In recent years, a combination of Onion routing and the Tor network have allowed users stay hidden with great internet privacy. This is appealing to many people concerned about increasing widespread and sophisticated internet surveillance. Unfortunately, it also provides an environment for hackers and internet fraudsters to flourish. Such locations are sometimes referred to as the “Darknet”.
Onion routing provides anonymous network communication by sending encrypted messages through multiple network nodes, referred to as onion routers. Since each onion router removes a portion of the encrypted message to reveal additional routing instructions, the analogy to peeling an onion is appropriate.
Tor is free software network that uses onion routing to direct Internet traffic through a free volunteer network that conceals a user’s location or usage from any network surveillance or traffic analysis. Tor began as project by the US Naval Research Labs and is currently operated by a legitimate non-profit project in the US. The Tor project organization asserts that it provides a valuable service for people who seek anonymity for legitimate reasons, including political activists, the media and their sources, the military and law enforcement.
According to the Tor web site: “Tor protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, and it prevents the sites you visit from learning your physical location.”
While Internet privacy is a legitimate, even noble purpose, it’s no wonder Tor started attracting a criminal element as well.
Earlier this month, we posted an article about the banking virus ZeuS which uses Tor for communication. The latest malware discovery being widely discussed in Internet security circles also relies on Tor to communicate with its clients and is nicknamed Chewbacca.
Chewbacca is a banking Trojan that steals victims login credentials and uses Tor to disguise its command and control communications. Fortunately, Chewbacca does not appear to have spread widely yet. However, it is an example of double edge sword that Tor’s privacy protection offers.