Tor Has Been Compromised. Now What?

Many Questions, Few Answers

The disturbing news that Tor, the online community’s most secure and effective anonymizing tool has been compromised was officially confirmed July 30, 2014 in an advisory published by the Tor Project. The sophisticated two-pronged attack – thought to have begun in early February 2014 and continued until July 4, a period of about 5 months – raises many questions. Who launched the attack is so far unknown. Nor is it confirmed that the threat has been 100% neutralized. What is clear is that if you operated or accessed Tor hidden services during the attack period, you should assume that your identity has been compromised. Also, millions of users who rely on Tor to anonymously conduct their business using the Internet are all asking themselves one question: Now what?

What Is Known

According to the core Tor team two methods of attack were used; a traffic confirmation attack, and a Sybil attack. Used in conjunction, the two exploits can effectively deanonymize users. Here is a brief non-technical overview of how the attacks worked, what they may have achieved, and what has been done so far to neutralize the threat. In the traffic confirmation attack, hackers try to control both the “entry guard” (the first node in a Tor circuit) that knows the IP address of the user and the “exit relay” (that last node in the circuit), which knows the destination the user is accessing. When this exploit is successful the user’s identity can be revealed. In the Sybil attack, the attackers created roughly 115 fast “non-exit relays” which were being used as “entry guards” on the network, affecting a significant number of users during its five months of operation. To combat the attack, Tor first removed the attacking relays from the network, and then released a series of software updates designed to reduce the likelihood of this type of exploit being employed successfully in the future. However, much more work has to be done to entirely mitigate the threat. While the Tor team evaluates and implements remedies to protect the network from subsequent attacks, the question on the minds of most Tor users is, now what?

Now What?

The bottom line is that there isn’t much you can do to ensure your anonymity while using Tor. That goal is for the Tor developers to reach, and it may take some time before they make solid progress on that front. Meanwhile, Tor users are urged update to the latest Tor browser bundle, which should help reduce the incidence of the attack. Also, if you operate a hidden service, you should consider changing the location of that service. Aside from these basic steps, you may want to look into alternatives to Tor. I2P is one such alternative offering “strong privacy protections for communication over the Internet”. Another alternative to Tor is Freegate, an “anti-censorship software for secure and fast Internet access”. We will keep an eye on developments related to this attack on the Tor network and update this article when significant progress has been reported. Until then, stay secure! Image Credit: Felice Candilio

Leave a comment