Internet Privacy Service Tor Warns Users of Attack
Tor, the free Internet privacy network that aims to protect its users’ anonymity, announced on Wednesday that many of those users may have been identified by government-funded researchers.
Tor Project warned users that it had discovered a group of relays it believes were attempting to reveal their identities. Tor says people who used the system between February and July “should assume they were affected.”
The extent of the attack remains unclear.
“We know the attack looked for users who fetched hidden service descriptors, but the attackers likely were not able to see… what pages were loaded, or even whether users visited the hidden service they looked up,” Tor’s blog said.
Tor said it was also unsure about “how much data the attackers kept” or whether the intruders “aided other attackers in de-anonymizing users.”
Gizmodo reports Tor believes the attack was carried out by researchers at Carnegie Mellon University’s Computer Emergency Response Team (CERT), which works with government, corporations, law enforcement and academia to “develop advanced methods and technologies to counter large-scale, sophisticated cyber threats.”
“The majority of our work contributes to government and national security efforts,” says CERT’s website.
CERT, in turn, is a division of Carnegie Mellon’s Software Engineering Institute (SEI), which is funded mainly by the US Department of Defense.
When asked about Tor’s allegations, SEI researcher Alexander Volynkin said, “Unfortunately, I cannot comment.”
Tor says CERT researchers have unexpectedly cancelled a highly-anticipated talk scheduled for the upcoming Black Hat Internet security conference in Las Vegas. This has fueled speculation about CERT’s role in the Tor attack.
“If this attack was in fact related to the research done by CERT for Black Hat, then judging by the abstract the researchers wrote for their presentation, the attack did successfully de-anonymize users hidden services,” Tor Project advocate Runa Sandvik told Gizmodo.
Tor was the preferred mode of covert communication used by National Security Agency whistleblower Edward Snowden as he leaked a massive trove of classified US documents detailing NSA spying on Americans and foreigners.
The NSA, with assistance and funding from the US State Department, has been working to undermine the anonymity of Tor users since Snowden’s revelations began making worldwide headlines last year.
Leaked NSA documents prove the agency has logged the IP addresses of many Tor users. The NSA may have also spied on emails of international users, with the exception of people in the so-called “Five Eyes” intelligence alliance comprised of the United States, Canada, Britain, Australia and New Zealand.
One of the leaked documents details an NSA presentation titled “Tor Stinks,” in which the agency states, “we will never be able to de-anonymize all Tor users all the time,” but “with manual analysis we can de-anonymize a very small fraction of Tor users.”
Tor has advised users to use a version that is no longer vulnerable to attack. The network has recommended upgrades that can help protect users.