Social Attacks on Anonymity Networks

Presented at DEF CON 15 (2007), Aug. 4, 2007, 1 p.m. (50 minutes)

Any attacker can scam one or two users into revealing themselves, but do you know how to talk an entire community of smart hackers into weakening its anonymity? In spite of progress in traffic analysis, social engineering attacks remain the most effective way to break users' anonymity and one of the best force multipliers for traditional traffic analysis attacks. Why bother doing traffic analysis when you can trick users into isolating themselves using nothing more than an IRC client? I'll discuss social attacks to circumvent and weaken existing anonymity networks, from the obvious to the intricate. This talk will include analysis of historical attacks against the Mixmaster and Cypherpunk remailer networks, and advice for building and using anonymity tools to resist these attacks.

Presenters:

• Nick Mathewson
  Nick Mathewson Nick Mathewson is an anonymity researcher, software engineer, and privacy hacker. His research at MIT concentrated in verifying privacy properties in Java bytecodes; he received an M.Eng in 2000. Since 2002, he has worked on anonymity, first as lead developer on Mixminion; and as a core developer on the Tor Project since 2002. His research focuses on attacking and strengthening anonymity networks. He lives in Cambridge, Massachusetts.

Links:

• https://defcon.org/html/defcon-15/dc-15-speakers.html#Mathewson
• https://infocon.org/cons/DEF CON/DEF CON 15/DEF CON 15 video/DEF CON 15 - Mathewson - Social Attacks On Anonymity Networks - Video.mp4
• https://www.youtube.com/watch?v=UYgsexE-Kxc

Similar Presentations:

• The Fifth HOPE (2004) / Ten Years of Practical Anonymity
• The Fifth HOPE (2004) / How To Break Anonymity Networks
• ToorCon: Seattle (Beta) (2007) / Brokered Anonymity