Using Bitcoin Transaction Analysis In Deanonymizing Users of Tor Hidden Services

https://www.deepdotweb.com/2018/01/02/using-bitcoin-transaction-analysis-deanonymizing-users-tor-hidden-services/

http://qspace.qu.edu.qa/handle/10576/5797

It is interesting to note that blockchain analysis is such a problem that it can actually jeaprodize the anonymity of Tor users.

Good thing multisig and subaddresses are coming to Monero very soon (next wallet release).


Comments


[17 Points] Raverdewd2018:

Sounds like dumbasses linked a BTC wallet on social media or forums then used that wallet or one associated with it to send funds to the darknet. This is user error.


[8 Points] goldenfishx:

Their conclusion, last lines: In particular, we show that Bitcoin addresses should always be assumed as compromised and can be used to deanonymize users.

Good thing multisig and subaddresses are coming to Monero very soon (next wallet release).

Don't forget about bulletproofs, that will slash transaction fees over 82%!


[4 Points] technicalextacy:

From DDW 3.1.18 DARK WEB

Using Bitcoin Transaction Analysis In Deanonymizing Users of Tor Hidden Services

POSTED BY: TAMER SAMEEH JANUARY 2, 2018 IN ARTICLES, FEATURED 2 COMMENTS

Anonymity over the world wide web has never been a more critical issue. To achieve bulletproof anonymity, multiple solutions are being currently implemented by internet users all over the world. The most popular of which is the Tor network that represents the busiest anonymous communication network on the internet serving millions of users every day. Tor also enables webmasters to preserve their anonymity via hosting their websites on Tor in the form of hidden services.

Bitcoin is still the most preferred payment method over the Tor network, and other Darknets too, even though its anonymity and privacy features are far from being perfect. Dependence on bitcoin, as a main payment method, greatly undermines the anonymity of both Tor users and webmasters of hidden services. Even though several research studies have proven that transactions over bitcoin’s network are not anonymous, bitcoin is by far the most widely used currency on the deep web. Researchers have recently proven that even if bitcoin is used over decentralized networks such as Tor, users are still susceptible to deanonymization attacks and man-in-the-middle attacks, namely at the network level. Users of Tor’s hidden services represent a special category of bitcoin users who are greatly concerned about their anonymity, simply because users and webmasters of hidden services rely on Tor to preserve their anonymity. Nevertheless, they are both vulnerable to deanonymization once their bitcoin addresses have been revealed. Via analyzing transactions sent and received by these addresses, a great deal of information can be obtained and utilized to conclude sensitive information regarding Tor’s hidden services and their users, leading to successful linking of a user to a specific hidden service.

A recently published paper provided the first ever research study to highlight how the combination of publicly available data from various online social networks, such as Twitter, Bitcointalk.org…etc, and bitcoin’s network and Tor’s hidden service can leak sensitive information that can lead to deanonymization of users of the Tor network.

How Were Tor Users Deanonymized Via Their Bitcoin Transactions?

Via studying the landing pages of various Tor hidden services, the researchers found out that it is relatively easy to obtain the bitcoin address of each of these services. Consequently, they used a special crawler to analyze 1,500 pages of various Tor hidden services and compile a list including 105 bitcoin addresses which were controlled by these services, in addition to a few addresses linked to ransomware. They also crawled Twitter and Bitcointalk Forum for publicly published bitcoin addresses. 5 billion tweets and 1 million forum pages were crawled yielding 4,200 and 41,000 online identities respectively, along with their bitcoin addresses, in addition to their personal information.

The transactions of the obtained bitcoin addresses were analyzed to link bitcoin users, whose identities were identified by their social network profiles, to Tor hidden services. This led to successful linking of identities with certain Tor hidden services and accessing their full transaction history over bitcoin public ledgers. Via a simple heuristic approach, the researchers complemented the transaction analysis with a special wallet closure technique to expand the obtained bitcoin addresses per user. As such, for each bitcoin address in the study’s compiled list, the researchers were able to detect other addresses controlled by the same user owning that address. Consequently, they managed to boost the number of detected links between users and various Tor hidden services; thus, increasing the number of users who were successfully deanonymized.

The study successfully linked 81 users to several Tor hidden services including WikiLeaks and The Pirate Bay. Closure analysis increased the number of successfully deanonymized users to 125. Further analysis via means of two cases studies, the researchers managed to deanonymize users of The Pirate Bay’s Tor hidden service, revealing their personal information including age and geolocation. Another case study revealed users of various ages, from various parts of the world, who had links to bitcoin addresses of the Silk Road. Interestingly enough, one of those users was 13 years old, who used multiple social media accounts that showed his real world identity!

Analysis of the economic activity of the studied Tor hidden services revealed that the addresses of the Darknet Bitcoin Mixer and the Wikileaks were amongst the addresses receiving most of the payments on Tor. Also, the flow of money in and out of hidden services was almost identical, denoting that operators of hidden services don’t leave their funds on the addresses they use for receiving payments; instead, they usually distribute the received coins to other addresses.


[1 Points] EternalTurmoil:

This isn't very impressing? Very small number of users identified.


[1 Points] rankinrez:

This is just about Bitcoin and Blockchain analysis.

There are no flaws in TOR described in this.


[1 Points] Thielian:

Check out Cash Shuffle. It's a plugin for Electron Cash (Bitcoin Cash SPV / light wallet) that allows Bitcoin Cash mixing for low fees.

/u/chaintip $5


[1 Points] MandyThatGirl:

Block Chain Anal Lazers and Pencil Neck Protectors.

A New book by Mandy.


[1 Points] MoneroShill:

monero


[-6 Points] Avengerhack:

Blockchain analysis is stupid. It'll be nearly impossible to lead to a conviction.