Tor Browser Network Servers are attacked

This time Tor – an internet browser which allows people to maintain their anonymity online by protecting their location – is warning its users of a cyber attack that quietly seized some of its network specialized servers called Directory Authorities (DA), the servers that help Tor clients to find Tor relays in the anonymous network service. Tor has been targeted once again, but this time at a much larger scale. A new attack on Tor network reportedly would either completely shut it down worldwide or turn it into evil network. Tor network architecture relies on ten Directory Authorities whose information is hardcoded into Tor clients.These directory authorities are located in the Europe and United States, and maintain the signed list of all the verified exit relays of the Tor network, and according to experts, attack on these backbone servers can "incapacitate" the overall architecture of Tor. 
"The Tor Project has learned that there may be an attempt to incapacitate our network in the next few days through the seizure of specialized servers in the network called directory authorities," Tor officials wrote on the project’s blog post on Friday. "We are taking steps now to ensure the safety of our users, and our system is already built to be redundant so that users maintain anonymity even if the network is attacked."
To keep the network updated and stable, at least 5-6 Directory Authorities (DA) must be operational, but if such seizure attempts take down 5 or more Directory Authorities server, the Tor network will become unstable, and the integrity of any updates to the consensus cannot be guaranteed. 

Thomas White (@CthulhuSec), an operator of a large cluster of servers providing an exit point for Tor traffic in the Netherlands, warned of a suspicious activity overnight on the servers. The targeted servers, according to DNS data, were hosted in a data center in Rotterdam.
"I have now lost control of all servers under the ISP and my account has been suspended," White wrote on Sunday in an update on the Tor mailing list. "Having reviewed the last available information of the sensors, the chassis of the servers was opened and an unknown USB device was plugged in only 30-60 seconds before the connection was broken. From experience I know this trend of activity is similar to the protocol of sophisticated law enforcement who carry out a search and seizure of running servers."
White strongly recommended users that they should treat the servers as hostile until the control was regained signified by a PGP signed message from himself and that his mirrors are not used under any circumstances.
"If they come back online without a PGP signed message from myself to further explain the situation, exercise extreme caution and treat even any items delivered over TLS to be potentially hostile," White wrote. "If any of the mirrors or IPs do come back online, I would welcome anyone who is capable of doing so checking for any malicious code to ensure they are not used to deploy any kind of state malware or attacks against users should my theory prove to be the case."

Milan Tomic

Hi. I’m Designer of Blog Magic. I’m CEO/Founder of ThemeXpose. I’m Creative Art Director, Web Designer, UI/UX Designer, Interaction Designer, Industrial Designer, Web Developer, Business Enthusiast, StartUp Enthusiast, Speaker, Writer and Photographer. Inspired to make things looks better.

  • Image
  • Image
  • Image
  • Image
  • Image
    Blogger Comment
    Facebook Comment


  1. Been using AVG protection for a number of years now, and I'd recommend this product to everyone.