The problem of user de-anonymization on the Darknet becomes more and more popular. The report will cover a variety of exploits for vulnerabilities in .onion resources and configuration flaws that can be utilized to obtain information on Tor users.

1. TOR, I2P, FREENET… FOR WHAT?

2. DEANONYMIZATOR
… THE END OF ANONYMITY ON ANONYMOUS NETWORKS
Denis Makrushin (@difezza), Maria Garnaeva
Global Research and Analysis Team

3. «I KNOW WHAT YOU DID LAST SUMMER»

4. … BUT HOW?!

5. EXPLOITS, FINGERPRINTING… YEP-YEP.

6. FLASH, HTML5, ENTRY-NODE DETECTION… YEP-YEP.

7. BUT HOW …
… did they found my mega-private-0day-forum?!
… did the found me?!

8. PASSIVE DATA COLLECTION SYSTEM
… OR HOW DID THE FOUND MY MEGA-PRIVATE-0DAY-FORUM?!

9. >> EXITPOLICY ACCEPT *:*

10. >>TSHARK –I 1 –W DUMP.PCAP

11. TOR-USER’S PSYCHOLOGICAL PORTRAIT

12. PSYCHOLOGICAL PORTRAIT. PART TWO.

13. BlackMarket,
14.32
DDoS-
campaign,
3.03
FinancialServ
ices, 2.82
DarknetHost
er, 1.86
Russian,
1.70
Leaks&Servi
ces, 1.70
Pedophile,
1.65
Asian, 0.85
Pornographie
, 0.85
Hacker&Mali
cious, 0.80
Search
Engines,
0.64
Gambling,
0.53
Arabic, 0.11
Other
19%
Common
59%
No Content
22%

14. ACTIVE DATA COLLECTION SYSTEM
… OR KNOCK-KNOCK, DUDE!

15. TRAFFIC INJECTION… YEP-YEP.

16. TELL ME, WHO ARE YOU?

17. SO DIFFERENT COOKIES

19. MEANWHILE, IN TOR BROWSER

20. LET ME MEASURE YOUR TEXT

21. GETBOUNDINGCLIENTRECT()
FONT VALUE
Impact 3409372
Georgia 3344049
Courier New 3430809
Consolas 3392005
MS Gothic 3383290

22. “YEP-YEP, WE KNOW” – TOR PROJECT

23. PROOF-OF-CONCEPT: PREPARING PATIENT

24. PROOF-OF-CONCEPT: INJECT IT!

25. PROOF-OF-CONCEPT: ANALYZE IT!

26. XSS IS A PAIN OF ONION

27. VECTOR OF ATTACK

28. I KNOW YOU BY THE FONTS

31. THANK YOU!
QUESTIONS?
denis.makrushin@kaspersky.com
maria.garnaeva@kaspersky.com
http://twitter.com/difezza