Slashdot Mirror

← Back to Stories (view on slashdot.org)

US Treasury Dept: Banks Should Block Tor Nodes

Posted by Soulskill on from the cutting-down-the-orchard-to-get-rid-of-the-bad-apples dept.

tsu doh nimh writes: A new report from the U.S. Treasury Department found that nearly $24 million in bank account takeovers by hackers (and other cyber theft over the past decade) might have been thwarted had affected institutions known to look for and block transactions coming through the Tor anonymity network. Brian Krebs cites from the non-public report, which relied on an analysis of suspicious activity reports filed by banks over the past decade: "Analysis of these documents found that few filers were aware of the connection to Tor, that the bulk of these filings were related to cybercrime, and that Tor-related filings were rapidly rising. Our BSA [Bank Secrecy Act] analysis of 6,048 IP addresses associated with the Tor darknet found that in the majority of the SAR filings, the underlying suspicious activity — most frequently account takeovers — might have been prevented if the filing institution had been aware that their network was being accessed via Tor IP addresses." Meanwhile, the Tor Project continues to ask for assistance in adapting the technology to an Internet that is increasingly blocking users who visit from Tor.

3 of 84 comments (clear)

  1. Re:Tor WWW by Anonymous Coward · · Score: 2, Informative

    "So Tor has always had that problem, your messages travel the Internet, but the WWW refuses to give you service."

    Wrong. Nothing prevents a Tor user from browsing through 1, 2, 3, or more web proxies which further prevents them from being spotted as a Tor user or a Tor user using just 1 proxy.

    BrowserSpy has a nice proxy detection option. If you're going through Tor and then a web proxy, you can check proxy detection:

    http://browserspy.dk/

    No proxy is the best answer. Now you go find another web proxy, and another one and another one and just use them for a small window and never use them again. Mix it with loading a large website/image/download in the background.

    Just don't do this with anything involving legal matters. Just if you're browsing say WalMart's site or something. ^_^

  2. Re: Sounds stupid by Anonymous Coward · · Score: 2, Informative

    There are a few ways around this, the easiest is to just run an anonymous proxy server on their computer (one that runs without a GUI so it's invisible) and then run your browser through that.

    When I traveled I used to have a proxy server running at home so if I had to make it look like I was coming from home I could.

    You could also run a VNC server on their computer and actually open a browser on their screen, you just have to check if their monitor is off first which is possible with the Windows API, you could also check if the screensaver is on and then pray that they are away from the terminal long enough to do what you need to do and then put the screensaver back on.

    Probably the most common way though is to simply run a coded bot that would do this for you (the hacker) on the compromised computer, but you have to be really good at coding bots and make darn sure that you know which bank website is needed and what steps are required in proper sequence. Languages like Python or Perl make it very easy these days but then you may have to install a whole slew of libraries onto the target computer, it's best if you can get the bot into a single executable.

    Back before TOR and even today the best hackers route through dozens (hundreds) of compromised computers before the target host. It's always possible to trace but if you run through countries with uncooperative governments it could take forever to track back to the attacker and if they were using a spoofed MAC address from some random Internet cafe in Buenos Aires, forget about it.

    The only thing is, where would they transfer this money to or what would they buy? That's what requires the most clever thought process on the side of the attacker because accessing that money is the most traceable usually.

  3. Re:Initially, I worried by Anonymous Coward · · Score: 2, Informative

    Fail. The bank does not know where you are accessing their services from and it has no business knowing that info.

    Says who?

    Go and try to use your Credit Card in another country, in quick succession over a short period (say 24 hours) and then see how they may put a freeze on that card, and then require you to phone them up to unfreeze it and then get asked (quite rightly) a number of questions relating to where and when you made those transactions.

    This is no different in effect.

    I thank them for that frankly - I've had a few cases of my card being 'used' elsewhere after having travelled extensively for business in various countries overseas (in Europe mainly). Belive me, the banks will do anything to prevent liability to them, if you are going to anonymize or they are suspecting even a whiff of 'unusual' activity, they are going to stop you.

    You are using their services, you have to abide by their terms. Don't like it? There's always your mattress.