One of the leading black market dark net sites that relies on the Tor network to keep its operators anonymous has temporarily shut down their servers amid concerns that attackers are actively exploiting a reported weakness that has the ability to identify the location of servers being anonymized by Tor.
It was reported last month that Tor may have a very plausible weakness within its system, due to a technique that requires the attacker to control the Tor entry node for the server hosting the hidden service. It also requires attackers to have previously collected unique network characteristics that can act as a fingerprint for that particular service. Once that point has been reached, the attack has a scarily high 88-percent accuracy rate. Hidden services are websites that are only accessible through the Tor network, a high-anonymity tool that conceals the IP address and identity of any person or server using the service. It is often used by high-profile journalists living in censored countries among whistleblowers such as the ex-NSA contractor Edward Snowden himself.
“We have recently been discovering suspicious activity around our servers which led us to believe that some of the attacks described in the research could be going on and we decided to move servers once again,” said operators of the Agora, a hidden service black market that allows everything from the sale of illicit drugs to unlicensed firearms, in a Pastebin post. “However, this is only a temporary solution.”
Operators in the message said they currently “have a solution in the works which will require big changes into our software stack which we believe will mitigate such problems,” and plans to bring Agora back online once it’s actively in place. In the meantime, site operators said it would be unsafe and put individuals at risk if they continued to conduct business as usual.
The abrupt shutdown comes as a surprise, as Tor Project officials continue to downplay the severity of the attack method and the likely-hood that it could be carried out in a real world scenario. Agora officials did not include any information or evidence on what tipped them off that the weakness was being actively exploited against their servers. Still, their warning is worth considering as the temporary suspension will presumably cost them a bit of cash and possibly put sellers on edge.
In the meantime, Agora didn’t give any specific time frame on when the market should be back online other than saying “until we can develop a better solution.”