple ways to encrypt. ”
')
For their part, Tor developers noticed an increasing desire of website owners in the summer, and issued a “ call to arms ” - they asked for an open letter to help the Internet community in finding ideas for improving the network situation and activists who could translate these ideas into a life. Weaver notes the difficulty that webmasters face when trying to decide on Tor users: “If you treat them as enemies, attackers will always find ways to get around the restrictions. If you treat them kindly, you will have to withstand the flow of ill-wishers. For sites like Wikipedia, you can come up with a compromise, and as far as banks are concerned, this is another story. ”
Source: https://habr.com/ru/post/364029/
All Articles