Security News > 2021 > May > Over 25% Of Tor Exit Relays Spied On Users' Dark Web Activities
An unknown threat actor managed to control more than 27% of the entire Tor network exit capacity in early February 2021, a new study on the dark web infrastructure revealed.
"The entity attacking Tor users is actively exploiting tor users since over a year and expanded the scale of their attacks to a new record level," an independent security researcher who goes by the name nusenu said in a write-up published on Sunday.
While middle relays typically take care of receiving traffic on the network and passing it along, an exit relay is the final node that Tor traffic passes through before it reaches its destination.
Exit nodes on the Tor network have been subverted in the past to inject malware such as OnionDuke, but this is the first time a single unidentified actor has managed to control such a large fraction of Tor exit nodes.
The hacking entity maintained 380 malicious Tor exit relays at its peak in August 2020, before the Tor directory authorities intervened to cull the nodes from the network, following which the activity once again crested early this year, with the attacker attempting to add over 1,000 exit relays in the first week of May. All the malicious Tor exit relays detected during the second wave of the attacks have since been removed.
The main purpose of the attack, according to nusenu, is to carry out "Person-in-the-middle" attacks on Tor users by manipulating traffic as it flows through its network of exit relays.
News URL
Related news
- Dark Web Monitoring: What's the Value? (source)
- Cheap ransomware for sale on dark web marketplaces is changing the way hackers operate (source)
- Dell customer order database of '49M records' stolen, now up for sale on dark web (source)
- What Is the Dark Web? (source)
- Owner of Incognito dark web drugs market arrested in New York (source)