Tor warns users it was attacked, but details on deanonymizing efforts sketchy

Summary:While the company said users of Tor should "assume they were affected," the developers of the anonymous browsing service do not yet know what "affected" means.

tor-browser-hero
Image: Tor Project

Developers of the anonymous browsing service Tor are warning users they may have been affected by an attack conducted earlier this year.

Unnamed attackers were for as long as six months targeting the service in order to deanonymize traffic of those who operate or access Tor services, which are hidden from the wider public Internet.

The relays, which are used to anonymize Tor traffic through a number of hops between entry and exit points of the network, joined in late January, and were removed earlier this month.

It is thought the relays were designed to modify Tor protocol headers in order to conduct "traffic confirmation" attacks.

"While we don't know when they started doing the attack, users who operated or accessed hidden services from early February through July 4 should assume they were affected," a Tor security advisory published on Wednesday said.

But, the developers of the service warned it was unclear exactly what "affected" includes.

The project's developers said however that it was unlikely that the attackers were able to see what hidden Tor pages were loaded, or even whether users visited the hidden service they looked up.

But they reiterated that in theory "the attack could also be used to link users to their destinations," which would undermine the fundamental project of the service.

Tor is a public, open-source system that allows journalists, activists, and government and law enforcement agencies to conduct work in secret with minimal risk of being monitored by surveillance operatives and intelligence networks. The service was previously funded by the U.S. government, but remains in the hands of thousands of developers. Only a few developers are able to commit code to the project to ensure the service's integrity, as well as to prevent the inclusion of backdoors.

Last year, Edward Snowden's disclosures pointed to the National Security Agency's inability to crack into the Tor network, with the intelligence agency referring to it as "Tor Stinks."

However, recent reporting points to the NSA logging the IP addresses of those who visited sites looking for Tor, including the Tor Project's website.

Tor users are advised to upgrade to the recent Tor Browser Bundle to reduce the damage from future attacks.

Topics: Security

About

Zack Whittaker writes for ZDNet, CNET, and CBS News. He is based in New York City.

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.