Researchers from Imperva have published a new blog post which warns against an increase in Luring attacks targeting dating sites via the TOR network.
Luring attacks are mounted by a competing dating site to lure users from the victim site to the attacker site. Most Luring attacks target multiple dating services and send spam messages to a large number of users, inviting them to different dating sites, probably all controlled by the same hacker. The motivation for the attacker is clear—to divert customers away from the competitor’s site and lure them to the attacker’s site.
Imperva researchers have recently witnessed an increase in attackers using the TOR network to carry out luring attacks in order to hide their identities.
Luring attacks from the Tor network are characterized by messages arriving from Tor clients at a relatively low (but steady) request rate of 1-3 requests every day, probably to sneak under the radar of rate-limit mechanisms to avoid automatic browser detection checks. Despite the very low rate of the requests Imperva has seen, it is likely that the actual total number of requests was much higher, with only a few requests exposed in their glimpse of the Tor user traffic.
Without a doubt, there is the collateral damage from the attack fronted by the hundreds of luring-oriented highly attractive fake profiles. The attack also confuses the few users remaining in the victim website, harassing them and lowering the overall credibility of the site.
Commenting on the discovery, Itsik Mantin, director of security research at Imperva, said: “These attacks have the potential to significantly disrupt business for dating site operators. By using the TOR network the attackers are able to hide their real location and their identities making them even more difficult to detect and block. In order to protect against Luring attacks it is recommended dating sites closely monitor for fake accounts and close down anything which is deemed illegitimate. It is also advisable to close monitor all TOR traffic and block anything suspicious.”