Never Heard of Tor? It is a Lurking Danger to Your Business You Need to Know

February 01, 2016


Here at NetWatcher we are seeing an increasing amount of Tor on our customer’s networks. Tor, short for The Onion Router, is a software that enables anonymous communication, and conceals the user’s location and usage activity. In many instances of network activity this communication is not good and potentially damaging to the company.



How Tor works:

Tor intercepts network traffic from the user’s computer and shuffles it through random computers before moving onto its destination. This process disguises the user’s location and makes it difficult for servers to identify and monitor the user. The computers involved in the routing process are called “relays.”

Tor can pose a threat for a number of reasons, including:

  • Cyber criminals are using it to hide when they are stealing information like bank credentials
  • It is used on the “Dark Web” for illicit activities
  • It is being used by employees to spy on their corporate networks

Users of Tor are also at risk of having malware implanted on their computer via Tor exit nodes or having their identity exposed.

Despite the risks, Tor is not always bad.

There are instances when Tor is not a bad thing, for example:

  1. Keeping websites from tracking you for advertising purposes
  2. Using websites that are blocked in your country
  3. Maintaining anonymity when communicating sensitive information or whistle-blowing

So is your traffic safe?

The weak link occurs when your data emerges at the exit node. Whatever you’re sending and receiving can easily be seen by the person operating the final exit node.

So while Tor provides for end-user anonymity at the network/packet level (IP Address), it does not provide for end-to-end data secrecy. The traffic coming off the exit node is exactly what protocol and data your application sent out and if that is clear text then the owner of the exit node can see everything. Repeat after me: Tor is not an end-to-end encryption tool.

Bad actors can also be manipulating these exit nodes for criminal gain. For example, a safe executable is downloaded but when it passes through a compromised exit node, malware is added to the package. Then, when you run your .exe file the malicious code separates itself and starts to run in the background.

The bottom line:

Tor is not safe for the average user. There are ways to use Tor with a VPN client to make it safer (see here), but only users that truly understand networking and security should be using such tools.

Your company network needs to be monitored and maintained in order to protect against the threats of Tor. NetWatcher’s Security Hygiene feature actively monitors networks 24/7 and warns you if there is suspicious activity happening on your network. It’s not easy to block Tor, but it is possible.