The Tor Project directors have published an advisory warning of a possible upcoming attack on the Tor Network, an attack that could comprise TOR nodes that help anonymize users and possibly deanonymize network users.
Tor Project operators have stated the anonymizing network is still safe to use, and has ensured the company is taking adequate steps to ensure the security of the servers and if directory authorities are currently compromised.
“The Tor Project has learned that there may be an attempt to incapacitate our network in the next few days through the seizure of specialized servers in the network called directory authorities. We are taking steps now to ensure the safety of our users, and our system is already built to be redundant so that users maintain anonymity even if the network is attacked. Tor remains safe to use,” Tor Project operators wrote in their blog post warning of the possible attack.
The Tor Network is an online anonymity tool designed to help anonymize and ensure the security of Internet users, relying on servers around the world to route their traffic through. In order for users to be able to access the network, users’ clients need to be able to locate any number of addresses of Tor relays, meaning if directory authorities (directory authorities help Tor clients learn the list of relays that make up the Tor network) are offline, problems will arise.
The Tor Project has been under a lot of heat as of late, law enforcement, federal officials among others have taken substantial action against illicit services accessible throughout the network. In November the FBI and Europol seized the servers belonging the Silk Road 2.0 as well as 400 other underground sites in part of Operation Onymous.
Attackers have always been interested in Tor, likely due to the sensitive information that travels over the network itself. Researchers have discovered countless rogue nodes injecting malware through packets among other attempts to disrupt the network in the past. The attack the Tor Project officials warn of is worse, it regards the Tor network infrastructure, rather than just the network itself.
“People use the Tor network every day to conduct their daily business without fear that their online activities and speech (Facebook posts, email, Twitter feeds) will be tracked and used against them later. Millions more also use the Tor network at their local internet cafe to stay safe for ordinary web browsing,” the Tor advisory reads.
“Tor is also used by banks, diplomatic officials, members of law enforcement, bloggers, and many others. Attempts to disable the Tor network would interfere with all of these users, not just ones disliked by the attacker.”
This past weekend, one operator of a large cluster of Tor exit nodes informed the community through the Tor mailing list that someone had opened the chassis on his physically hardware, inserted a USB device into each server causing him to loose control over the serves. Thomas White, the operator of the amass of clusters speculated it as a law enforcement action but later stated it was a random guess.
“Tonight there has been some unusual activity taking place and I have now lost control of all servers under the ISP and my account has been suspended. Having reviewed the last available information of the sensors, the chassis of the servers was opened and an unknown USB device was plugged in only 30-60 seconds before the connection was broken,” White wrote in his post. “From experience I know this trend of activity is similar to the protocol of sophisticated law enforcement who carry out a search and seizure of running servers.”
The Tor Project blacklisted the compromised exit nodes White had operated for the time being.