Tor Running 900 Criminal Services

Wednesday, March 12, 2014 @ 12:03 PM gHale


There is an average of 900 hidden, criminal services running on The Onion Router (Tor) anonymity network, a researcher said.

“Although, the Tor infrastructure and cybercriminal resources are not on the same scale as the conventional Internet, we managed to find approximately 900 hidden services online at the current time,” said Kaspersky Lab Senior Security Researcher Sergey Lozhkin in a blog post. “And one thing that is immediately obvious is that the cyber criminal element is growing.”

RELATED STORIES
Android Malware Using TOR
Botnet uses Tor as a Hideout
Details Revealed in Crash Reports
Hackers Drop One Attack for Another

“We managed to find approximately 900 hidden services online at the current time. There are also approximately 5,500 nodes in total and 1,000 exit nodes, but the possibility of creating an anonymous and abuse-free underground forum, market or malware command and control (C&C) server is attracting more and more criminals to the Tor network.”

Tor is a free service designed to let people hide their Internet activity. It does this by directing Internet traffic through a volunteer network of relays that conceal the user’s location and web activity.

David Emm, Kaspersky Lab’s senior regional researcher, said the hidden operations included a number of malicious criminal enterprises.

“They’re using Tor to host malicious infrastructure and to sell malware services – botnets, malware toolkits, credit cards, carding and skimming equipment – and to launder money,” he said.

Lozhkin highlighted campaigns such as the recently discovered Zeus Tor Trojan and ChewBacca malware as key threats hiding in the Tor network and proof that criminals are investing more resources to develop their attacks.

“A quick look at Tor network resources reveals lots of resources dedicated to malware – C&C servers, admin panels, etc. Hosting C&C servers in Tor makes them harder to identify, blacklist or eliminate,” Lozhkin said.

“Cyber criminals have started actively using Tor to host malicious infrastructure. We found Zeus with Tor capabilities, then we detected ChewBacca and finally we analyzed the first Tor Trojan for Android.”

Security firm RSA discovered the ChewBacca malware stealing customer card details and personal information from “several dozen” retailers in January.

Emm said the success of Tor-based malware, such as ChewBacca, means criminals will inevitably continue to invest in the network.

“The anonymity offered by Tor is attractive to cyber criminals, so it’s likely that its use will grow in the future – notwithstanding the greater work required to create a Tor communication module within malware,” he said.



Leave a Reply

You must be logged in to post a comment.