Published on July 31st, 2014 📆 | 3434 Views ⚑
Attackers breach TOR Network to De-Anonymize Users of Hidden Services
According to a security advisory
, Tor Team has found a group of 115 malicious fast non-exit relays (6.4% of whole Tor network), those were actively monitoring the relays on both ends of a Tor circuit in an effort to de-anonymize users.
"While we don't know when they started doing the attack, users who operated or accessed hidden services from early February through July 4 should assume they were affected," Tor said.
When you use Tor anonymizing network, your IP address remains hidden and it appears that your connection is coming from the IP address of a Tor exit relay or nodes, making it very difficult for anyone — malicious actor or a government spy agency — to tell where traffic is coming from and going to.
All the identified malicous relays were running Tor version 126.96.36.199/16 or 188.8.131.52/16 for over 5 months this year. According to the team, these evil relays were trying to de-anonymize Tor users who visit and run so-called hidden services on Deep Web i.e. “.onion”.
Tor Project leaders urged Tor relay operators to upgrade Tor software to a recent release, either 0.2.4.23 or 0.2.5.6-alpha, in order to close the critical vulnerability that was actively being exploited in the wild.
Tor team has now successfully removed all identified malicious relays from its Network and advised hidden service operators to change the location of their hidden service.
Till now, Tor network was major target for U.S National Security Agency and FBI, but something quite creepy also came into limelight just after the zero-day flaws discovered in the Tails operating system.
The Russian government also wants to crack Tor anonymizing network for which it is offering almost 4 million ruble (approximately equal to $111,000) for successful exploit.
The vulnerability could be related (but not for sure) to the research done by Alexander Volynkin and Michael McCord from Carnegie Mellon University i.e “Attacking Tor and de-anonymizing users”, which was originally scheduled to be delivered at Black Hat USA Conference this year. But unfortunately their talk was cancelled two weeks before, because their material had not been approved by the SEI for public release.