View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Has Tor been hacked by Black Hat speakers?

Anonymity network investigation followed rumours from conference.

By Jimmy Nicholls

The anonymity network Tor has been the victim of an attack it believes may have been perpetrated by those who pulled out of the Black Hat conference.

Hackers used traffic confirmation attacks to uncloak victims through comparing traffic at the start and end of a relay to determine what belonged to the same circuit.

They also used a Sybil attack, inserting 115 of their own computer servers into the entry relay rotation, accounting for 6.4% of the network total.

Tor co-creator Roger Dingledine said: "While we don’t know when they started doing the attack, users who operated or accessed hidden services from early February through July 4 should assume they were affected.

"Unfortunately, it’s still unclear what ‘affected’ includes."

Tor has removed the malicious relays from its network, and updated its software to prevent similar traffic confirmation attacks from happening in the future. It also plans to grow the network to proportionally reduce the impact of future attacks, and has set up a group to monitor suspicious relays.

Responding to rumours that the attack was to be discussed in a recently cancelled Black Hat talk, Dingledine said "it seems likely" that this was the case.

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

"In fact, we hope they were the ones doing the attacks, since otherwise it means somebody else was," he said.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.