Kristov Atlas has developed a quick tool called TorBan which can warn of a Bitcoin-over-Tor de-anonymization attack, called the “Luxembourg Attack.” The “Luxembourg Attack,” first described by University of Luxembourg researchers Ivan Pustogarov and Alex Biryukov earlier this year, involves the use of thousands of Bitcoin nodes and a handful of controlled Tor exit nodes to “de-anonymize” users using Bitcoin over Tor.
The Luxembourg research paper, titled “Bitcoin over Tor isn’t a good idea” detailed the potential attack. The Bitcoin network has built-in denial-of-service (DoS) attack resistance. The network bans clients that are participating in DoS attempts. An attacker could DoS attack Bitcoin servers from the Tor network, and this would cause all of the benign Tor exit-nodes to be excluded from the Bitcoin network. From there, the attacker sets up his own Tor exit nodes, which a Bitcoin-over-Tor user would be forced to connect to.
To be clear, the “Luxembourg Attack” does not grant access to private keys: The attackers can’t spend your bitcoins. However, the Luxembourg attack may have been used to identify the location of Deep Web services recently taken down by Operation Onymous in the past week. Kristov Atlas, one of several software developers dedicated to a better world at the Open Bitcoin Privacy Project, developed the tool in recent weeks, even before the news of Operation Onymous was broken by main stream media.
How does TorBan work?
TorBan is a quick proof-of-concept that uses the public information of Tor exit nodes and the transparency of the Bitcoin blockchain to display “a historical record of Tor exit nodes used to connect to the Bitcoin network.” If the history of Tor exit nodes is suddenly replaced by all new nodes, it could show an ongoing de-anonymization attack attempt. Atlas explained:
“The attack relies on the use of public information. We can use that public information to detect such attacks.”
What do you think about TorBan? Comment below!
Images from Shutterstock.