Latest Breaking News

herding cats

(19,564 posts) Wed Jul 30, 2014, 02:02 PM Jul 2014

Internet privacy service Tor warns users it was attacked

Source: Reuters

"While we don't know when they started doing the attack, users who operated or accessed hidden services from early February through July 4 should assume they were affected," Tor said in a blog entry.

Tor is an anonymity tool designed to protect the identity of Internet users by routing traffic through multiple nodes around the globe. It is used by human rights activists, criminals and others looking to evade surveillance.

The blog post said that it was not sure how much information the attackers were able to obtain in their efforts to monitor traffic on Tor.

It advised users to upgrade to the latest version of its software, which addresses the vulnerability that the attackers had exploited in this particular case, but said that may not guarantee the anonymity of users.

Read more: http://www.reuters.com/article/2014/07/30/us-privacy-software-attack-idUSKBN0FZ1RZ20140730

16 replies

= new reply since forum marked as read

Highlight:

Internet privacy service Tor warns users it was attacked (Original Post) herding cats Jul 2014 OP

Probably NSA ... n/t RKP5637 Jul 2014 #1

Russia has offered a $100,000 to any Russian citizen who can crack IronGate Jul 2014 #2

Excellent point! n/t RKP5637 Jul 2014 #3

Yep. n/t NealK Jul 2014 #4

I read something that said... BobbyBoring Jul 2014 #7

Yes, that's quite true. MIT has been maintaining it now for some time, so probably lots of changes RKP5637 Jul 2014 #8

It appears that some researchers did it. joshcryer Jul 2014 #14

Thanks for the reply. Seems this area has always been a potential weak link ... RKP5637 Jul 2014 #15

And I piss and moan about swatting flies on my website... TygrBright Jul 2014 #5

Music to hack by? MADem Jul 2014 #6

I didn't know whether to listen or to stand up and salute them. Powerful music. n/t RKP5637 Jul 2014 #9

I had to reinstall my OS; greiner3 Jul 2014 #10

Windows 7 ? LOL denem Jul 2014 #16

For all we know... gerogie2 Jul 2014 #11

NSA ... for sure blkmusclmachine Jul 2014 #12

Carnegie-Mellon/DoD hacked it whereisjustice Jul 2014 #13

RKP5637

(67,104 posts)

1. Probably NSA ... n/t

Reply to herding cats (Original post)

Wed Jul 30, 2014, 02:20 PM

Jul 2014

IronGate

(2,186 posts)

2. Russia has offered a $100,000 to any Russian citizen who can crack

Reply to RKP5637 (Reply #1)

Wed Jul 30, 2014, 02:22 PM

Jul 2014

TOR, it may have been them.

RKP5637

(67,104 posts)

3. Excellent point! n/t

Reply to IronGate (Reply #2)

Wed Jul 30, 2014, 02:27 PM

Jul 2014

NealK

(1,865 posts)

4. Yep. n/t

Reply to RKP5637 (Reply #1)

Wed Jul 30, 2014, 03:22 PM

Jul 2014

BobbyBoring

(1,965 posts)

7. I read something that said...

Reply to RKP5637 (Reply #1)

Wed Jul 30, 2014, 04:01 PM

Jul 2014

Tor is actually an NSA creation. Of course, that was on the Internet's so who knows.

RKP5637

(67,104 posts)

8. Yes, that's quite true. MIT has been maintaining it now for some time, so probably lots of changes

Reply to BobbyBoring (Reply #7)

Wed Jul 30, 2014, 04:07 PM

Jul 2014

have been made over the years ...

joshcryer

(62,270 posts)

14. It appears that some researchers did it.

Reply to RKP5637 (Reply #1)

Thu Jul 31, 2014, 12:34 AM

Jul 2014

But they're not saying who they are or why they did it. Apparently, according to the comments on the blog, it would be thousands of dollars to pull it off.

It is thought that the attack is related to a Black Hat talk that was cancelled.

RKP5637

(67,104 posts)

15. Thanks for the reply. Seems this area has always been a potential weak link ...

Reply to joshcryer (Reply #14)

Thu Jul 31, 2014, 12:49 AM

Jul 2014

"A traffic confirmation attack is possible when the attacker controls or observes the relays on both ends of a Tor circuit and then compares traffic timing, volume, or other characteristics to conclude that the two relays are indeed on the same circuit. If the first relay in the circuit (called the "entry guard&quot

knows the IP address of the user, and the last relay in the circuit knows the resource or destination she is accessing, then together they can deanonymize her."

TygrBright

(20,758 posts)

5. And I piss and moan about swatting flies on my website...

Reply to herding cats (Original post)

Wed Jul 30, 2014, 03:33 PM

Jul 2014

...I can only IMAGINE what the Tor engineers have to do on a constant basis...!

amazedly,
Bright

MADem

(135,425 posts)

6. Music to hack by?

Reply to herding cats (Original post)

Wed Jul 30, 2014, 03:55 PM

Jul 2014

RKP5637

(67,104 posts)

9. I didn't know whether to listen or to stand up and salute them. Powerful music. n/t

Reply to MADem (Reply #6)

Wed Jul 30, 2014, 04:08 PM

Jul 2014

greiner3

(5,214 posts)

10. I had to reinstall my OS;

Reply to herding cats (Original post)

Wed Jul 30, 2014, 05:35 PM

Jul 2014

Windows 7, just after this date.

I run the Tor Bridge Bundle which includes Vidalia.

Vidalia allows me to be able to contribute a small amount of bandwidth to the Tor and use this software so that some of my bandwidth can be used to route traffic through my PC and be used by other Tor users.

I'm pretty sure this did not contribute to my computer needing a new OS but as this news is just coming out maybe it is possible for some users to manipulate Tor being used this way.

Just sayin'.

denem

(11,045 posts)

16. Windows 7 ? LOL

Reply to greiner3 (Reply #10)

Thu Jul 31, 2014, 01:37 AM

Jul 2014

Does Microsoft advise the DoD / Government of zero-day vulnerabilities? Why yes, yes it does.
Indeed, does the NSA advise Microsoft of security vulnerabilities? Yep,
and why not? Federal Government firewalls depend on all of the above.

What does a monthly security patch say about Windows? If you concerned about security, you need a new OS, period.

gerogie2

(450 posts)

11. For all we know...

Reply to herding cats (Original post)

Wed Jul 30, 2014, 05:40 PM

Jul 2014

The creators of Tor are paid contractors for an intelligence agency. There is no such thing as online security. Anyone that tells you that is lying.

blkmusclmachine

(16,149 posts)

12. NSA ... for sure

Reply to herding cats (Original post)

Wed Jul 30, 2014, 07:21 PM

Jul 2014

whereisjustice

(2,941 posts)

13. Carnegie-Mellon/DoD hacked it

Reply to herding cats (Original post)

Wed Jul 30, 2014, 10:25 PM

Jul 2014

Dingledine said it was "likely" the attacking computers, which were removed on July 4, were operated on behalf of two researchers at the Software Engineering Institute, which is housed at Carnegie-Mellon University, but funded mainly by the U.S. Department of Defense.

The pair had been scheduled to speak on identifying Tor users at the Black Hat security conference next month. After Tor developers complained to Carnegie-Mellon, officials there said the research had not been cleared and canceled the talk.

Aaron Swartz was literally persecuted to death by the US Gov. for downloading too many documents at once from MIT. But I'm betting that Holder isn't going to end his extended vacation early to chase after Govt. sponsored hackers spying on users and tearing up a privacy network.

Because, after all, as Mr ~~Hoover~~ Holder would say, " if you aren't doing something wrong, you have nothing worth protecting".

Reply to this discussion