Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Company Attributes Tor Traffic Surge To Botnet

Posted by timothy on from the complexity-of-evil dept.

hypnosec writes "A cyber defense and IT security company has claimed that the reason behind recent surge in number of clients connecting to Tor is in fact a relatively unknown botnet and not NSA or genuine adoption of Tor. In late August there was a huge increase in Tor network traffic and number of clients connecting to the Tor network. As of this writing number of connections has quadrupled with over 2,500,000 clients connecting to the network. According to Fox-it, the surge in traffic is because of a botnet dubbed 'Mevade.A,' which is known to have Tor connectivity features. The company noted that the botnet may have links to a previously detected botnet dubbed 'Sefnit,' which also featured Tor connectivity. Fox-it claimed that they have found "references that the malware is internally known as SBC to its operators.""

3 of 55 comments (clear)

  1. Re:Yes but by lart2150 · · Score: 3, Interesting

    It was a upgrade to the botnet that switched it from normal networking to going over tor for command and control.

  2. Botnets and Tor by girlintraining · · Score: 4, Interesting

    Well, I have good news and bad news... the bad news is that this has been a long time coming, and now it's here. The good news is that although the botnet itself is bad, the number of connections and extra clients improves Tor security overall for all the other users. The thing is, the more relays, the more connections, the larger the network... the faster and more secure it is. If all the botnet does is setup relays, it's a win for the Tor network. Of course, it isn't going to just do that, and these aren't authorized relays so it's not exactly occupying the moral high ground here. The machines hosting the bot need scrubbed.

    But this also introduces a wrinkle -- the US government, and likely others, also maintain their own botnets. And they actively seek to shut down other people's botnets, through domain seizure, etc. This would seem to be a reaction to those efforts -- that is, by decentralizing and hiding the command and control, they're effectively adapting to the tactics our military is using on the internet.

    I said a long time ago that the militarization of the internet would cause a lot of problems... and that we had no business developing an offensive cyber-military because it would just encourage others to begin an arms race that would lead to major economic and communications instabilities worldwide. It hasn't gotten that far yet, but it's building to that. Our own aggressive stance has created yet another fucking cold war.

    --
    #fuckbeta #iamslashdot #dicemustdie
    1. Re:Botnets and Tor by girlintraining · · Score: 4, Interesting

      If the NSA or someone else is actually doing those.

      If? You don't "If" in security. You assume you're already compromised, that the attacker is well-financed and has total knowledge of the network, etc. And yes, the NSA "or someone" is most definately doing it. Just not to you. We know you browse for porn using Tor... and that you've visited the Silk Road just to see what the hubabub was about. Aaaaand... nobody cares.

      Besides, the hidden service protocol has a massive glitch; namely that it's a limited keyspace and the database is decentralized and distributed. They know what all the hidden services are... and you can too if you're sufficiently motivated.

      And most of them aren't anything of value.

      --
      #fuckbeta #iamslashdot #dicemustdie