{"id":2945,"date":"2014-03-05T06:00:58","date_gmt":"2014-03-05T11:00:58","guid":{"rendered":"http:\/\/me-en.kaspersky.com\/blog\/?p=2945"},"modified":"2017-09-24T18:29:44","modified_gmt":"2017-09-24T14:29:44","slug":"demystifying-tor","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/demystifying-tor\/2945\/","title":{"rendered":"Demystifying Tor"},"content":{"rendered":"

The Onion Router<\/b><\/p>\n

Tor, one of the resources on Darknet, has been known for a long time. At first it was only known of by experts and enthusiasts interested in the technical details of practical anonymity in the network (or fans of cryptograph), however, after Edward Snowden\u2019s revelations, many Internet users started searching for this kind of online anonymity, resulting in a surge of interest in Tor.<\/p>\n

\"tor\"<\/a><\/b><\/p>\n

What is TOR?<\/b><\/p>\n

Tor is basically unrestricted, free software operating via the Internet. It has users who enter sites, exchange messages on forums, communicate in IMS, etc. \u2013 just like the \u201ctypical\u201d Internet activity. But there\u2019s one crucial difference. Tor is unique in that it allows its users to remain anonymous while they are active online. Network traffic is completely anonymous: it is impossible to identify the user\u2019s IP in Tor, making it impossible to determine who the user is in real life. Therefore, no action, like the publication of posts in Tor, can be linked to a particular individual.<\/p>\n

Tor has become a helpful solution for those who, for some reason, fear the surveillance and leakage of confidential information.<\/div>\n

Just like the \u201cordinary\u201d Internet, Tor also enables its users to create almost any resources (in February Kaspersky Lab experts managed to find approximately 900 currently<\/a>\u00a0operative hidden services online). However, contrary to the traditional Internet where the domain name of each site makes it possible to determine the owner of the site and its location, Tor utilizes so-called pseudo domains, which frustrate any efforts to uncover the resource owner\u2019s personal information.<\/p>\n

How does Tor provide anonymity?<\/b><\/p>\n

Creating anonymous resources is possible due to the distributed network of servers called \u201cnodes\u201d or routers that operate on the principle of onion rings (hence its name is The Onion Router). All network traffic (i.e. any information) is encrypted repeatedly as it passes through several network nodes on its way to Tor. In addition, no network node knows either the source of the traffic or the destination or its content. This ensures a high level of anonymity making it impossible to determine who is behind the network activity, i.e. a real person.<\/p>\n

Who needs Tor?<\/b><\/p>\n

Tor has become a helpful solution for those who, for some reason, fear the surveillance and the leakage of confidential information. But as well as legitimate users, this technology also attracts the attention of cybercriminals. The Tor network has long been known for hosting a large number of resources carrying out illegal activity.<\/p>\n

Darknet Market Square<\/b><\/p>\n

Cybercrimal forums and market places are familiar on the Internet. Recently, Tor emerged as an underground marketplace. It all started from the notorious Silk Road market and evolved into dozens of specialist markets: drugs, arms and, of course, malware.<\/p>\n

Carding shops are firmly established in the Darknet. Stolen personal info is for sale with a wide variety of search attributes like country, bank etc. Offers for customers of this kind are not limited to credit cards. Dumps, skimmers and carding equipment are for sale too.<\/p>\n

A simple registration procedure, trader ratings, guaranteed service and a user-friendly interface \u2013 these are standard features of a Tor underground marketplace. Some of the stores require sellers to deposit a pledge \u2013 a fixed sum of money \u2013 before starting to trade. This is to ensure that a trader is genuine and his services are not a scam or of poor quality.<\/p>\n

Tor<\/b> and Bitcoin <\/b><\/p>\n

The development of Tor has coincided with the emergence of the anonymous crypto currency Bitcoin<\/a>. A combination of anonymous money in an anonymous environment means cybercriminals can remain virtually untraceable.<\/p>\n

Malware in Tor<\/b><\/p>\n

Cybercriminals have started actively using Tor to host malicious infrastructure. Kaspersky Lab experts found Zeus with Tor capabilities<\/a> and then detected ChewBacca<\/a> and finally analyzed the first Tor Trojan for Android<\/a>. A quick look at Tor network resources reveals lots of resources dedicated to malware \u2013 C&C servers, admin panels, etc.<\/p>\n","protected":false},"excerpt":{"rendered":"

The Onion Router Tor, one of the resources on Darknet, has been known for a long time. At first it was only known of by experts and enthusiasts interested in<\/p>\n","protected":false},"author":329,"featured_media":2946,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1486],"tags":[36,531],"class_list":{"0":"post-2945","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-threats","8":"tag-malware-2","9":"tag-tor"},"hreflang":[{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/demystifying-tor\/2945\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/demystifying-tor\/3044\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/demystifying-tor\/3331\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/demystifying-tor\/3302\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me-en.kaspersky.com\/blog\/tag\/malware-2\/","name":"malware"},"_links":{"self":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/2945","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/329"}],"replies":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=2945"}],"version-history":[{"count":1,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/2945\/revisions"}],"predecessor-version":[{"id":7265,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/2945\/revisions\/7265"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/2946"}],"wp:attachment":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=2945"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=2945"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=2945"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}