Dutch security firm Fox-It claims it has uncovered evidence that a spike in numbers on Tor’s ‘deep web’ network in August was down to hackers using it to control thousands of home PCs.
Tor, the anonymous web browser, reported that connections to the service had doubled in August and it was originally speculated it was being used in countries with oppressive regimes.
The sharp leap in Tor connections began on 19 August, and up until then the service was hitting around 500,000 connections per day. A week on from that date the site had 1.5 million connections and has continued to grow with the latest update from Tor stating there are three million connections being made on a daily basis.
The new connections were attributed to a botnet in Fox-IT’s blog post and their evidence tells them a group of Russian criminals that run the Sefnit or Mevade.A botnet are using Tor to control their computers.
“In recent days, we have indeed found evidence which suggests that a specific and rather unknown botnet is responsible for the majority of the sudden uptick in Tor users,” said Fox-It in a blog post on the topic.
The blog post went on to say that it’s currently not clear what the botnet is being used for with Fox-It speculating the botnet was “likely motivated by direct or indirect financial-related crime”.
Tor, which stands for The Onion Router, tries to hide web users by routing their data through a number of computers and this is why it’s commonly used by those in oppressive societies.
Their own blog stated they’re investigating ways to stop botnets utilising the networks to control criminal activity and added that it makes no sense for the network to be used in such a capacity.