You are here: Home / Network Security / Tor Internet Privacy Service Breached
The Innovative CIO:
Stanford Graduate School of Business weeklong immersion program.
Download Brochure.
Tor Internet Privacy Service Warns Users It Was Breached
Tor Internet Privacy Service Warns Users It Was Breached
By Jennifer LeClaire / NewsFactor Network Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus

You may never have heard of the Tor Project, but the anonymous browsing service is making headlines on Wednesday. Tor’s developers are warning users they might be victims of an attack launched against the project in early 2014.

In a blog post, Tor said it found a group of relays it assumed were trying to deanonymize users. Specifically, those relays appear to have been targeting people who operate or access the browsing service’s features. The attack essentially modified Tor protocol headers to do traffic confirmation attacks.

“The attacking relays joined the network on January 30 2014, and we removed them from the network on July 4,” the developers said in a blog post. “While we don't know when they started doing the attack, users who operated or accessed hidden services from early February through July 4 should assume they were affected.”

Who Was 'Affected'?

The news gets worse from there. Tor can’t confirm what “affected” includes. All they know is the attack searched for users who fetched “hidden service descriptors.” Tor suspects the attackers could not actually see any application-level traffic, such as what pages were loaded or whether users visited the hidden service they looked up. But no one is completely sure.

“The attack probably also tried to learn who published hidden service descriptors, which would allow the attackers to learn the location of that hidden service. In theory the attack could also be used to link users to their destinations on normal Tor circuits too, but we found no evidence that the attackers operated any exit relays, making this attack less likely,” the blog post said. “And finally, we don't know how much data the attackers kept, and due to the way the attack was deployed … their protocol header modifications might have aided other attackers in deanonymizing users too.”

Tor developers said relays should upgrade to a recent Tor release or close the particular protocol vulnerability the attackers used, then reminded that preventing traffic confirmation in general remains an open research problem.

“Clients that upgrade -- once new Tor Browser releases are ready -- will take another step towards limiting the number of entry guards that are in a position to see their traffic, thus reducing the damage from future attacks like this one,” the developers said. “Hidden service operators should consider changing the location of their hidden service.”

Tor is Quick to React

We caught up with TK Keanini, CTO of network security firm Lancope, to get his take on the Tor Project. He told us Tor remains important infrastructure to those who must operate on the Internet anonymously -- but it is a nuisance to those charged with monitoring and identifying the network activity of users.

“Despite the bounties placed on comprising Tor, or the endless amounts of threats made to subvert the technology, Tor evolves and remains a target as [do] many other services on the Internet. The Tor community is quick to react to incidents and this readiness is important to witness as there is a lot we can learn in how to be resilient despite a hostile and advanced threat,” Keanini said.

“The talk from Black Hat that was pulled is operationally insignificant because all the folks actively working on ‘breaking’ Tor are hard at work on their objective and conferences are not their thing.”

Tell Us What You Think


Like Us on FacebookFollow Us on Twitter
Waiting in a monster line is rough on customers. Transactions that involve tedious document scanning? Even scarier. Meet the KODAK ScanMate i1150. A smart, responsive little beast from Kodak Alaris that fits easily on a desk or counter--and has an "overdrive" button that devours stacks of 10 even faster. It can even sense a jam and stop in its tracks. Fiercely reliable. Well behaved. Look closer.
Product Information and Resources for Technology You Can Use To Boost Your Business

Good riddance, Ramnit. Europol's European Cybercrime Centre, or EC3, is reporting success on a coordinated joint international operation to take out the botnet, which had infected 3.2 million computers.
© Copyright 2015 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.