The Hacker News Logo
Subscribe to Newsletter

Attackers Compromise TOR Network to De-Anonymize Users of Hidden Services

Attackers Compromise TOR Network to De-Anonymize Users of Hidden Services
A critical vulnerability in Tor — an encrypted anonymizing network considered to be one of the most privacy oriented service, which is used by online users in order to hide their activities from law enforcement, government censors and others — was probably being used to de-anonymize the identity of Tor users, Tor project warned on Wednesday.

115 MALICIOUS ToR RELAYS WERE DE-ANONYMIZING USERS
According to a security advisory, Tor Team has found a group of 115 malicious fast non-exit relays (6.4% of whole Tor network), those were actively monitoring the relays on both ends of a Tor circuit in an effort to de-anonymize users.
"While we don't know when they started doing the attack, users who operated or accessed hidden services from early February through July 4 should assume they were affected," Tor said.
When you use Tor anonymizing network, your IP address remains hidden and it appears that your connection is coming from the IP address of a Tor exit relay or nodes, making it very difficult for anyone — malicious actor or a government spy agency — to tell where traffic is coming from and going to.

All the identified malicous relays were running Tor version 50.7.0.0/16 or 204.45.0.0/16 for over 5 months this year. According to the team, these evil relays were trying to de-anonymize Tor users who visit and run so-called hidden services on Deep Web i.e. “.onion”.

UPGRADE TO LATEST TOR RELEASE
Tor Project leaders urged Tor relay operators to upgrade Tor software to a recent release, either 0.2.4.23 or 0.2.5.6-alpha, in order to close the critical vulnerability that was actively being exploited in the wild.

Tor team has now successfully removed all identified malicious relays from its Network and advised hidden service operators to change the location of their hidden service.

TAILS OS FLAW TO DE-ANONYMIZE USERS
Just few days back, we reported about a similar issue in TAILS OS, a privacy and security dedicated Linux-based operating system. A critical zero day vulnerability was discovered by the researcher at Exodus Intelligence that could help attackers or law enforcements to de-anonymize anyone’s identity. Researcher said the flaw actually lies in the I2P software that’s bundled with the Operating System.

However, Exodus Intelligence is working with the the Debian-based Linux distribution - Tails and I2P coders to get the patch soon.

RUSSIA OFFERS $114,000 FOR CRACKING ToR
Till now, Tor network was major target for U.S National Security Agency and FBI, but something quite creepy also came into limelight just after the zero-day flaws discovered in the Tails operating system.

The Russian government also wants to crack Tor anonymizing network for which it is offering almost 4 million ruble (approximately equal to $111,000) for successful exploit.

ToR FLAW RELATED TO CANCELED BLACKHAT TALK?
The vulnerability could be related (but not for sure) to the research done by Alexander Volynkin and Michael McCord from Carnegie Mellon University i.e “Attacking Tor and de-anonymizing users”, which was originally scheduled to be delivered at Black Hat USA Conference this year. But unfortunately their talk was cancelled two weeks before, because their material had not been approved by the SEI for public release.

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.