• United States




Tor Attack Confirmed

Jul 30, 20142 mins

The maintainers of the Tor project have confirmed an attack against it’s users.


The maintainers of the Tor project have confirmed an attack against it’s users.  First off, what is Tor you might be asking. Well, this is a network of virtual tunnels that provides users a level of privacy when surfing the Internet. It was originally developed as project by and for the US Navy to protect their communications. Today it is used by individuals, military, activists and journalists as some examples. As well, users can leverage the hidden services aspect of Tor to cloak the location of web servers that they have published. Here is a quick graphic from the EFF to demonstrate how Tor works.  


On July 4th the discovered that some Tor relays had been attempting to de-anonymize users of the network. The relays that were involved in the attack were added to the network on January 30th, 2014. The Tor team isn’t sure when the attack against their users began but, it same to assume that the window could extend back as far as when the systems came online five months before the discovery.

From Tor:

Unfortunately, it’s still unclear what “affected” includes. We know the attack looked for users who fetched hidden service descriptors, but the attackers likely were not able to see any application-level traffic (e.g. what pages were loaded or even whether users visited the hidden service they looked up). The attack probably also tried to learn who published hidden service descriptors, which would allow the attackers to learn the location of that hidden service. In theory the attack could also be used to link users to their destinations on normal Tor circuits too, but we found no evidence that the attackers operated any exit relays, making this attack less likely. And finally, we don’t know how much data the attackers kept, and due to the way the attack was deployed (more details below), their protocol header modifications might have aided other attackers in de-anonymizing users too.

The Tor project maintainers encourage users to upgrade their relays to the latest revision of the software. 

(Image used under CC from hyku)


Dave Lewis has over two decades of industry experience. He has extensive experience in IT security operations and management. Currently, Dave is a Global Security Advocate for Akamai Technologies. He is the founder of the security site Liquidmatrix Security Digest and co-host of the Liquidmatrix podcast.

The opinions expressed in this blog are those of Dave Lewis and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.

More from this author