alphaspirit - Fotolia
In this Risk & Repeat podcast, SearchSecurity editors discuss the discovery of malicious Tor secretly collecting information on users and what it means for the project.
The Tor Project has found itself under fire once again as researchers discovered malicious Tor nodes actively snooping on users in an apparent effort to deanonymize them.
Researchers from Northeastern University discovered that over the course of 72 days, at least 110 Tor nodes were discovered to be collecting information from the Tor hidden services directories, or Tor HSDir, that they hosted.
In their paper, the researchers outline how they discovered these malicious Tor nodes using a honey pot-like approach, which they called "honions"; they also wrote that the malicious nodes displayed varying levels of sophistication, and that more than half of them were hosted on cloud infrastructure, which made them difficult to identify.
While the numbers of malicious Tor nodes was relatively small -- about 3% of all HSDir relays -- the discovery raised new concerns about the anonymity of Tor users. So who - or what -- is spying on Tor users? And how big of a threat to Tor anonymity are these malicious relays?
In this episode of SearchSecurity's Risk & Repeat podcast, editors Rob Wright and Peter Loshin discuss those questions and more about the latest attack on Tor anonymity. They also discuss the Tor Project's new board members and the investigation into former Tor developer Jacob Appelbaum, and what these personnel changes mean for the direction of the organization.
Risk & Repeat: ASN.1 compiler flaw raises concern
Risk & Repeat: Analyzing the httpoxy vulnerability
Risk & Repeat: Catching Pokémon GO security issues