HOUSTON: The Tor network can not protect web users from cyber criminals and state hackers, according to a top security expert.
Speaking at Microsoft's TechEd conference, Andy Malone, founder of the Cyber Crime Security Forum and a Microsoft most valued professional (MVP), said that despite the robust nature of the Tor network, its use of third-party add-ons means there are still ways to track, spy and steal data from its users.
"There is no such thing as really being anonymous on the internet. If [hackers and government agencies] want you, they will get you," he said.
"At the moment the Tor network's security has never been broken, but there are flaws around it that can be exploited.
"Tor leaks do occur through third-party apps and add-ons, like Flash. If I was doing forensics on you and thought you were on Tor I wouldn't attack the network I'd attack the weak areas around it."
The Tor network is an anonymising open source project designed to let users surf the internet anonymously and access the dark web, the area of the internet not indexed on public search engines.
It anonymises users' web movements by directing and scrambling internet traffic through a volunteer network of more than 5,000 relays.
However, Malone highlighted several ways in which hackers and government snoops could target Tor users.
"You can get people on Tor in a variety of ways. You could do a time attack, which involves catching traffic between relays," he said.
"You could also do entry and exit monitoring, which involves dropping a zero-day on the actual machine accessing Tor or hosting an exit node and monitoring what's going in or out of it."
Malone said that law enforcement agents are actively working to develop other more direct ways to break in to the Tor network and monitor its users.
"I work with, and issue recommendations for, law enforcement and I'm telling you now, the dark web is heavily monitored. The NSA and GCHQ are already monitoring hundreds of Tor relays and exit nodes and trying to find ways to break the network down," he said.
"Many of the unindexed sites you see on Tor also have honey pots set up by law enforcement to monitor and catch the bad people accessing the dark stuff."
Malone's comments come after widespread reports from security providers that criminals are developing new ways to take advantage of the Tor network's anonymising powers.
Experts from Kaspersky Labs reported in March that they had uncovered evidence that criminals plan to release a fresh wave of advanced cyber attack campaigns using the Tor network.
Despite its use by criminals, many legitimate businesses have begun using Tor to protect sensitive communications and intellectual property following the Prism scandal.
News broke when whistleblower Edward Snowden leaked documents to the press proving that the NSA was exploiting US legislation and backdoors in mainstream security technologies to collect vast amounts of web user data.
The NSA's activities have led businesses to consider using open source technologies unaffiliated with any one nation, or political body, like Tor, which, according to Malone, now has an average of 60,000 to 80,000 users a day.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago