Hackers Confirm Russia’s FSB Still Aims to Deanonymize Tor Traffic

For quite some time now, there have been persistent rumors regarding Tor being deanonymized. Although it is a known fact the NSA is capable of doing so, albeit it remains to be seen if they will explore that option. Russia’s FSB, however, is effectively working on such a project with the help of SyTech. 

SyTech and FSB Join Forces

In Russia, things are often done completely different from the rest of the world. There is nothing wrong with exploring other options, albeit the country has built up a solid reputation which isn’t all that positive. The recent findings, which came to light following a hack, will not help matters much in this regard. The information itself should not come as too big of a surprise to tech enthusiasts.

The hackers in question successfully attacked and breached, Syech, a company contracted by Russian national intelligence service FSB. Among the information obtained during this breach are details regarding internal projects being developed. One of those ventures focuses on deanonymizing Tor traffic. That in itself once again confirms this protocol is not only not as anonymous as one thinks, but also under active attacks by the world’s superpowers.

This project is internally known as Nautilus-S, and is quite similar to Nautilus. More specifically, Nautilus is a project for collecting data on social media users, targeting platforms such as LinkedIn and Facebook. Nautilus-S is designed to deanonymize Tor traffic by setting up rogue servers which act as gateways. This approach is not entirely new, as there have been genuine concerns regarding malicious Tor servers for many years now. 

Unlike what one might think, the Nautilus-S project was effectively put to the test in 2012. After years of development, it was finally put into a working tool in 2014. It did not take long for foreign researchers to take note of what was going on and how hostile Tor exit nodes could pose major problems. Ever since that time, it remains uncertain if the project was still in operation. It seems logical to assume someone is exploring the option of using rogue Tor servers, but it might not necessarily be the FSB.

Back in 2014, a total of 25 malicious exit nodes were identified, of which 18 were hosted in Russia. That doesn’t mean the rest of the servers weren’t under Russian control either, albeit further research is necessary to determine how this plan worked exactly. Even so, it poses a legitimate threat to Tor users around the world, especially now that the information regarding this project has been obtained by hackers. 

For the time being, it remains to be seen if and how Tor will be affected by these revelations. Its developers have been working on ways to ignore potential rogue servers, albeit there is never a foolproof solution. Anyone can create  Tor exit node at any given time and with limited effort. As such, there will always be a chance someone is trying to deanonymize this type of internet traffic for an unknown purpose.