In a fresh blog post, the co-creator of Tor, Roger Dingledine, has warned Tor users that an attack was detected and the hackers may have been successful in identifying them. It was reported that Russia offered a reward of $110,000 for decoding Tor, and a research team from Carnegie-Mellon University and CERT scrammed to grab this challenge but was later on advised against it by their lawyers.
On July 4, 2014 they found a cluster of relays that were assumed to be trying to make the identities of Tor users known. They appeared to be targeting people who access or operate the hidden services of Tor. The attack modified protocol headers to use traffic validation attacks.
On January 30, 2014, the group of attackers joined the network but had been already removed last July 4. While Tor authorities don’t know the exact date as to when the first attack started, users who accessed or operated the hidden services from February to July 4 should think they were indeed affected.
Although the recognized weakness in the system has now been fixed, unfortunately, it is still not clear as to what having been affected includes. They know that the attack targeted hidden service identifiers, but it is possible that the attackers have not seen any pages that were loaded, or whether users went to any hidden services they looked up and other application-level traffic.
Theoretically, the attack also could have been applied to link those users to destinations on Tor circuits as well, but there was no evidence that the hackers created any exit relays, which makes these attacks highly unlikely. And lastly, they don’t have the knowledge as to the amount of date the attackers kept, and with the way the attack had been spread about, their protocol header modification may have helped other attackers to de-anonymize the users too.
The Carnegie-Mellon were suspected to be responsible, especially with their Black Hat 2014 talk getting cancelled a few weeks ago, Dingledine presumed as much since they haven’t answered all their emails, he does not know for sure but it is more likely to be true. He goes on, however, to note that if it is really true, then at least the information gotten from the attacks did not fall on somebody else. He hoped it really was the researchers because if it’s not them then somebody else has that data.
Tor authorities want to assure its users that they are taking all the necessary measures in protecting their anonymity but while the known malicious relays were already replaced, it’s still possible that some may still be hiding on the system. So Tor users should keep their guards up.
If you’re looking for a top notch VPN for your Tor needs, read up on your top VPN picks.