TOR Network hacked by 0v1ru$

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

L&LD

Part of the Furniture

nitro001

Regular Contributor
Close. They didn't hack as the title would lead you to believe though, they only tried to inject themselves as valid exit Tor nodes to de-anonymize users.
<tin-foil hat>
I don't use Tor, but for any anonymous system that allows arbitrary exit nodes, you figure any government, such as Russia, China, US, etc... who wants to get these users would inject themselves into the network making themselves exit nodes. This just showed Russia was already trying to do it, we all know the other governments are trying as well. :) </tin-foil hat>
 

L&LD

Part of the Furniture
Close. They didn't hack as the title would lead you to believe though, they only tried to inject themselves as valid exit Tor nodes to de-anonymize users.
<tin-foil hat>
I don't use Tor, but for any anonymous system that allows arbitrary exit nodes, you figure any government, such as Russia, China, US, etc... who wants to get these users would inject themselves into the network making themselves exit nodes. This just showed Russia was already trying to do it, we all know the other governments are trying as well. :) </tin-foil hat>

Yeah, they were hacked. ;)

Hackers have leaked data obtained from Russia’s Federal Security Service (FSB), showing that a contractor called SyTech was trying to deanonymize users of the Tor anonymity network, as reported by Forbes. The group, called 0v1ru$, stole 7.5 terabytes of data by gaining access to SyTech’s entire network.
 

sfx2000

Part of the Furniture

This is pretty easy - a modest size Telco has massive bandwidth in the core, and with Docker, can set up tens of thousands of Tor Exit nodes...

Then run the traffic through a deep packet inspection engine like Sandvine - and everything becomes public.

This is the same issue with commercial VPN providers, where concentration of traffic makes things like this useful for intel collection.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top