At one point this spring, a single set of money-hungry hackers controlled nearly a quarter of the endpoint infrastructure through which the anonymizing internet browser Tor routed traffic, a researcher who tracks Tor claimed this week.
At one point this spring, a single set of money-hungry hackers controlled nearly a quarter of the endpoint infrastructure through which the anonymizing internet browser Tor routed traffic, a researcher who tracks Tor claimed this week.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
One major flaw of Tor is that any dedicated actor with enough resources can spin up enough nodes to break anonymity in the network. This has been a known type of attack, and something that intelligence agencies have been observed doing in the past. The scale of the effort required means that only groups with large financial resources are capable of pulling this off so typically these operations are state-sponsored or research funded.
Tor works by having users\’ connections hop through, by default, three internal nodes before finding an exit node to route to the regular Internet, then route back through another path. Those three-hop nodes, or paths, shift on a given time interval. By controlling enough of those nodes one can de-anonymize users by controlling all nodes along a user\’s path. In this case, this group only needs to control the exit node to decrypt communications as they leave the Tor network bound for the regular Internet. This was much easier in the past before certain vulnerabilities were fixed in TLS.
Here this actor is downgrading secure connections and intercepting the traffic in between to then rewrite bitcoin wallets in traffic to steal funds. This by no means is a new attack, but this scale is interesting since taking over a quarter of the exit nodes on the network is so expensive to do.