Tor users under attack! Hackers were controlling more than 24% Tor exit nodes
#1
At the beginning of this week, a well-known expert Nusenu published results of his investigation about the growing problem of malicious relays on the Tor network. According to his data, since January 2020 unknown hackers were making SSL stripping attacks. Nusenu says that this group makes man-in-the-middle attacks on Tor users and control traffic in Tor network. The Tor Project was founded by computer scientists Roger Dingledine and Nick Mathewson for anonymous internet communication. Many crypto-enthusiasts rely on the Tor network, making their Bitcoin transactions secure and anonymous. However, according to the investigation, Tor might not be a good choice. Tor protects user anonymity by routing data through many relays. The last hop in this process is exit relays and the only ones that get to see the actual destination of the Tor user. Starting in January, an unknown hack-group began running a large number of Tor exit relays, peaking over 24% of the total in July 2020.

So how does it work?
The victim visits onion website, which accepts bitcoin payments. Malicious tor relay replaces bitcoin addresses in HTTP traffic to redirect transactions to the wallets of the hack-group instead of the user-provided bitcoin address. Bitcoin address rewriting attacks are not new, but the scale of their operations is.The hackers use the biggest Tor hosters (OVH and Hetzner) to blend in with the rest, but they also make use of hosters rarely seen before they joined (i.e. AS20860). Their relays made the autonomous system “Iomart Cloud Services” (AS20860) so big, it is now the 6th biggest ASN by guard capacity on the Tor network.The expert says there is no real “solution” for malicious relays due to the open design but risk reduction is still possible. Tor directory authorities can consider new relay groups without any MyFamily and ContactInfo as “do not do” violations (April 2018 discussions) and make it a bit more time consuming for adversaries to add huge amounts of Tor capacity.

How to prevent SSL stripping attack on your onion website?
It’s easy to do on a technical level using HSTS preloading. If you employ subdomains in your content structure, you will need a Wildcard Certificate to cover HTTPS ONLY. The initial stages below will test your web applications, user login and session management. It will expire HSTS every 5 minutes. Modify max-age=xxx. One week = 604800; One Month = 2592000. Append preload after your tests are completed. After you are confident that HSTS is working with your web applications, modify max-age to 63072000.

How to prevrent yourself of this kind of attack?
Install the HTTPS Everywhere addon and check the connection manually

Source: https://cryptalker.cc/anonymous-hackers-...xit-nodes/
Reply
#2
Nusenu did impressive investigation about this case. But don't you think this exit nodes could be honey-pots?
Reply
#3
(Sep 22, 2020, 05:52 am)coloradopirate Wrote: Nusenu did impressive investigation about this case. But don't you think this exit nodes could be honey-pots?

Yes, it could be! You should not be 100% sure in your anonymity. Only if you are the admin of your exit node, and you own the server
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  BitTorrent Blocklists Are Even Less Effective Than Pirate Site Blocking Ernesto 8 43,115 Feb 01, 2024, 18:33 pm
Last Post: lustrous
  VPN, and Tor: Navigating TPB lustrous 2 2,626 Nov 11, 2023, 06:41 am
Last Post: lustrous
  Online trackers can detect 80% of users' browsing history Resurgence 1 11,335 Feb 07, 2022, 22:19 pm
Last Post: balder
  92% of LinkedIn users’ data found on hackers site for sale Resurgence 0 15,029 Jul 01, 2021, 20:18 pm
Last Post: Resurgence
  The war against online privacy continues - 3 bulletproof VPN services were closed azerakimoju 0 13,613 Feb 13, 2021, 08:19 am
Last Post: azerakimoju



Users browsing this thread: 1 Guest(s)