The TOR encryption service serves as one of the bastions of computer security, but it isn’t without flaws. Earlier this year, an anonymous attacker likely managed to collect data about people who were seeking hidden services. It is possible other parts of the network have also been compromised.
According to the TOR team, anyone who had tried to use the service between early February and July 4th of 2014 “should assume they were affected” by the attack. They are, however, unsure of what this attack entails. Apparently, the unknown parties were on the lookout for those retrieving public keys to hidden services.
The attack utilized a technique known as traffic confirmation. This involves the attackers looking for traffic on a single TOR relay and then trying to find related traffic on another. Working backwards once those two facts have been connected, they can then identify the user behind it. But the attackers could have used other methods as well.
The TOR team suspects Carnegie Mellon University’s Software Engineering Institute’s CERT division was behind the attack. CERT had previously canceled a Black Hat conference talk entitled “You Don’t Have to be the NSA to Break Tor: Deanonymizing Users on a Budget.”
The talk would have been about how TOR could be compromised for $3,000 or less, but the university did not approve the public release of the material.
“Eventually we did get some hints from them” about how anonymity could be compromised by using relays, stated the Tor team’s blog post, “which is how we started looking for the attacks in the wild. They haven’t answered our emails lately, so we don’t know for sure, but it seems likely that the answer to (whether they’re responsible) is ‘yes.’”
Via [The Verge]