Cybercriminals increasingly drawn to Tor anonymity and hidden services
Posted on 06 March 2014.
Initially created to help political dissidents bypass traffic restrictions and hide their online activity from authoritarian governments, the Tor anonymity network has long since become a great tool for cyber crooks to hide their criminal activities and infrastructure.

"Although the Tor infrastructure and cybercriminal resources are not on the same scale as the conventional Internet, we managed to find approximately 900 hidden services online at the current time," Kaspersky Lab expert Sergey Lozhkin shared in a recent blog post.

"There are also approximately 5,500 nodes in total and 1,000 exit nodes, but the possibility of creating an anonymous and abuse-free underground forum, market or malware C&C server is attracting more and more criminals to the Tor network."

Tor is a perfect place to hide your malicious infrastructure in the form of hidden services. Every now and then security researchers discover new criminal operations using Tor to host C&C servers their malware contacts for instructions (Chewbacca POS Trojan, Torec Android Trojan, etc.).

Such C&C servers have multiple advantages: they are hard to discover and to shut down, as well as difficult to blacklist.

Tor has also become a great hiding place for underground markets dealing in illegal items. Silk Road has, for a time, become a synonym for these markets, but since its inception and especially after its takedown by US authorities, a myriad of others have popped up like mushrooms after the rain, and its customers have continued offering and buying drugs, guns, malware, forgeries, illegal services, stolen personal and financial information, and so on (click on the screenshot to enlarge it):


Finally, all that "earned" money has to be laundered before ending up in the hands of the crooks. And, once again, Tor is the perfect place to do it, as it offers helpful Bitcoin laundering services.

"Cybercriminals can create an account, deposit bitcoins and they will be broken up into various quantities, transferred through dozens of different wallets to make any investigation highly complicated," Lozhkin noted.









Spotlight

Windows 0-day exploited in ongoing attacks, temporary workarounds offered

Posted on 22 October 2014.  |  A new Windows zero-day vulnerability is being actively exploited in the wild and is primarily a risk to users on servers and workstations that open documents with embedded OLE objects.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Oct 23rd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //