Unmasking The Anonymous: New Technique Can Identify Up To 70% Of VPN & Proxy Users

Scammers, hackers and identity thefts use a wide variety of tools to protect themselves from being identified. VPNs and proxy servers are some of the most popular protection tools they use because their online information, especially their IP address cannot be directly identified. Attacks are also getting complicated and a lot more dangerous - according to Nordlayer, industries that provide essential services such as healthcare and telecommunication are also under constant attack. For example, “92% Of U.S. Healthcare Organizations Experienced a Cyberattack in the Past Year” as reported by The HIPAA Journal in 2024.

Honeypots & Canarytokens As Deterrent

As these dangerous attacks increase with billions of losses in the industry, a powerful deterrent should be in place. An IT research presented by universities from India and Denmark could provide a relatively efficient solution to track and ultimately prevent attacks online especially to sensitive industries.

The process goes like this: honeypots are created and stored within the localhost in order to lure attackers. Attackers will eventually steal these digital assets inside the honeypot but will actually trigger Canarytokens - a token that can be used to identify attackers. With the help of a proxy server, the identity of the attacker is safely revealed. According to their official Github post, “Canarytokens help track activity and actions on your network.”

By using a honeypot with Canarytokens inside, attacks are immediately monitored and according to the research tokens' creator is immediately alerted and “The alert includes the attacker’s real IP address, user agent, and other relevant information, which can be used to identify and mitigate potential threats.”

IT Based Challenges With Honeypots & Canarytokens

On paper, this type of deterrent sounds like a great way to prevent and track attackers so they could be easily identified and be brought to justice. But it’s a big challenge especially at the IT infrastructure level. Establishing a proxy server just to monitor the activities of the localhost file as a honeypot could be resource heavy which could be costly in the long run. On the other hand, you don’t want to be a victim of ransomware which could cost millions of dollars as well as the danger of data breach.

This type of solution is also a double-edged sword because hackers could also use this type of set-up to identify their online visitors even if they use VPNs or proxy servers. It could be costly on their end but the ability to attract users and steal their information with very minimal effort is also a possibility.

Efficiency Of Honeypots With Canarytokens

According to the research, their success rate is not 100% but has an impressive output especially on Tor Network, VPN and Proxy Servers:

It should be noted as well that success was also dependent on the type of network used for an attack. Attacks “with corporate networks yielding the highest success (70%) and public Wi-Fi presenting the greatest challenges (50%).”

While it is a promising solution for attack prevention especially for sensitive industries, more work is needed to study and effectively implement these safety tools. The researchers are optimistic that additional tools such as use of machine learning and AI could increase the efficiency rate of this type of security protocol.