alphaspirit - Fotolia

Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Risk & Repeat: Malicious Tor nodes caught snooping

Listen to this podcast

In this Risk & Repeat podcast, SearchSecurity editors discuss the discovery of malicious Tor secretly collecting information on users and what it means for the project.

The Tor Project has found itself under fire once again as researchers discovered malicious Tor nodes actively snooping on users in an apparent effort to deanonymize them.

Researchers from Northeastern University discovered that over the course of 72 days, at least 110 Tor nodes were discovered to be collecting information from the Tor hidden services directories, or Tor HSDir, that they hosted.

In their paper, the researchers outline how they discovered these malicious Tor nodes using a honey pot-like approach, which they called "honions"; they also wrote that the malicious nodes displayed varying levels of sophistication, and that more than half of them were hosted on cloud infrastructure, which made them difficult to identify.

While the numbers of malicious Tor nodes was relatively small -- about 3% of all HSDir relays -- the discovery raised new concerns about the anonymity of Tor users. So who - or what -- is spying on Tor users? And how big of a threat to Tor anonymity are these malicious relays?

In this episode of SearchSecurity's Risk & Repeat podcast, editors Rob Wright and Peter Loshin discuss those questions and more about the latest attack on Tor anonymity. They also discuss the Tor Project's new board members and the investigation into former Tor developer Jacob Appelbaum, and what these personnel changes mean for the direction of the organization.

Next Steps

Risk & Repeat: ASN.1 compiler flaw raises concern

Risk & Repeat: Analyzing the httpoxy vulnerability

Risk & Repeat: Catching Pokémon GO security issues

Join the conversation

2 comments

Send me notifications when other members comment.

Please create a username to comment.

What does the discovery of malicious nodes mean for Tor anonymity?
Cancel
If this research is expanded, then it should include a goal of exposing governmental or intelligence agencies which are attempting to deanonomyzing uses. The results should deeply track and identify physical locations by IP, LatLong, and MAC addresses. Of particular focus should be The Equation Group of tools.
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close