Tor Attack Confirmed

The maintainers of the Tor project have confirmed an attack against it’s users.

privacyplease

The maintainers of the Tor project have confirmed an attack against it’s users. 

First off, what is Tor you might be asking. Well, this is a network of virtual tunnels that provides users a level of privacy when surfing the Internet. It was originally developed as project by and for the US Navy to protect their communications. Today it is used by individuals, military, activists and journalists as some examples. As well, users can leverage the hidden services aspect of Tor to cloak the location of web servers that they have published.

Here is a quick graphic from the EFF to demonstrate how Tor works.  

tor


On July 4th the discovered that some Tor relays had been attempting to de-anonymize users of the network. The relays that were involved in the attack were added to the network on January 30th, 2014. The Tor team isn’t sure when the attack against their users began but, it same to assume that the window could extend back as far as when the systems came online five months before the discovery.


From Tor:

Unfortunately, it's still unclear what "affected" includes. We know the attack looked for users who fetched hidden service descriptors, but the attackers likely were not able to see any application-level traffic (e.g. what pages were loaded or even whether users visited the hidden service they looked up). The attack probably also tried to learn who published hidden service descriptors, which would allow the attackers to learn the location of that hidden service. In theory the attack could also be used to link users to their destinations on normal Tor circuits too, but we found no evidence that the attackers operated any exit relays, making this attack less likely. And finally, we don't know how much data the attackers kept, and due to the way the attack was deployed (more details below), their protocol header modifications might have aided other attackers in de-anonymizing users too.

The Tor project maintainers encourage users to upgrade their relays to the latest revision of the software. 

(Image used under CC from hyku)

To comment on this article and other CSO content, visit our Facebook page or our Twitter stream.
Related:
Insider: Hacking the elections: myths and realities
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.