privacy in peril - criminals abusing tor for malicous behavior should be blocked, right?

https://torflow.uncharted.software/

criminals abusing tor for malicous behavior should be blocked, right?

“50% of the attacks are leveraging the Tor anonymity service to mask their true origins”

https://thehackernews.com/2021/12/new-local-attack-vector-expands-attack.html

this could destroy the “honest” part of the network that truly exists, because it could criminalize the honest users, that want nothing but avoid a #1984 style of digital dictatorship.

or is malbehaving small group found in every nation just something that the tor network / democracy has to tolerate for the sake of freedom of speech & privacy?

There are many many attacks on Tor in order to try to break it

(just recently a probably gov sponsored group called KAX17)

“Given the number of servers run by KAX17 the calculated probability of a Tor user connecting to the Tor network through one of KAX17’s servers was 16%, there was a 35% chance they would pass through one of its middle relays, and up to 5% chance to exit through one.” (src)

This is a problem that probably can be fixed, but what about the first one?

https://dwaves.de/2020/05/13/economic-distress-what-corona-covid19-means-for-the-team-behind-tor-misbehaving-tor-directories/

#linux #gnu #gnulinux #opensource #administration #sysops #tor #log4j #attacks #cybersec #cyber #itsec #privacy #KAX17 #1984

Originally posted at: https://dwaves.de/2021/12/21/privacy-in-peril-criminals-abusing-tor-for-malicous-behavior-should-be-blocked-right/

Bad Tor Relays

Tracking down the source for this allegation.

It started with a post from Schneier on his blog. I get this as a news feed. https://www.schneier.com/blog/archives/2021/12/someone-is-running-lots-of-tor-relays.html

Schneier links to this. https://therecord.media/a-mysterious-threat-actor-is-running-hundreds-of-malicious-tor-relays/

That led to Nusenu, and just a little more work led to what I think is the ultimate source.

https://nusenu.medium.com/is-kax17-performing-de-anonymization-attacks-against-tor-users-42e566defce8

---

Summary
- A mysterious actor which we gave the code-name KAX17 has been running large fractions of the tor network since 2017, despite multiple attempts to remove them from the network during the past years.
- KAX17 has been running relays in all positions of a tor circuit (guard, middle and exit) across many autonomous systems putting them in a position to de-anonymize some tor users.
- Their actions and motives are not well understood.
- We found strong indicators that a KAX17 linked email address got involved in tor-relays mailing list discussions related to fighting malicious relays.
- Detecting and removing malicious tor relays from the network has become an impractical problem to solve.
- We presented a design and proof of concept implementation towards better self-defense options for tor clients to reduce their risk from malicious relays without requiring their detection.
- Most of the tor network’s exit capacity (>50%) supports that design already. More guard relays adopting the proven domain are needed (currently at around 10%).

#tor #tor-relay #tor-relays #privacy #security #surveillance #spying #tor-network #threat-actor #kax17

#KAX17 threat actor is attempting to deanonymize #Tor users running thousands of rogue relays

source: https://cybersecurityworldconference.com/2021/12/03/kax17-threat-actor-is-attempting-to-deanonymize-tor-users-running-thousands-of-rogue-relays/

Controlling these relays it is possible to see which website the user connects to and, if an insecure connection is used, it is also possible to manipulate traffic. In May 2020, the threat actor managed to control over 380 Tor exit nodes, with a peak on May 22, when he controlled the 23.95% of Tor exit relay.

Workaround: use only trusted exit nodes! -> https://communitydocs.accessnow.org/147-Tor_force_exit_nodes.html

#Anonymous #anonymity #privacy #darknet #NSA #surveillance #browser #internet #security #hack

A mysterious threat actor is running hundreds of malicious Tor relays

- Security researcher claims to have identified threat actor running thousands of malicious servers.
- Researchers claims the attacker may be trying to deanonymize and identify Tor users.
- Evidence suggests the attacker, tracked as KAX17, is sophisticated and well-resourced.
- The Tor Project has removed hundreds of KAX17 servers in October and November 2021.

Since at least 2017, a mysterious threat actor has run thousands of malicious servers in entry, middle, and exit positions of the Tor network in what a security researcher has described as an attempt to deanonymize Tor users.

full article

#TOR #internet #security #privacy #TheRecord #tech #software #KAX17 #TorProject