Has Tor been hacked by Black Hat speakers?


by Jimmy Nicholls| 31 July 2014

Anonymity network investigation followed rumours from conference.

The anonymity network Tor has been the victim of an attack it believes may have been perpetrated by those who pulled out of the Black Hat conference.

Hackers used traffic confirmation attacks to uncloak victims through comparing traffic at the start and end of a relay to determine what belonged to the same circuit.

They also used a Sybil attack, inserting 115 of their own computer servers into the entry relay rotation, accounting for 6.4% of the network total.

Tor co-creator Roger Dingledine said: "While we don't know when they started doing the attack, users who operated or accessed hidden services from early February through July 4 should assume they were affected.

"Unfortunately, it's still unclear what 'affected' includes."

Tor has removed the malicious relays from its network, and updated its software to prevent similar traffic confirmation attacks from happening in the future. It also plans to grow the network to proportionally reduce the impact of future attacks, and has set up a group to monitor suspicious relays.

Responding to rumours that the attack was to be discussed in a recently cancelled Black Hat talk, Dingledine said "it seems likely" that this was the case.

"In fact, we hope they were the ones doing the attacks, since otherwise it means somebody else was," he said.

Source: Company Press Release

Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

792 people like this.
2209 people follow this.

Security Intelligence

Suppliers Directory

Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.