The Anonymous Internet Is Under Attack

Image for article titled The Anonymous Internet Is Under Attack

Last week left cybersecurity nerds scratching their heads after traffic to Tor, the free software suite that enables anonymity online, quintupled in less than a week. It was obviously too good to be true, and now we know why. A Russian botnet is threatening to bring the whole network down.


This is bad news for the anonymous internet. Researchers at Fox IT identified the particular botnet being used by the intruders as either "Mevade.A" or the older "Sefnit." Whatever it's called, the botnet had been communicating in HTTP but recently switched to Tor, where it's "massive in size as well as very widespread," according to the researchers. They're not exactly sure why the botnet is going after Tor but say it's "likely motivated by direct or indirect financial related crime." Regardless of the reasoning behind the attack, it certainly puts users in the Tor network at risk.

A botnet like this can be pretty vicious, and unfortunately for those users, it's not the only attack Tor's faced lately. A little over a month ago, an unknown hacker—read: probably the FBI—hit Tor with malware that threatened to reveal the anonymous users' identities by exploiting a security flaw in the Firefox browser. The incident was linked to the arrest of kiddie porn kingpin Eric Eoin Marques who had recently been arrested in Ireland, and many believed that the Tor intruder was just trying to identify other sickos in the child pornography business. Regardless of the reasoning, though, this kind of exploit is bad news for the anonymous internet.

These recent events highlight a frustrating dichotomy in the Tor community. On one hand, the software attracts criminals like Marques who retreat to the Darknet to do dark things. However, it's also an integral tool for activists and journalists who must remain anonymous for their own safety. Once their identities are leaked, many Tor users have no place to hide. And these particular attacks don't differentiate the good guys from the bad guys. The Firefox exploit affected half of the sites accesible exclusively through the Tor network, while more traffic is coming from the botnet than all the users put together. Unlike the current botnet attack which probably just slows down the network for users, the Firefox exploit actually threatened to expose users' identities. That's pretty much the worst case scenario for Tor users.

Meanwhile, the attacks on the anonymous internet go further than Tor. In the past few weeks, several secure email providers have shut down either due to threats from the government and/or concerns about cybersecurity. The founder of Lavabit, Edward Snowden's email provider and the first of these services to shut down, opted to shutter the service rather than comply with the government's request for information about the NSA leaks. Silent Circle, a similar service, followed suit a few days later, as did the legal site Groklaw. It seems like the only way to escape the Feds' reach is to store your servers in Switzerland, like secure email provider Kolab.


While it's easy to point to the NSA leaks as the inciting incident in this streak of cyberattacks and shut downs, it's also a sign of things to come. With everyone from outgoing Homeland Security chief Janet Napolitano to President Obama warning of imminent cyberattacks on the United States, everybody's nervous about where the hackers (or the government) will strike first. And if the events of the past month are any indication of things, the anonymous internet appears to be the likely target. In other words, nowhere is safe now. [Fox IT]


Image via Shutterstock



what i don't get about TOR is that its run by its users, who install software on their computers to anonymize traffic, so whats stopping one from installing a piece of software along the line that catches traffic. Is it encrypted? And if its encrypted, then why the need for all these relay servers?

Secondly, how can it be untraceable? even if i go througha hundred relays and someone wants to track a user that accessed a website which might contain illegal material. Now wouldn't whoever is doing the tracking (say the FBI after obtaining a warrant to check site logs) be able to tell where the last IP access came from? once they know that they get records from there and check where an IP originated that forwarded to and they keep tracing it all thew ay back. Now is it anonymous because theres some kind of scrambling going on (i dont know if thats possible, since obviously an IP would be tracked even if not logged), or if theres so many relay servers internationally that an agency can't possibly get access to all of them and be able to trace IP's.