Northeastern University researchers discovered more than 100 malicious Tor Hidden Services Directories (HSDirs) snooping on the services they host, and in some cases operators were actively using the data collected to attack the services.
However, Tor project representatives say the issue has been addressed in an upcoming redesign, and has only been an "annoyance" in the meantime.
The representatives also say the attack does not unmask the operator behind a hidden service, which has long been a law enforcement and intelligence agency goal.
The Northeastern researchers developed a framework called Honey onions (HOnions), which detects and identifies malicious HSDirs. The researchers ran the framework in separate daily, weekly, and monthly trials between Feb. 12 and April 24 and found 110 malicious HSDirs, most of which were located in the U.S., Germany, France, Britain, and the Netherlands. The HOnions expose Tor relays with HSDir capabilities that have been modified to spoof on hidden services.
"What the attack allows you to do is learn about the existence of a hidden service," says Tor developer Sebastian Hahn. "This does not mean that the identity of the operator is revealed or anything catastrophic like that."
View Full Article
Abstracts Copyright © 2016 Information Inc., Bethesda, Maryland, USA