And they’re using this influence to hijack cryptocurrencycryptocurrency transactions, specifically targeting BitcoinBitcoin mixer services.
The Tor browser works by bouncing your traffic about several different anonymous relays. This means that it’s very difficult to trace your identity. When, say, a search query hits the final relay, called the “exit relay,” your data the Internet and out pops your search result.
How Malicious Tor Relays are Exploiting Users in 2020 - Part I (Aug 9) https://t.co/tLpxHkh9Pw
Alleges >23% of the Tor network’s exit capacity has been attacking Tor users; e.g. selective removal of HTTP-to-HTTPS redirects.
But the researcher found that hackers at their peak operated 24% of the exit relays on the network, or 380, by May of this year. That’s the most control they’ve had over Tor exit relays in the last five years, the researcher said. Controlling these exit relays, hackers can remove encryption protocols on websites to see the users’ data and manipulate it. And they’re using the control to steal Bitcoin, said the researcher.
“It appears that they are primarily after cryptocurrency related websites—namely multiple bitcoin mixer services. They replaced bitcoin addresses in HTTP traffic to redirect transactions to their wallets instead of the user provided bitcoin address,” said nusenu.
While these sorts of man-in-the-middle attacks are not new, nor are they unique to the Tor browser, the scale of this particular attack is unprecedented, according to the report.
The researcher has been reporting the hackers’ misdeeds to Tor administrators since May and many were taken down on June 21. But the attacker still controls more than 10% of the exit relay nodes, said nusenu.
A leaked INTERPOL manual covering the trade in chemical and biological weapons on the dark web includes advice for transacting in and seizing cryptocurrencies.
The cover of INTERPOL's "Investigating Biological and Chemical Terrorism on the Darknet" manual (Source: INTERPOL)
The manual, titled ‘Investigating Biological and Chemical Terrorism on the Darknet’, coaches law enforcement on best practices for infiltrating the dark web’s contrabandist subcultures. As well as advising investigators on ho...
The vulnerabilities come as a shock to those for whom Tor is the gold standard of anonymity for a web browser. Tor is the interface many use to access the dark web, the underbelly of the Internet that houses drug marketplaces and other illegal activity. The browser is also used by whistleblowers and journalists trying to evade surveillance.
To fix the issue, the researcher suggests a short term solution—limiting the amount of exit relays, and a long term solution—having a certain amount of “known” operators; those may require, say, verifying email addresses or submitting physical addresses.
Daily Debrief Newsletter
Start every day with the top news stories right now, plus original features, a podcast, videos and more.
When Netflix quietly announced plans to remove “Bandersnatch”—the groundbreaking interactive episode from Black Mirror—futurist and journalist Katie Schultz launched a campaign to preserve what she calls a pivotal moment in streaming history.
Outraged at what she saw as the quiet erasure of a significant chapter in streaming innovation, Schultz launched a Change.org petition to preserve Bandersnatch—and within days, it gathered more than 6,500 signatures from show supporters.
“This isn't just ab...
Brazil might pull the plug on popular chat app Discord after a failed terrorist attack at Lady Gaga's mega-concert revealed the platform was used to plan violence against LGBTQ+ attendees.
Brazilian Deputy Guilherme Boulos formally requested Discord's suspension last week, just days after police foiled a plot to attack Lady Gaga's May 3 show at Copacabana Beach—a massive event that drew over 2.1 million people. Authorities conducted their "Fake Monster" operation across four states, executing 15...
People are being tricked into downloading fake AI tools as a way to spread the information stealer malware Noodlophile.
This malware is able to harvest browser credentials, cryptocurrency wallet information and more sensitive data, according to a security researcher.
Morphisec researcher Shmuel Uzan said, in a report, "Instead of relying on traditional phishing or cracked software sites, they build convincing AI-themed platforms – often advertised via legitimate-looking Facebook groups and viral...