The Inquirer-Home

Tor users' privacy compromised as project admits to 'prolonged attack'

Rival says Tor made hack 'inevitable'
Thu Jul 31 2014, 10:02

THE TOR PROJECT has announced that it has been under attack and its service might have suffered a privacy breach.

Tor is designed to provide anonymity to users, which includes accessing the so-called "dark web", those pages that do not appear in search engines.

Far from an isolated incident, it appears that the breach initially occurred in February of this year and was finally patched on 4 July, meaning that anyone who used Tor under the assumption that they were safe, might in fact have been leaking their IP address and identity after all.

There are a number of theories as to the culprits. Russian authorities recently offered a bounty of $110,000, or about £65,000, for anyone who successfully cracks the encryption system. Meanwhile, two researchers at Carnegie Mellon University had been due to give a talk about "fundamental flaws" they had found in the Tor protocol at the Blackhat Security Conference next week in Las Vegas, before the university insisted they withdraw.

Tor co-founder Roger Dingledine, said yesterday on the project blog, "They haven't answered our emails lately, so we don't know for sure, but it seems likely.

"In fact, we hope they were the ones doing the attacks, since otherwise it means somebody else was."

In actual fact, almost every government in the world is trying to crack Tor at some level, and references to US and UK attempts are made in the Edward Snowden leaks. It seems that this fix doesn't break the protocol, but adds an additional information on the return path that contains details about the endpoints and relays.

Lance Cotterell of that offers a similar service, explained. "Tor generally chooses its chains of servers randomly. If an attacker controls a large number of servers, then there is a reasonable chance that they will control both the first and last server in the chain. This allows them to quickly identify traffic flowing through Tor and connect the users with their activity.

"The last Tor node in the chain can see the direct connection to websites. If those connections are insecure or vulnerable, the attacking exit node can modify the content to send malware or trackers to the user.

Mr Cotterell said that the architecture of Tor made this attack "inevitable". µ


Share this:

blog comments powered by Disqus
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

INQ Poll

Internet of Things at Christmas poll

Which smart device are you hoping Santa brings?