未加星标

DRM-Protected Files Used to Deanonymize Tor Browser Users

字体大小 | |
[系统(windows) 所属分类 系统(windows) | 发布者 店小二05 | 时间 2017 | 作者 红领巾 ] 0人收藏点击收藏

DRM-Protected Files Used to Deanonymize Tor Browser Users
Downloading and opening windows DRM-protected multimedia files could reveal the IP addresses of Tor users without their knowledge.

Up until recently, DRM-protected multimedia files have been used in Windows primarily to spread malware.

Though in use since 2005, security researchers from HackerHouse have recently discovered a whole new facet of DRM attacks one that poses a great risk to users of Tor browser.


DRM-Protected Files Used to Deanonymize Tor Browser Users

Tor users can give away their real IP addresses when they download and attempt to open DRM-protected multimedia files in Windows , according to the HackerHouse security researchers.

And while the risk of exposure for users is high when DRM-protected files come into play, few of them are aware of how DRM-protected files can aid in their arrest and identification despite the use of Tor.

DRM-Protected Files Have Been Used as Malware Carriers

In past scenarios, the DRM-protected files lured users to an unknown URL purportedly to validate the software’s license before it could be used.

The files would open via Windows Media Player by default before a popup would redirect the user to the required URL.

This authorization URL is what hackers are banking on to expose Tor users. Predominantly, they can be modified to redirect the users to files with hidden malware or even exploit kits, giving the authors of these links full control over what type of malware or damage they want to inflict on the unsuspecting DRM-protected file downloaders.

Unsigned DRM Files Used to Spread Malware and Decloak Tor Browser Users

According to the security researchers from HackerHouse, the redirecting popup would only prompt the user to visit the authorization URL if the DRM file(s) is not signed using the proper tools.

Alternatively, the attacker can opt to sign the DRM-protected file with certified Microsoft SDKs such as the likes of Microsoft Expression Encoder.

In this scenario, instead of a popup, Windows Media Player will covertly open the browser and access the authorization URL whether the Tor user approves of the action or not.

This Method of Decloaking Tor Users is Expensive
DRM-Protected Files Used to Deanonymize Tor Browser Users
Despite the fact that they can be used to easily reveal the true IP addresses of Tor users.

To properly sign DRM-protected multimedia files, one would have to part with about $10,000, a sum of money that most malware authors will not be able to easily raise given the low-end nature of their attacks.

Furthermore, DRM attacks are too specialized to be fully accepted by malware authors unanimously, despite the fact that they can be used to easily reveal the true IP addresses of Tor users.

Nevertheless, state-sponsored malware authors will not be particularly bothered with the huge sum that goes into identifying anonymous users.

Law enforcement agencies will no doubt adopt this new method of catching criminals hiding under the cloak of Tor, specifically in the ongoing war against the deep web drug trade.

And since state and various government agencies have the resources needed to create the infrastructure necessary to conduct expensive attacks such as these, it will not be surprising if this kind of malware infrastructure becomes exclusively associated with the state and the federal government.

Possible Ways DRM-Protected Files will Reveal Tor Users

Perhaps the most wanted deep web browsers are those who dabble in child pornography. By setting up fake child pornography sites with properly signed DRM-protected multimedia files, law enforcement will be able to track down this particular breed of Tor users when they access the sites.

ISIS militants and other homegrown and foreign terrorists hiding behind Tor can also be caught up with using this approach, in addition to the usual drug and weapons traders who make up the bulk of illicit Tor users.

DRM-protected files will have numerous applications especially for catching criminals, dissidents, and terrorists who utilize the Tor network.

本文系统(windows)相关术语:三级网络技术 计算机三级网络技术 网络技术基础 计算机网络技术

主题: Windows
分页:12
转载请注明
本文标题:DRM-Protected Files Used to Deanonymize Tor Browser Users
本站链接:http://www.codesec.net/view/533210.html
分享请点击:


1.凡CodeSecTeam转载的文章,均出自其它媒体或其他官网介绍,目的在于传递更多的信息,并不代表本站赞同其观点和其真实性负责;
2.转载的文章仅代表原创作者观点,与本站无关。其原创性以及文中陈述文字和内容未经本站证实,本站对该文以及其中全部或者部分内容、文字的真实性、完整性、及时性,不作出任何保证或承若;
3.如本站转载稿涉及版权等问题,请作者及时联系本站,我们会及时处理。
登录后可拥有收藏文章、关注作者等权限...
技术大类 技术大类 | 系统(windows) | 评论(0) | 阅读(21)