View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
November 10, 2014

Tor confusion following Interpol strike

Relays, servers and nodes taken down in mysterious attack on anonymity network.

By Jimmy Nicholls

The Tor anonymity network is reeling following an international police strike last week against hidden services said to be involved in the distribution of illegal drugs.

Several relays used to mask users were said to have been seized in the raid, while three Tor servers used as "exit nodes" in the network’s infrastructure were taken down.

Writing on their official blog, Tor said: "We do not know why the systems were seized, nor do we know anything about the methods of investigation which were used.

"Tor is most interested in understanding how these services were located, and if this indicates a security weakness in Tor hidden services that could be exploited by criminals or secret police repressing dissents."

Initial reports that 400 websites had been taken down were later revised after police realised the figure referred to URLs rather than domains, with the Federal Bureau of Investigation (FBI) telling Forbes the action had in fact brought 27 websites offline.

Tor said that the hidden services might have been decrypted through the exploitation of operational security errors, SQL injection or Bitcoin unmasking, while several attack strategies against the network itself were suggested.

Earlier this year hackers at a Black Hat conference in Las Vegas were due to give a talk about how they had uncloaked Tor users through traffic monitoring, but cancelled at the eleventh hour.

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

"People suspect that those attacks were carried out by CERT (Computer Emergency Readiness Team) researchers," Tor said.

"While the bug was fixed and the fix quickly deployed in the network, it’s possible that as part of their attack, they managed to deanonymise some of those hidden services."

It added that the "guard node" that is aware of the IP address of a given hidden service might also have been discovered by attackers and exploited to reveal the location of the target.

"In a way, it’s even surprising that hidden services have survived so far," Tor said. "The attention they have received is minimal compared to their social value and compared to the size and determination of their adversaries."

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.