Skip to main content

Attack on Tor browser unmasks secret users

Users of the anonymous browser Tor may have been de-anonymised a report recently published recently has found.

The report states "The attacking relays joined the network on January 30 2014, and we removed them from the network on July 4. While we don't know when they started doing the attack, users who operated or accessed hidden services from early February through July 4 should assume they were affected."

Read more: NSA and GCHQ repeatedly tried to infiltrate Tor, documents reveal

However the report clarifies that it is unlikely the attackers could see any "application level" data i.e. what pages were visited. But almost more terrifying is that the attack was directed at finding the geographic locations of users.

Tor engineers are at a loss as to who is responsible for the attack, although there have been speculations that the culprit could be a "large intelligence agency". Another suspect is a team of Carnegie Mellon University researchers who cancelled their presentation on a low-cost way to de-anonymise Tor users to be delivered at Black Hat 2014.

Tor have since patched the security flaw but still don't know if they have found all the vulnerabilities or what has happened to the data gathered.

Read more: Tor creating "deep web" instant messaging service

Tor, which began as a secret project from the US Naval Research Laboratory, works by piling up layers of encryption over data, nested like the layers of an onion, which gave the network its original name, The Onion Router (TOR).

Tor encrypts data, including the destination IP address, multiple times and sends it through a virtual circuit made up of successive, randomly selected relays. Each relay decrypts a layer of encryption to reveal only the next relay in the circuit.

The final relay decrypts the innermost layer of encryption and sends the original data to its destination without revealing, or even knowing, the source IP address.

The American National Security Agency (NSA) has made considerable efforts in the past to crack the encryption protocols behind Tor, but to limited success. Instead, they've just banked on tracking everyone who uses it, or even searches about it on Google.