There is a connect between attacks on The Onion Router (Tor) project and the withdrawal of a talk at next week’s Black Hat conference.
According to Craig Young, security researcher at Tripwire, while the attacker(s) in this case are still technically anonymous, he believed that there is most likely a connection between this incident and the recently withdrawn talk which would have focused on de-anonymising Tor users.
He said: “If this was in fact a university research project, it was conducted without appropriate regard to users of the Tor network. This attack involved manipulating Tor protocol messages to encode information about observed requests so that the information could be correlated with an identity by relays in other parts of the network.
“In doing so the attackers not only made it possible to themselves unmask some Tor hidden services and users, but they have also created an unquantifiable risk as these messages could also be decoded by other parties either while the attack was in progress or in retrospect by analysing stored packet captures.
“Despite the potential negative impacts of this incident, there has also been some good to come. The fact that the Tor project recognised the new relays used for the attack is good and it has demonstrated that practical attacks against Tor are in fact possible without control over a high percentage of Tor relays. Now the Tor community is able to learn from this experience and improve their detection mechanisms for future Tor anomalies.
“Tor protects a lot of people for a lot of different reasons however and even this level of detail would likely be more than enough for an oppressive regime to start hunting down dissidents. If this was in fact the work of Carnegie Mellon University researchers, I would hope that in the future they choose to contribute to security knowledge without jeopardizing public safety.” The talk was cancelled at the request of attorneys for Carnegie Mellon University in Pittsburgh, where the speakers work as researchers.
Asked if he felt that the talk and attack were linked, TK Keanini, CTO of Lancope, doubted this saying that despite the bounties placed on comprising Tor, or the endless amounts of threats made to subvert the technology, Tor is evolving and remains a target. “The Tor community is quick to react to incidents and this readiness is important to witness as there is a lot we can learn in how to be resilient despite a hostile and advanced threat,” he said.
“The talk from Black Hat that was pulled is operationally insignificant because all the folks actively working on ‘breaking’ Tor are hard at work on their objective; and conferences are not their thing.”