Researchers Discover Over 100 Tor Nodes Designed To Spy On Hidden Services

An anonymous reader writes from a report via Schneier on Security: Two researchers have discovered over 100 Tor nodes that are spying on hidden services. Cory Doctorow from Boing Boing reports: "These nodes -- ordinary nodes, not exit nodes -- sorted through all the traffic that passed through them, looking for anything bound for a hidden service, which allowed them to discover hidden services that had not been advertised. These nodes then attacked the hidden services by making connections to them and trying common exploits against the server-software running on them, seeking to compromise and take them over. The researchers used 'honeypot' .onion servers to find the spying computers: these honeypots were .onion sites that the researchers set up in their own lab and then connected to repeatedly over the Tor network, thus seeding many Tor nodes with the information of the honions' existence. They didn't advertise the honions' existence in any other way and there was nothing of interest at these sites, and so when the sites logged new connections, the researchers could infer that they were being contacted by a system that had spied on one of their Tor network circuits. No one knows who is running the spying nodes: they could be run by criminals, governments, private suppliers of 'infowar' weapons to governments, independent researchers, or other scholars (though scholarly research would not normally include attempts to hack the servers once they were discovered)." The Tor project is aware of the attack and is working to redesign its system to try and block it. Security firm Bitdefender has issued an alert about a malicious app called EasyDoc that hands over control of Macs to criminals via Tor.

Good thing the editors got in their Apple hate

For no reason and not remotely connected to the topic.

Typical Slashcrap behavior.

Re:How is Tor even still a thing?

"[I]t seems anyone who ... uses Tor ... is opening themselves to crazy risks"

[citation needed]

Tor is no less secure than a typical Internet connection. On the Open Internet your traffic passes through the networking equipment of tens of operators. With the exception of your ISP, you typically have no formal agreement with any of those operators. Any of those operators can capture and/or modify your traffic at will. It is widely known that operators have been and continue to do both of these things.

Using Tor is (at worst) like using a VPN with very good anonymising properties. I bet that you would never say that "Anyone who uses a VPN is opening themselves up to crazy risks.".

Re:How is Tor even still a thing?

[bill_mcgonigle]

anyone who either uses Tor or operates an exit node is opening themselves to crazy risks.

Using Tor and operating an exit node are completely separate risk profiles.

Especially the exit node operators.

Not if they're libraries. Encourage your local librarians to support freedom of inquiry by joining the Library Freedom Project.

I've been to a few of their symposia and each time the room was completely packed with librarians who had often traveled a great distance to be there.