Maria Garnaeva & Denis Markrushin are members of Global Research and Analysis Team of Kaspersky.
[Abstract] In this track we will discuss the methods and tools that can be used by an attacker, who wants to get information about the user, his behavior and who implements not only trivial traffic analysis on the output nodes, but also combines the rendering features, onion-resources vulnerabilities exploitation and some misconfigurations of Tor Browser.
Tor with their "Onion" routing and I2P with "garlic" routing attracts more and more users as they are able to hide large volumes of traffic and important security events. Many researches show that the current implementation of the "network on top of the network" impugns the traditional idea about anonymous Internet.
We'll discuss what can be discovered about the darknet residents using some techniques and who may benefit from it. We will show what type of information can be leaked through JavaScript functions which are not added to blacklist by Tor Browser developers. Considering the attacking scenario also in the context of onion resources, we can come to the conclusion that the output nodes operation, vulnerable sites and darknet onion-doorways can produce the psychological portrait of the typical resident of the darknet. Also we will provide a little bit tasty statistics about Tor users and their behavior in the darknet.