Tor attack may have stripped users of anonymity for five months

Hidden identity of Tor users may have been revealed after an attack hit the service over last five months.

The attack hit the Tor network on 30^th January 2014 but did not become fully functional until early February and was not traced until 4^th July.

According to Tor officials the crusade exploited a previously unknown vulnerability in the Tor protocol to carry out two classes of attack that together may have been enough to uncloak people using Tor Hidden Services.

Although Tor has not yet confirmed but the characteristics of the attack resembles the plans discussed by a team of Carnegie Mellon University researchers. The team is expected to come under scrutiny especially after they recently cancelled a presentation at next week’s Black Hat security conference on a low-cost way to deanonymise Tor users.

Tor officials are also speculating an intelligence agency from a global adversary may have been linked to the attack to capitalise on leaked information from users.

The online software has become very popular amongst users globally because of its ability to scatter the IP address of the users and make them hidden while they are surfing the net.

The Hidden Service has been in demand with political dissidents who want to host websites or other online services anonymously so that governments cannot discover their IP address and identity.

It is also widely used by pedophiles and criminals to run black market sites such as Silk Road 2.0, which was famous for selling drugs and firearms illegally, and was taken offline and its owner arrested by the FBI.

In an online statement Tor said: “We know the attack looked for users who fetched hidden service descriptors, but the attackers likely were not able to see any application-level traffic (e.g. what pages were loaded or even whether users visited the hidden service they looked up). The attack probably also tried to learn who published hidden service descriptors, which would allow the attackers to learn the location of that hidden service. In theory the attack could also be used to link users to their destinations on normal Tor circuits too, but we found no evidence that the attackers operated any exit relays, making this attack less likely. And finally, we don’t know how much data the attackers kept, and due to the way the attack was deployed their protocol header modifications might have aided other attackers in deanonymising users too.”

Joshua De Souza Crook