Researchers at Carnegie Mellon University may have developed a method of identifying hundreds of thousands of Tor users. The researchers had planned to detail their technique at next week’s Black Hat hacking conference in Las Vegas but canceled the talk after Tor developers complained.
Tor uses a technology which bounces traffic on websites and the information of the users via relays which are run by numerous volunteers from all over the world, making it nearly impossible for anyone to spot out the information or location of the user.
Tor revealed details of the attack in a blog post today and said:-
“While we don’t know when they started doing the attack, users who operated or accessed hidden services from early February through July 4 should assume they were affected”.
Tor say they have now effectively removed all the malicious relays from the network and are advising users to change their hidden service’s location. They also recommend upgrading the software to latest version, i.e. 0.2.5.6 alpha or 0.2.4.23 to overcome this crucial exposure.
This follows news that the Russian government recently announced a reward of 4 million (roughly equal to $111,000) if someone is successful in cracking the Tor network and that the NSA has logged the IP addresses of many Tor users.
If you use Tor make sure you’re using a version that’s no longer at risk.