Incident Response, TDR, Vulnerability Management

A five-month-long Tor attack attempting to ‘deanonymize’ users

Tor is a network designed to make locating users virtually impossible, but that all changed on Wednesday when a Tor researcher announced a roughly five-month-long attack attempting to “deanonymize” users.

“The attack involved modifying Tor protocol headers to do traffic confirmation attacks,” a lengthy Wednesday post indicates, explaining that a group of attacking relays joined the network on Jan. 30 and were removed on July 4.

Anyone who accessed Tor from February to the beginning of July may have been “affected,” although it is not yet clear exactly what “affected” means, according to the post.

Upgrading relays to 0.2.4.23 or 0.2.5.6-alpha will close the protocol vulnerability used by the attackers, but “preventing traffic confirmation in general remains an open research problem.”

The issue may be related to a recently canceled Black Hat 2014 session on Tor weaknesses.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.