US Treasury Dept: Banks Should Block Tor Nodes

tsu doh nimh writes: A new report from the U.S. Treasury Department found that nearly $24 million in bank account takeovers by hackers (and other cyber theft over the past decade) might have been thwarted had affected institutions known to look for and block transactions coming through the Tor anonymity network. Brian Krebs cites from the non-public report, which relied on an analysis of suspicious activity reports filed by banks over the past decade: "Analysis of these documents found that few filers were aware of the connection to Tor, that the bulk of these filings were related to cybercrime, and that Tor-related filings were rapidly rising. Our BSA [Bank Secrecy Act] analysis of 6,048 IP addresses associated with the Tor darknet found that in the majority of the SAR filings, the underlying suspicious activity — most frequently account takeovers — might have been prevented if the filing institution had been aware that their network was being accessed via Tor IP addresses." Meanwhile, the Tor Project continues to ask for assistance in adapting the technology to an Internet that is increasingly blocking users who visit from Tor.

Missing info

The importance is not how many wrong/hacked/whatever amount of money came, but what is the percentage legit versus non elgit transaction. If the percentage was 10% (240 M$ per year Zx, 24M$ hacked) and you compare to the real world and , say 1T$, 3B$ hacked then it looks bad in comparison and there is a ground bank might think forbidding Tor. On the other hand if the % is reversed (% hacked/total) and there is more illegit Tx outside Tor then the discussion is not warranted. That info is missing. Without it nothing can be decided, except that the US governement does not like TOR maybe.

Re:Missing info

[vux984]

I have a few good reasons for visiting my bank via Tor,

Such as? I'm genuinely curious why you would need anonymity to connect to a bank, whereupon you would immediately log into an account that has your name, address, phone number, and probably even your SSN and a copy of your signature on file.

Blocking Tor is akin to saying "many robberies were performed by blacks, so we will no longer allow blacks into the bank".

Its more like blocking Tor is akin to saying "many robberies" were performed by people wearing a disguise, so we will no longer allow people wearing disguises into the bank.

That's nothing

[Opportunist]

A few BILLIONS of taxpayer money could have been saved from being squandered if we had installed a banking supervision deserving that name. At least AFTER the bailout we should have.

It's just plain idiotic if not outright dangerous to show them that we'll not only foot the bill if their high stakes gambling doesn't work out but also take no precaution whatsoever to keep them from repeating it!

24 millions? Pfffft, why're we even talking about chump change?

Not a strong chain if the IP is the strongest link

[itsme1234]

There are dozens and dozens of anonymous VPNs available, plus starbucks, McD and so on free wifi, etc.

If the strongest link in the chain the identify of the "last hop" connecting to the web server they're seriously screwd.

Banking is so insecure...

[bswarm]

I found a $25 withdrawal from my Savings account showing up as "Check converted to an electronic transaction by the merchant" from a Kohls store. I don't shop at Kohls, and that account doesn't even have checks, so this was either an error entering the account number or a crook. Kohls wouldn't give me any information on this saying it wasn't available, escalating it higher only got me a "we'll get back to you" which never happened. The bank said there's nothing they can do to prevent this from happening again except to close the account and reopen it with a different account number. The bank refunded the $25, but I would never have noticed if I hadn't checked all the transactions on the statement. Long story short, anyone can enter a routing and account number and make purchases if they get a lucky number that works.