On July 30, the Tor Project published a copy of the email sent out to users to inform them the browser experienced a series of attacks between January 30 and July 4, and any users should “assume they were affected.”
Although there is still a considerable amount of unclear information, including what was affected and the motivation behind the attack, Tor detailed everything that is currently known about the attacks.
Tor believes the attackers could not see content-related information (such as which web pages were loaded), but that they probably attempted to discern the location of hidden services. At present, it is not certain how much data the attackers chose to keep or whether the attack method provided other attackers with deanonymizing information.
Both attacks made use of Tor relays. The Tor project has three types of relay: middle relays, exit relays, and bridges. Middle relays help anonymize traffic because they make it difficult to identify any one user as the source of the traffic. Exit relays display an IP address that will ultimately be interpreted as the traffic source (for this reason, Tor cautions those hosting exit relays that they will likely take the blame if service providers engage in illicit activity). Bridges are not publicly listed as Tor relays and are useful in environments — such as repressive governments — that block Tor relays entirely.
The more detailed of the two attacks was a traffic confirmation attack. This observes relays on both ends of any given circuit, comparing variables (such as timing or volume) to confirm that both relays are on the same circuit. Tor explains in clear terms why this is dangerous:
If the first relay in the circuit (called the “entry guard”) knows the IP address of the user, and the last relay in the circuit knows the resource or destination she is accessing, then together they can deanonymize her.
The more standard Sybil attack set up approximately 115 non-exit relays. Tor admits to having noticed these relays upon implementation and allowing them because they only took up a small percentage of the network. This illustrates a growing conflict between Tor allowing the network to grow (which it needs, in order to create diversity and strengthen anonymity) while correctly identifying potential attacks.
The traffic confirmation attack was the subject of a few special notes in the Tor message. The signal injected into headers included the name of the hidden service the relays were using at any given time. Hidden service protocols allow users to hide their locations while offering services (such as hosting onion web pages) to other Tor users.
This attack method would in theory also make the hidden service protocol visible to other attackers. Tor points out that adversaries such as large intelligence agencies who are actively seeking to deanonymize Tor users are a concern in this instance. The report concedes that the attack methodology is “pretty neat from a research perspective.”
In response, Tor has removed the known attacking relays from the network and sent out a software update that it encourages users to download. It will also inform users when they are receiving a relay or relay early cell.
Several users are asking whether this is the subject of the cancelled Black Hat 2014 talk that recently made headlines. Carnegie Mellon researchers were scheduled to give an August presentation regarding the deanonymization of Tor. According to the Washington Post, the researchers were criticized for their lack of full disclosure, with Tor users unhappy that nobody at Tor was contacted during this research.
Tor developer Roger Dingledine expressed similar sentiments; however, he stated that Tor did not request for the presentation to be cancelled. After the original report on these recent attacks went out on the tor-announce mailing list, users asked whether this attack was the “research” that was going to be revealed in August.
We spent several months trying to extract information from the researchers who were going to give the Black Hat talk, and eventually we did get some hints from them about how “relay early” cells could be used for traffic confirmation attacks, which is how we started looking for the attacks in the wild. They haven’t answered our emails lately, so we don’t know for sure, but it seems likely that the answer [to that question] is “yes”. In fact, we hope they *were* the ones doing the attacks, since otherwise it means somebody else was.
Due to the harmful nature of the attacks and their exposure to other potential attackers, the Tor blog concludes that if this was research, “it was deployed in an irresponsible way because it puts users at risk indefinitely into the future.”