Security News > 2022 > June > How to de-anonymize fraudulent Tor web servers

One of the common techniques used by these threat actors to try to add a strong layer of anonymity consists of using The Onion Router network to hide the location of their servers.

It is important to note that servers hosted on the Tor network are just typical servers hosted on the Internet - users are merely accessing them via a special network.

Figure A. If a TLS certificate from a threat actor is indexed on the surface web, it will lead to the web server that is using the Tor network so the hosting is fully de-anonymized.

Figure B. Once again, using Shodan, it is possible to match favicons found on a fraudulent website hosted on the Tor network with favicons on the surface web.

Figure C. Using its favicon from the dark web, they found its equivalent on the surface web and could locate the threat actor's web server.

By using different investigative techniques, including those exposed in this article, it is possible to de-anonymize some fraudulent servers and obtain information about the threat actor itself.

News URL

https://www.techrepublic.com/article/deanonymize-fraudulent-tor-servers/