Internet privacy service Tor warns users it was attacked

Thu Jul 31, 2014 6:51am IST

Related Topics

BOSTON Reuters - Tor, the prominent system for protecting Internet privacy, said on Wednesday many of its users trying to reach hidden sites might have been identified by government-funded researchers.

In a note on the nonprofit's website, Tor Project leader Roger Dingledine said the service had identified computers on its network that had been quietly altering Tor traffic for five months in an attempt to unmask users connecting to what are known as "hidden services."

Dingledine said it was "likely" the attacking computers, which were removed on July 4, were operated on behalf of two researchers at the Software Engineering Institute, which is housed at Carnegie-Mellon University, but funded mainly by the U.S. Department of Defense.

The pair had been scheduled to speak on identifying Tor users at the Black Hat security conference next month. After Tor developers complained to Carnegie-Mellon, officials there said the research had not been cleared and canceled the talk.

Previous reports on the research had already raised alarms among privacy activists. Dingledine went further, warning on Wednesday that "users who operated or accessed hidden services from early February through July 4 should assume they were affected."

Those navigating to ordinary websites should be in the clear.

It remains uncertain how much data the researchers were able to collect and what will happen to that information, which would be of interest to intelligence agencies and law enforcement.

Hidden services include underground drug sites such as the shuttered Silk Road, as well as privacy-conscious outfits such as SecureDrop, which is designed to safely connect whistle blowers with media outlets.

Dingledine said the physical locations where the hidden services were housed could have been exposed, although probably not the content on them that was viewed by a visitor.

"Unfortunately, I cannot comment," lead Software Engineering Institute researcher Alexander Volynkin told Reuters.

Institute spokesman Richard Lynch declined to comment, while the FBI had no immediate response to questions about whether it would seek the data.

Defense Department spokeswoman Valerie Henderson said she did not know if officials there would have the right to raw research from the Institute.

"You have to know what organization and which individuals inside the Department of Defense might have set this one up," Henderson said.

Even if there is an overarching guideline about access to unpublished research, "the general rule may not apply," she added.

Tor is an anonymity tool designed to protect the identity of Internet users by routing traffic through multiple nodes around the world. It is used by human rights activists, criminals and others looking to evade surveillance.

Dingledine advised users to upgrade to the latest version of its software, which addresses the vulnerability that was exploited. He cautioned that attempts to break Tor were likely to continue.

Leaked National Security Agency documents show the NSA has logged the IP addresses of many Tor users and might have scanned emails for users living outside of the United States and its four closest intelligence allies, the United Kingdom, Canada, Australia and New Zealand, media in Germany reported this month.

(Additional reporting by Joseph Menn in San Francisco; Editing by Bernadette Baum and Andre Grenon)

FILED UNDER:
Comments (0)
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.

  • Most Popular
  • Most Shared

Tech Results

Reuters Showcase

Data Breach

Data Breach

Staples says investigating possible payment card data breach.  Full Article 

Cyber Attack

Cyber Attack

China-backed hackers may have infiltrated Apple's iCloud - blog.  Full Article 

Fat Paycheck

Fat Paycheck

New Microsoft CEO Nadella's pay tops $80 mln with big stock awards.  Full Article 

Court Case

Court Case

Facebook sues lawyers for pursuing dubious Ceglia lawsuit.  Full Article 

Card Data

Card Data

Staples says investigating possible payment card data breach.  Full Article 

e-book Pricing

e-book Pricing

Amazon says strikes deal with Simon & Schuster on e-book prices.  Full Article 

Reuters Interview

Reuters Interview

Apple, IBM to shed light on apps, alliance next month.  Full Article 

Reuters India Mobile

Reuters India Mobile

Get the latest news on the go. Visit Reuters India on your mobile device.  Full Coverage