Tor suffers traffic confirmation attacks. Say goodbye to anonymity on the Web

It looks like Tor isn't as invulnerable as it looks.

In a advisory published Wednesday, Tor has confirmed that it had been under attack and the methods used were definitely enough to unmask anonymity in the network, a topic that researchers from the Carnegie Mellon University were supposed to discuss at the Black Hat conference. Because the timing of the attack and the talk were too coincidental to ignore, questions have been raised. Was it the talk that got canceled?

"We spent several months trying to extract information from the researchers who were going to give the Black Hat talk, and eventually we did get some hints from them about how ‘relay early' cells could be used for traffic confirmation attacks, which is how we started looking for the attacks in the wild. They haven't answered our emails lately, so we don't know for sure, but it seems likely that the answer yes," answered the Tor team in the advisory. The team actually hopes it was the university researchers behind the attack because, otherwise, that would mean that others have the means they do.

And while the attack has been identified as well as the methods used, the extent of the attack remains unclear to Tor. Since attacking relays were said to have joined the network on January 30, 2014, all users who have accessed or operated hidden services from February to July 4 are advised to assume they are affected.

The attack was accomplished by combining a traffic confirmation attack with a Sybil attack. To carry the attack out, hackers created massive numbers of pseudonymous identities on the network being targeted to generate a big amount of influence. In the case of the attack on Tor, 115 fast non-exit relays were observed. These acted then as entry guards for a sizeable number of users who used the network since the attack began.

In response to the attack, Tor has taken down the attacking relays, released a software update to prevent new relays from being used in the same way and created another software update that lets the network decrease entry guards being used to reduce exposure over time. Further research is being done to improve the design of hidden services and explore better means of limiting impact from malicious relays.

All users are advised to install the latest version of the Tor software to apply updates to address vulnerabilities exposed during the attack.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Tags:Tor
Join the Discussion
Real Time Analytics