Sign up to our newsletter
Tor has been used to mask the identities of cybercriminals in a significant number of bank frauds for over a decade, according to a US Treasury Department report obtained by Brian Krebs on his Krebs on Security website.
According to the report, released on December 2, the Financial Crimes Enforcement Network (FinCEN) discovered that of 6,048 suspicious activity reports filed by banks between August 2001 and July 2014, 975 – totaling nearly $24 million in fraudulent activity – used one or more of 6,000 known network nodes.
“Analysis of these documents found that few filers were aware of the connection to Tor, that the bulk of these filings were related to cybercrime, and that Tor related filings were rapidly rising,” states the report. “Our BSA [Bank Secrecy Act] analysis of 6,048 IP addresses associated with the Tor darknet found that in the majority of the SAR filings, the underlying suspicious activity — most frequently account takeovers — might have been prevented if the filing institution had been aware that their network was being accessed via Tor IP addresses.”
Tor usage for bank fraud is increasing fast, too. Examiner reports that the number of filings between October 2007 and March 2013 rose 50 percent. From March 2013 to July 2014, they rose another 100 percent.
Ars Technica points out that despite the concern around Tor usage, banning the service for use in financial transactions is not the guaranteed fix it would seem: “For one thing, the approach wouldn’t be likely to provide a lasting benefit, since criminals have other resources besides Tor for covering their tracks. Additionally, banking restrictions on Tor could harm the privacy service. Current restrictions in place against Tor already pose an existential threat to its users and threaten to put them into a silo that’s separate from non-private IP addresses.”
Speaking to Krebs On Security, Nicholas Weaver, a researcher at the International Computer Science Institute at the University of California, Berkeley, argues that there’s a ‘no-win’ situation for sites with special measures for Tor users, forcing collateral damage to legitimate users. “For some sites, such as Wikipedia, there is perhaps a middle ground. But for banks? That’s another story.”
Author Alan Martin, ESET