6.5 C
New York
Friday, January 21, 2022

Someone has been hacking Tor servers to de-anonymize users for four years

Must Read

Hubble discovers a black hole that creates rather than absorbs stars

A black hole at the center of the dwarf galaxy Henize 2-10 is producing stars rather than...

Saliva can tell if two people have a strong bond or mutual obligation

Learning to understand social relationships is an important ability for humans to survive in society.

CDC indirectly hints post-infection immunity was very protective against Delta

On Wednesday, the Centers for Disease Control and Prevention reported that people who had been infected with the...
Kamal Saini
Kamal S. has been Journalist and Writer for Business, Hardware and Gadgets at Revyuh.com since 2018. He deals with B2b, Funding, Blockchain, Law, IT security, privacy, surveillance, digital self-defense and network policy. As part of his studies of political science, sociology and law, he researched the impact of technology on human coexistence. Email: kamal (at) revyuh (dot) com

For the last four years, a shadowy individual or organization known as ‘KAX17‘ has been joining malicious servers to the Tor network, converting them into nodes at a time when the network is running out of bridges to evade censorship.

And, so far, all evidence point to KAX17’s objective to de-anonymize Tor users, according to cybersecurity experts.

At its peak, KAX17 had up to 900 nodes active and linked to the Tor network, a significant number given that the daily average number of nodes available on Tor is roughly 9,000-10,000.

That is, up to 10% of Tor nodes ended up in the hands of an unknown malicious actor; at the time, there was a 16% probability that a Tor user would connect to the network via one of KAX17’s servers… and a 35% likelihood that their traffic would be routed through one of its mid-nodes.

According to The Record’s analyst Neal Krawetz, this huge presence of servers can be leveraged.

“identify hidden services. It can also be used to decloak users — especially if you have some other means to tracking middle relay past the guard, such as monitoring common public services.”

Despite announcing the elimination of all exit nodes in October 2020, Tor project leaders stated a month ago that they had eliminated ‘hundreds of servers’ associated with KAX17 from the network, as a result of cybersecurity researcher ‘Nusenu’ will condemn the resurrection of KAX17 on his blog.

What information do we have about KAX17 and who is behind KAX17?

Neither Nusenu nor the Tor Project wish to speculate on who is behind KAX17: “We are still investigating this attacker,” a Tor Project spokeswoman stated yesterday. The Record media, on the other hand, contends that

“all signs point to a nation-level and well-resourced threat actor who can afford to rent hundreds of high-bandwidth servers across the globe for no financial return.”

Nusenu, on the other hand, says that KAX17 made at least one operational security error, repeating the e-mail address both in the node configuration and when signing up for the Tor mailing list: in the debates, it came to position itself in favor of the suppression of their own servers.

Nusenu has also ruled out the possibility that this hostile individual or actor is the result of a simple scholarly research into ‘Sybil attacks,’ a technique known to be capable of de-anonymizing Tor traffic under specific situations.

Academic researchers, he claims, tend to arrange their work in terms of time constraints (although KAX17 has been active since 2017), they do not quickly replace destroyed nodes with new ones… and, in general, they do not need to resort to strategies like these. because the Tor Project and the research community are usually quite well connected.

Image Credit: Pixabay

You were reading: Someone has been hacking Tor servers to de-anonymize users for four years

- Advertisement -
- Advertisement -

Latest News

- Advertisement -

More Articles Like This

- Advertisement -