Just using Tor can bring the cops to your door. While the security community was busy scolding the Harvard bomb threat kid for his poor OPSEC, this ugly revelation was largely ignored.
Malware authors are doing their part to remedy the situation; by adding thousands of infected hosts to the Tor network, they're making Tor traffic more common, and making dragnet investigation techniques less viable.
But the hackers need to step up and help too. By taking advantage of weak detection techniques in security tools, fake Tor traffic can be injected with some simple JavaScript. We'll show how easy it is to fool open source monitoring tools, and present a variety of options for testing your closed source gear.
In this fast-paced talk we'll cover how Tor traffic is detected, how false positives can be generated, and how you can help fight for anonymity on the Internet.