Security News > 2021 > May > Over 25% Of Tor Exit Relays Spied On Users' Dark Web Activities
An unknown threat actor managed to control more than 27% of the entire Tor network exit capacity in early February 2021, a new study on the dark web infrastructure revealed.
"The entity attacking Tor users is actively exploiting tor users since over a year and expanded the scale of their attacks to a new record level," an independent security researcher who goes by the name nusenu said in a write-up published on Sunday.
While middle relays typically take care of receiving traffic on the network and passing it along, an exit relay is the final node that Tor traffic passes through before it reaches its destination.
Exit nodes on the Tor network have been subverted in the past to inject malware such as OnionDuke, but this is the first time a single unidentified actor has managed to control such a large fraction of Tor exit nodes.
The hacking entity maintained 380 malicious Tor exit relays at its peak in August 2020, before the Tor directory authorities intervened to cull the nodes from the network, following which the activity once again crested early this year, with the attacker attempting to add over 1,000 exit relays in the first week of May. All the malicious Tor exit relays detected during the second wave of the attacks have since been removed.
The main purpose of the attack, according to nusenu, is to carry out "Person-in-the-middle" attacks on Tor users by manipulating traffic as it flows through its network of exit relays.
News URL
Related news
- Companies mentioned on the dark web at higher risk for cyber attacks (source)
- Dutch police arrest admin of 'Bohemia/Cannabia' dark web market (source)
- Dutch cops reveal takedown of 'world's largest dark web market' (source)
- Bohemia and Cannabia Dark Web Markets Taken Down After Joint Police Operation (source)
- Finland seizes servers of 'Sipultie' dark web drugs market (source)
- Dark web crypto laundering kingpin sentenced to 12.5 years in prison (source)