alphaspirit - Fotolia

Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Risk & Repeat: Malicious Tor nodes caught snooping

Listen to this podcast

In this Risk & Repeat podcast, SearchSecurity editors discuss the discovery of malicious Tor secretly collecting information on users and what it means for the project.

The Tor Project has found itself under fire once again as researchers discovered malicious Tor nodes actively snooping on users in an apparent effort to deanonymize them.

Researchers from Northeastern University discovered that over the course of 72 days, at least 110 Tor nodes were discovered to be collecting information from the Tor hidden services directories, or Tor HSDir, that they hosted.

In their paper, the researchers outline how they discovered these malicious Tor nodes using a honey pot-like approach, which they called "honions"; they also wrote that the malicious nodes displayed varying levels of sophistication, and that more than half of them were hosted on cloud infrastructure, which made them difficult to identify.

While the numbers of malicious Tor nodes was relatively small -- about 3% of all HSDir relays -- the discovery raised new concerns about the anonymity of Tor users. So who - or what -- is spying on Tor users? And how big of a threat to Tor anonymity are these malicious relays?

In this episode of SearchSecurity's Risk & Repeat podcast, editors Rob Wright and Peter Loshin discuss those questions and more about the latest attack on Tor anonymity. They also discuss the Tor Project's new board members and the investigation into former Tor developer Jacob Appelbaum, and what these personnel changes mean for the direction of the organization.

Next Steps

Risk & Repeat: ASN.1 compiler flaw raises concern

Risk & Repeat: Analyzing the httpoxy vulnerability

Risk & Repeat: Catching Pokémon GO security issues