The anonymity afforded to Dark Web sites, thanks to the Tor network is now being tested by malicious hackers. Researchers have uncovered over 100 malicious computers that have been actively spying on Tor-masked Dark Web sites.
Researchers at Northeastern University trailed rogue computers using honeypot.onion addresses, which they called "honions" to spot hidden machines that were misbehaving and bypassing Tor rules. The 110 rogue machines spotted by researchers were specified as hidden service directories, which host information required by users to connect to the Tor-dependent onion addresses.
"Such snooping allows [the malicious directories] to index the hidden services, also visit them, and attack them." Some of them tried to attack the hidden services (websites using hidden services) through a variety of means including SQL Injection, Cross-Site Scripting (XSS), user enumeration, server load/performance, etc," said Guevara Noubir, a professor in Northeastern University's College of Computer and Information Science, the ArsTechnica reported.
"After the deployment of our system and based on our experimental results during the period of 72 days, we detect and identify at least 110 such snooping relays. Furthermore, we reveal that more than half of them were hosted on cloud infrastructure and delayed the use of the learned information to prevent easy traceback," said Northeastern University researchers Amirali Sanatinia and Guevara Noubir in their research paper.
The study is further indication of the fact that Tor's anonymity is not invulnerable. In 2015, the FBI had cracked Tor to identify a child pornography ring, but the exploits used to do so, still remain unidentified. However, members of the Tor project appear to be aware of the vulnerabilities weakening the network's anonymity. Tor recently began testing a security boosting software, in efforts to deter any attempts at cracking its anonymity.
"The Tor Project people are aware of this problem and have been working on resolving it," Noubir said. "The long-term solution is a new design for hidden services. They also have volunteers who are tracking [malicious directories] but with a different technique/methodology."