Latest posts by Alvin Bryan (see all)
- Millionaire Tyupkin Malware ATM Hackers May Come to US, India After Hitting Europe - October 23, 2014
- BitLicense Will Allow Bitcoin Spying in New York - October 22, 2014
- Australians are Fighting Data Retention Laws - October 22, 2014
Tor, also known as the Onion Router, has been breached. Tor reported the relay early traffic attack on July 30th. The attack came from outside, and was aimed at users and operators of hidden services on the Dark Web. Anyone of these on the network between February and July were probably affected.
Tor discovered the breach on July 4 and the attacking relays were immediately removed. They say that attackers probably did not see any actual pages or services loaded by users. Tor said that it may have been Carnegie-Mellon University researchers who attempted to breach the network to decloak users. The team declined to comment, however. The researchers were scheduled to reveal the hack at the upcoming Black Hat conference, but the talk was cancelled. There were legal considerations because their findings were not approved for public presentation, but the research team may still be at work. And the techniques applied for the attack are similar to those purportedly used by the group.
Another possibility is that the relay attack was a government effort. The NSA and the GCHQ have been suspected of trying to breach the Tor network since the Snowden documents revealed evidence of traffic monitoring through their XKeyscore program. Tor still gets part of its funding from the US government. It is therefore highly likely that the government would want to know how the network is used. Because the attack targeted real users, it is more likely that the government was behind this attack. Researchers would not do this because of legal hindrances. However, they work for a university software engineering lab that is funded by the government through the Department of Defense.
Tor is used by many people to anonymize their Internet activities. The attack was aimed at revealing these identities. Internet traffic is rerouted when using Tor, which hides users’ identities and where the traffic came from. Tor is not sure what effect the breach has had on hidden services users and operators. It warns all of them who were accessing these services from February to July 4 that they were likely affected. It also urges all relay operators to apply software updates.
Extra Protection from VPNs for Tor
The Dark Web is a place where people feel safe from all the trackers and surveillance that happens regularly on the open Internet. People on the open Internet normally use VPNs for Tor-like anonymity. But since Tor was rumored to be vulnerable, some have used VPNs for Tor browsing as well. In light of the recent report, using VPNs for Tor is a good idea. The network was vulnerable for 5 months, plenty of time for a lot of users to be compromised. VPNs for Tor will add an extra layer of security to Tor users and people who are active on both the Dark Web and the open Internet. There is a possibility, though slight, that attackers also connected Tor users to non-hidden destinations on Tor circuits. No exit relays to the open Internet were detected. In any event, those who heeded earlier warnings and used VPNs for Tor would have been better protected against this attack.