Slashdot Mirror

← Back to Stories (view on slashdot.org)

Lizard Squad Targets Tor

Posted by Soulskill on from the reasons-"torget"-should-be-a-word dept.

mrspoonsi tips news that Lizard Squad, the hacker group who knocked Xbox Live and the PlayStation Network offline on Christmas morning, has now turned its attention to Tor. After tweeting that they were targeting a Tor-related zero-day flaw, the group is now in control of 3,000 exit nodes — almost half of them. "If one group is controlling the majority of the nodes, it could be able to eavesdrop on a substantial number of vulnerable users. Which means Lizard Squad could gain the power to track Tor users if it infiltrates enough of the network."

8 of 83 comments (clear)

  1. Zero-Day Flaw? by Anonymous Coward · · Score: 3, Informative

    They set up their botnet as tor nodes. How exactly is that a zero-day flaw?

  2. The TOR Project was well aware of this a while ago by muphin · · Score: 4, Informative

    As reported by /. http://tech.slashdot.org/story...
    so i believe they are working on a fix.

    --
    It's not a typo if you understood the meaning!
  3. Sybil attack? by jhantin · · Score: 3, Informative

    I haven't seen any explanation of how this is a zero-day exactly; so far, this looks more like a Sybil attack.

    --
    ...when you're writing a game...tweak the difficulty of "Easy" to something [your mother] can cope with. -- onion2k
  4. Not really an 0day exploit by El_Muerte_TDS · · Score: 5, Informative

    Either way, @LizardMafia's Tor relay attack isn't new. There's a paper on how Tor loses anonymity if over 50% of relays are compromised.

    https://twitter.com/kaepora/st...

    I was going to go with botnet, but many LizardNSA relay IPs appear to route back to Google Cloud. Thousands of tiny VMs at low bandwidth?

    https://twitter.com/kaepora/st...

    You can see this whole list of tor nodes here: https://torstatus.blutmagie.de...
    All Lizard nodes resolve to *.bc.googleusercontent.com

  5. Re:The TOR Project was well aware of this a while by OverlordQ · · Score: 4, Informative

    Not the same issue at all. All this is is IdiotSquad starting up a bunch of Google Compute VMs as tor exit nodes.

    --
    Your hair look like poop, Bob! - Wanker.
  6. Headline is wrong and sensationalistic by carlhaagen · · Score: 5, Informative

    They haven't taken over 3000 Tor relays - they have set up 3000 new relays of their own, thus having control of over 50% of the available relays.

  7. Re:Wonder what 0 days are in use... by carlhaagen · · Score: 4, Informative

    They haven't been kicked down. LQ set up 3000 new rogue nodes.

  8. Re:The TOR Project was well aware of this a while by Anonymous Coward · · Score: 3, Informative

    Actually the parent appears to be correct- they aren't actually taking over relays. There's a 5 hour old tweet on the torproject's twitter with the following statement:

    "This looks like a regular attempt at a Sybil attack: the attackers have signed up
    many new relays in hopes of becoming a large fraction of the network.
    But even though they are running thousands of new relays, their relays
    currently make up less than 1% of the Tor network by capacity. We are
    working now to remove these relays from the network before they become
    a threat, and we don't expect any anonymity or performance effects based
    on what we've seen so far."