Tor Hacked

The online privacy tool Tor yesterday announced that it was recently hit by an attack aimed at deanonymizing users.

The attack, according to Tor co-founder Roger Dingledine, involved modifying Tor protocol headers to execute traffic confirmation attacks. “The attacking relays joined the network on January 30, 2014, and we removed them from the network on July 4,” Dingledine wrote in a blog post announcing the breach.

“While we don’t know when they started doing the attack, users who operated or accessed hidden services from early February through July 4 should assume they were affected,” Dingledine added.

It’s not clear at this point exactly what the attackers were able to see.

“We know the attack looked for users who fetched hidden service descriptors, but the attackers likely were not able to see any application-level traffic (e.g. what pages were loaded or even whether users visited the hidden service they looked up),” Dingledine wrote. “The attack probably also tried to learn who published hidden service descriptors, which would allow the attackers to learn the location of that hidden service.”

Researchers at Carnegie Mellon University recently canceled a planned talk called “You Don’t Have to be the NSA to Break Tor: Deanonymizing Users on a Budget” at the upcoming Black Hat conference in Las Vegas.

In his blog post, Dingledine noted, “We spent several months trying to extract information from the researchers who were going to give the Black Hat talk, and eventually we did get some hints from them about how ‘relay early’ cells could be used for traffic confirmation attacks, which is how we started looking for the attacks in the wild.”

“In fact, we hope they were the ones doing the attacks, since otherwise it means somebody else was,” Dingledine added.

Josh Cannell, senior researcher at Malwarebytes Labs, said by email that while the Tor network is both resilient and successful at providing online privacy, it isn’t perfect.

“It’s important to remember that Tor protects against traffic analysis, but does not protect against traffic confirmation attacks, or endpoint correlation; the folks at Tor have even stated that traffic confirmation remains an ‘open research problem,'” Cannell said. “Tor first released a blog [post] about traffic confirmation attacks in 2009, and it is has been a reoccurring problem since then.”

“The mentioned protocol vulnerability has recently been patched with the latest Tor release,” Cannell noted. “Current Tor users need to upgrade to this version to continue protecting their privacy while using Tor.”

Jeff Goldman
Jeff Goldman
Jeff Goldman is an eSecurity Planet contributor.

Top Products

Top Cybersecurity Companies

Cybersecurity is the hottest area of IT spending. That's why so many vendors have entered this lucrative $100 billion+ market. But who are the...

Top CASB Security Vendors for 2021

Any cloud-based infrastructure needs a robust cloud access security broker (CASB) solution to ensure data and application security and integrity. After carefully surveying the...

Top Endpoint Detection & Response (EDR) Solutions for 2021

Endpoint security is a cornerstone of IT security, so our team put considerable research and analysis into this list of top endpoint detection and...

Top Next-Generation Firewall (NGFW) Vendors

Cybersecurity is getting more complicated, and so are security products. NGFWs are no exception, and IoT devices and the work-from-home craze that began in...

Related articles