The Tor anonymous encryption service offers internet users a way to surf the web with anonymity and prides itself on the level of security it offers. Well it looks as though the network was compromised earlier this year along with some user data, according to a recent Tor developer blog post. It also said that those who used Tor between early February and July 4th of this year "should assume" they have been in some way affected by the attack.
The group goes on to say that the unknown attackers were able to gather information regarding hidden sites users were visiting (like Silk Road for example) and that there may well have been other parts of the network that were compromised as well. Tor also said "they "likely were not able to see any application-level traffic (e.g. what pages were loaded or even whether users visited the hidden service they looked up)."
Tor suspects the attackers used two methods to gain access, the first of which is known as traffic confirmation which sees the attackers examining Tor traffic relays matching them with others to identify traffic routines, in turn divulging certain information about said traffic. The other was by introducing hundreds of new relays to the system which according to the team weakened its entry guards that help keep users anonymous. The team says its system detected the threat back in May when it happened but felt at the time it was much more minor than it ended up being.
While not entirely proven, Tor thinks the attackers were from the CERT department at Carnegie Mellon University's Software Engineering Institute. CERT recently cancelled a black hat hacker conference called "You Don't Have to be the NSA to Break Tor: Deanonymizing Users on a Budget." While the Tor team had no idea what the talk was supposed to be about, it eventually caught wind of how the researchers were going to divulge a way to compromise Tor with $3000 using a series of traffic relays. The group says this information is how it "started looking for the attacks in the wild." The folks at Tor also said "we don't know for sure, but it seems likely that the answer" as to whether or not it was them appears to be "yes."
As some have suggested, for those concerned it should be good news that the attack was conducted by researchers and not the government or hackers with ill intentions.
Image via Shutterstock