Black Hat Researchers Actively Trying To Deanonymize Tor Users 82
An anonymous reader writes: Last week, we discussed news that a presentation had been canceled for the upcoming Black Hat security conference that involved the Tor Project. The researchers involved hadn't made much of an effort to disclose the vulnerability, and the Tor Project was scrambling to implement a fix. Now, the project says it's likely these researchers were actively attacking Tor users and trying to deanonymize them. "On July 4 2014 we found a group of relays that we assume were trying to deanonymize users. They appear to have been targeting people who operate or access Tor hidden services. The attack involved modifying Tor protocol headers to do traffic confirmation attacks. ...We know the attack looked for users who fetched hidden service descriptors, but the attackers likely were not able to see any application-level traffic (e.g. what pages were loaded or even whether users visited the hidden service they looked up). The attack probably also tried to learn who published hidden service descriptors, which would allow the attackers to learn the location of that hidden service." They also provide a technical description of the attack, and the steps they're taking to block such attacks in the future.
Black Hats shoot themselves in the foot. (Score:5, Interesting)
I find it kinda funny that TOR is used by many Black Hats is being hacked by Them. TO expose who they are...
Re:Black Hats shoot themselves in the foot. (Score:2, Interesting)
Re:I'd like to believe weakness are temporary... (Score:2, Interesting)
The foundation of the internet is computers asking adjacent (as for as the network is concerned) computers to relay something to somewhere else. TOR is a well constructed obfuscation layer on top of that, but the low-level standards are very traceable. Without even going into TOR vulnerabilities or PEBCAK errors, a sufficiently determined opponent will be able to beat any obfuscation of intent by extensive analysis of addressing and timing of the encrypted packets.