(Ping! Zine Web Tech Magazine) – Tor, the encryption browsing network used for Internet privacy worldwide, announced on Wednesday that its systems had been compromised earlier this year.
According to a blog post from the company, the hackers targeted users who accessed the Tor hidden services this year between early February and July 4th, warning that all users “should assume they were affected.”
“We know the attack looked for users who fetched hidden service descriptors, but the attackers likely were not able to see any application-level traffic,” says the post. “The attack probably also tried to learn who published hidden service descriptors, which would allow the attackers to learn the location of that hidden service.”
“We don’t know how much data the attackers kept, and due to the way the attack was deployed (more details below), their protocol header modifications might have aided other attackers in deanonymizing users too.”
The developers noted that they have reason to believe that the attackers are from the CERT division of the Carnegie Mellon University Software Engineering Institute, reports The Verge.
Researchers from the SEI were scheduled to talk at a Black Hat conference next month about how to hack into Tor on less than $3,000, though the talk was quickly canceled by the university because it was not approved.
“Eventually we did get some hints from them which is how we started looking for the attacks in the wild,” said the Tor team. “They haven’t answered our emails lately, so we don’t know for sure, but it seems likely that the answer to [whether they’re responsible] is yes.”
Detailed information on the attack can be found here.