Attackers might have unmasked the identities of Tor users
Nonprofit // Web Services
Many people trying to navigate to hidden sites on the privacy-protecting network might have been detected by government-funded researchers.
On the nonprofit service’s blog, Tor Project leader Roger Dingledine said it was "likely" the attacking computers, which were removed on July 4, were operated by two researchers at the Software Engineering Institute, which is housed at Carnegie-Mellon University, but funded mainly by the Pentagon.
It should be noted that Tor also receives federal funding -- $1.8 million in 2013.
The researchers were scheduled to speak at the annual Black Hat hacker conference next month about this very technique. The presentation, however, was yanked from the agenda after Tor officials complained, according to Reuters.
It’s unclear how much data the researchers were able to collect and whether they saved that information, which might be of interest to intelligence agencies and law enforcement officials.
The attackers were hunting for users who looked up secret sites, or “hidden services,” but were probably not able to see if the users loaded any webpages or even visited the sites.
“Users who operated or accessed hidden services from early February through July 4 should assume they were affected,” Dingledine wrote.
The assault could aid “a global adversary (e.g. a large intelligence agency) that records Internet traffic” and then “tries to break Tor's link encryption,” he cautioned. “So if the attack was a research project (i.e. not intentionally malicious), it was deployed in an irresponsible way because it puts users at risk indefinitely into the future.”
There’s now a software upgrade available that addresses the vulnerability exploited during the attack, Dingledine said.
“Hidden services include underground drug sites such as the shuttered Silk Road, as well as privacy-conscious outfits such as SecureDrop, which is designed to safely connect whistle blowers with media outlets,” Reuters reports.