And they’re using this influence to hijack cryptocurrencycryptocurrency transactions, specifically targeting Bitcoin mixer services.
The Tor browser works by bouncing your traffic about several different anonymous relays. This means that it’s very difficult to trace your identity. When, say, a search query hits the final relay, called the “exit relay,” your data the Internet and out pops your search result.
How Malicious Tor Relays are Exploiting Users in 2020 - Part I (Aug 9) https://t.co/tLpxHkh9Pw
Alleges >23% of the Tor network’s exit capacity has been attacking Tor users; e.g. selective removal of HTTP-to-HTTPS redirects.
But the researcher found that hackers at their peak operated 24% of the exit relays on the network, or 380, by May of this year. That’s the most control they’ve had over Tor exit relays in the last five years, the researcher said. Controlling these exit relays, hackers can remove encryption protocols on websites to see the users’ data and manipulate it. And they’re using the control to steal Bitcoin, said the researcher.
“It appears that they are primarily after cryptocurrency related websites—namely multiple bitcoin mixer services. They replaced bitcoin addresses in HTTP traffic to redirect transactions to their wallets instead of the user provided bitcoin address,” said nusenu.
While these sorts of man-in-the-middle attacks are not new, nor are they unique to the Tor browser, the scale of this particular attack is unprecedented, according to the report.
The researcher has been reporting the hackers’ misdeeds to Tor administrators since May and many were taken down on June 21. But the attacker still controls more than 10% of the exit relay nodes, said nusenu.
A leaked INTERPOL manual covering the trade in chemical and biological weapons on the dark web includes advice for transacting in and seizing cryptocurrencies.
The cover of INTERPOL's "Investigating Biological and Chemical Terrorism on the Darknet" manual (Source: INTERPOL)
The manual, titled ‘Investigating Biological and Chemical Terrorism on the Darknet’, coaches law enforcement on best practices for infiltrating the dark web’s contrabandist subcultures. As well as advising investigators on ho...
The vulnerabilities come as a shock to those for whom Tor is the gold standard of anonymity for a web browser. Tor is the interface many use to access the dark web, the underbelly of the Internet that houses drug marketplaces and other illegal activity. The browser is also used by whistleblowers and journalists trying to evade surveillance.
To fix the issue, the researcher suggests a short term solution—limiting the amount of exit relays, and a long term solution—having a certain amount of “known” operators; those may require, say, verifying email addresses or submitting physical addresses.
Daily Debrief Newsletter
Start every day with the top news stories right now, plus original features, a podcast, videos and more.
As catastrophic floods ravage central Texas and North Carolina, emergency responders are using professional and military-grade drones with infrared and real-time video to map flood zones, locate stranded victims, and direct rescue teams.
In Texas, MQ-9 Reapers flying 18,000 feet above the impacted area assisted first responders in locating missing victims of the flooding, including those from Camp Mystic, a summer camp where 27 children and counselors lost their lives.
But while drones assist in...
Minna Bank, Japan’s first digital-only bank and a subsidiary of Fukuoka Financial Group, announced Thursday it is exploring the use of stablecoins and digital wallets to support everyday financial services and payments in the country.
The initiative is part of a joint study in collaboration with Fireblocks, Solana Japan, and Japanese tech firm TIS, aiming to assess the practical applications of stablecoins and decentralized wallets in real-world banking.
The study will examine use cases includin...
If you follow the latest in Bitcoin happenings, then you may have seen the name “Alkanes” pop up on your timeline via Ordinals and Runes enjoyers. But what is it?
Alkanes is a new metaprotocol built on Bitcoin that introduces trustless smart contract functionality to the base layer, without relying on bridges or external execution layers. It allows developers to build apps and launch tokens natively on Bitcoin, expanding the functionality of the original blockchain.
Developed by Oyl Corp, the pr...