Tor is investigating a five-month attack on its network that may have unmasked users of its anonymous network. Officials from the Tor Project believe that researchers at Carnegie-Mellon University were behind the attack.
Tor is an open network that helps protect users against network surveillance. It was initially developed for the US Navy to protect government communications.
According to a report by Ars Technica on Wednesday, the attack started in February and exploited a previously unknown vulnerability in the Tor protocol.
Attackers carried out two classes of attack that combined may have been successful in uncovering the identities of people using Tor hidden services: a traffic confirmation attack and a Sybil attack. Tor goes into details about the attack on an advisory it published on Wednesday.
While Carnegie-Mellon researchers have not confirmed their involvement in the attack, they did cancel a talk scheduled for the upcoming Black Hat security conference last week which was supposed to talk on breaking Tor and deanonymizing users on a budget. Tor said that if it were these researchers behind the attack, it would actually be the best case scenario.
“…We hope they were the ones doing the attacks, since otherwise it means somebody else was,” Tor said.
According to the report, anyone who accessed Tor hidden services between February and July 4 should assume that they have been impacted. Officials have released a Tor software update to prevent the attack from working in the future.
“Unfortunately, it’s still unclear what ‘affected’ includes,” the Tor Project said. “We know the attack looked for users who fetched hidden service descriptors, but the attackers likely were not able to see any application-level traffic (e.g. what pages were loaded or even whether users visited the hidden service they looked up).”
“…we don’t know how much data the attackers kept, and due to the way the attack was deployed, their protocol header modifications might have aided other attackers in deanonymizing users too.”