Attack on Tor to Deanonymize Users

Tuesday, August 5, 2014 @ 09:08 PM gHale


Tor is all about anonymity, but project leaders disclosed details of an attack which appeared to be an attempt to deanonymize users.

The attack ended up detected July 4 while the organization was trying to identify attacks leveraging a method discovered by researchers at Carnegie Mellon University’s CERT, said Tor Project Leader Roger Dingledine.

RELATED STORIES
Malware Down, but Infrastructure Remains
Vulnerability Patched After 20 Years
Java to Android Ransomware Rescue
New Exploit Kit Delivering Ransomware

The researchers, Michael McCord and Alexander Volynkin, planned on detailing a way to break the anonymity network by exploiting fundamental flaws in its design and implementation.

Dingledine said the attack they detected could have been part of the experiments conducted by McCord and Volynkin. In the abstract of their presentation, which they were going to present at the Black Hat conference in Las Vegas, the researchers said they tested their method in the wild. Dingledine hopes they were the ones conducting the attacks, but he’s not sure since the researchers have not answered emails.

The Tor Project is not happy the researchers haven’t given them full access to the research. Dingledine said they spent several months trying to get the information they needed to understand the flaws that could expose Tor users.

The attack detected on July 4 was a combination of a traffic confirmation attack and a Sybil attack. The traffic confirmation attack involves controlling or monitoring relays (the nodes that receive traffic and then pass it along) in an effort to deanonymize users. The Sybil attack involved setting up roughly 115 new relays, which joined the network on January 30, but ended up discovered on July 4. During the five-month period, these relays became entry guards for a large number of users, Dingledine said in a post.

It’s uncertain when the attack started, but users who operated or accessed hidden services between early February and July 4 should assume they’re affected, Dingledine said.

The protocol vulnerability exploited in the attack ended up patched with the release of Tor 0.2.4.23 and 0.2.5.6-alpha. All relay operators should update their installations.



Leave a Reply

You must be logged in to post a comment.