Someone Is Hijacking Tor Exit Nodes to Conduct MITM Attacks

  • A group of actors is engaging in cryptocurrency transaction redirections by hijacking Tor nodes.
  • This has been going on since December 2019, peaked in May 2020, and is ongoing to this day.
  • The Tor Project is slowly but steadily failing, as it can no longer manage the privacy and security risks of its users.

Security researcher ’nusenu’ is reporting about an alarming case of a large-scale Tor relay hijack by an unknown actor. More specifically, the researcher has noticed increased malicious Tor exit relay activity in December 2019, and warned both the project and the community about it.

Still, until today, no real risk mitigation systems have been implemented. According to the researcher, the main focus of the actors seems to be crypto-currency related websites and bitcoin mixer services in particular.

relay stats
Source: Medium

The mysterious exit node hijackers could be a group that is looking to steal money by redirecting the transactions to their wallets, or international law enforcement authorities aiming to trace web criminals. Although anything is possible, the indicators point to the former as being the most likely scenario. ‘nusenu’ has recorded money redirections on numerous occasions. Hence, the motive seems to be clear, and it’s to make a profit.

The peak of the activity was in May 2020, when the actor was in control of about 23% of all Tor network exit nodes. Even now, there are multiple indicators that the actor still runs over 10% of the Tor network’s exit capacity, so the attack is far from being over. The researcher preferred to keep some of the indicators secret so as not to burn them.

Tor users are at risk, and their chances of having their traffic passed through an exit node controlled by a malicious actor are unacceptably high. The researcher suggested some mitigating plans since last December, with email address verification for users who want to gain exit or guard relay flag being one of them.

Additionally, anyone operating more than 0.5% of Tor’s exit or guard nodes could be compelled to declare a physical address and verify it. However, Tor hasn’t bothered to proceed with any plans and just removed some of the reported relays. Since June, they even stopped removing the reported relays altogether, so everything was left to chance.

Related: Researcher Discovered Two Zero-Days on Tor, but There Are More

The Tor Project has a serious resource shortage problem, which we have discussed before, and as time passes, the security of the Tor Network is getting worse. We are now at a point where Tor can be characterized as unsafe for most critical applications.

A few weeks back, Dr. Neal Krawetz pleaded for attention on two highly risky zero-days he had reported to Tor a long time ago. He also warned about three even worse zero-days that could be used to de-anonymize Tor users and compromise the network.

How to Watch Hot Wheels: Ultimate Challenge Online from Anywhere
Hot Wheels: Ultimate Challenge is a new car makeover competition show, and the best part is that you’ll be able to stream...
How to Watch Gender Wars Online Free: Stream the Documentary from Anywhere
Gender Wars is a new British documentary that tackles a question that’s been asked more frequently lately: what is a woman? You’ll...
How to Watch America’s Got Talent Season 18 Online: Live Stream AGT from Anywhere
America's Got Talent Season 18 is back with a new set of episodes, and we have all the important details you may...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari