Tor, the anonymous, encrypted, parallel
web network favoured by drug dealers, pedophiles, and privacy activists, is under attack from a Russian botnet and no one knows why.
A huge uptick in traffic was noticed on Tor in the last few days, from 600,000 to 1.2 million users per week. Many people thought that a combination of a new censorship law in Russia, the NSA’s PRISM spying program (and Edward Snowden’s leaks about it), and attacks by the hackers of the Syrian Electronic Army had driven new users to seek the safety of a network where speech is still unregulated and relatively free.
But the traffic is fake, according to the Fox IT blog:
Typically, it is fairly clear what the purpose of malware is, such as banking, clickfraud, ransomware or fake anti-virus malware. In this case however it is a bit more difficult. It is possible that the purpose of this malware network is to load additional malware onto the system and that the infected systems are for sale. We have however no compelling evidence that this is true, so this assumption is merely based on a combination of small hints. It does however originate from a Russian spoken region, and is likely motivated by direct or indirect financial related crime.
In fact, although Tor promises completely secure, anonymous browsing that’s undetectable by law enforcement, it has actually been compromised in one way or another for a while now, according to this research paper detailed by The Irish Times.
The paper reveals a “framework”, Mr Wacek said, where 50 per cent of regular Tor users can see their anonymity compromised “within three months” of regular use of the service, while 80 per cent of users would be likely to be identified after six months if their activity was analysed. “We observe that use of BitTorrent is particularly unsafe,” the report added, “and we show that long-lived ports bear a large security cost for their performance needs.”
In addition, the FBI has been using a program called CIPAV that infects Firefox browsers used by people on Tor. The program is thought to ping identifying information fromt the browser to the feds in Reston, Va.
What the Russian botnet wants, however, remains a mystery.