Tor: Mystery Spike In Hidden Addresses

Uploaded on 2016-02-29 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

TOR 'the onion router': In this example onion, the source of the data sends the onion to Router A, which removes a layer of encryption to learn only where to send it next and where it came from (though it does not know if the sender is the origin or just another node). Router A sends it to Router B, which decrypts another layer to learn its next destination. Router B sends it to Router C, which removes the final layer of encryption and transmits the original message to its destination.

A security expert has noticed an unprecedented spike in the number of hidden addresses on the Tor network.

Prof Alan Woodward at the University of Surrey spotted an increase of more than 25,000.onion "dark web" services.

Prof Woodward said he was not sure how best to explain the sudden boom. One possibility, he said, might be a sudden swell in the popularity of Ricochet, an app that uses Tor to allow anonymous instant messaging between users.

Tor, or The Onion Router, allows people to browse the web anonymously by routing their connections through a chain of different computers and encrypting data in the process.

On his blog, Prof Woodward noted there had not been a similar increase in.onion sites in the history of the Tor network.

"Something unprecedented is happening, but at the moment that is all we know," he told the BBC.

"It is hard to know for certain what the reason is for the jump because one of the goals of Tor is to protect people's privacy by not disclosing how they are using Tor," said Dr Steven Murdoch at University College London.

Another curiosity described by Prof Woodward was the fact that, despite the rise of hidden addresses, traffic on the network has not seen a comparable spike. It is generally not possible to decipher the content of traffic on the Tor network

He said there was a chance the spike was due to a network of computers called a botnet suddenly using Tor - or hackers launching ransomware attacks.
It could even be the result of malware that might be creating unique .onion addresses when it infects a victim's computer - though there is no evidence yet for this.

Prof Woodward said that he believed a rise in the use of an anonymous chat app called Ricochet - which has just received a largely positive security audit - is the most likely explanation.

Dr Murdoch said this was indeed a possibility but added that the spike could also be the result of someone running an experiment on Tor.

What is Ricochet?
Ricochet uses the Tor network to set up connections between two individuals who want to chat securely.

The app's website states that this is achieved without revealing either user's location or IP address and that, instead of a username, each participant receives a unique address such as "ricochet:rs7ce36jsj24ogfw".

Ricochet has been available for some time, but on 15 February reasonably positive results of an audit by security firm NCC Group were published.

On his blog, Prof Woodward noted that every new user of Ricochet would create a unique .onion address when setting up the service.

That could account for the surge in services, though he admitted 25,000 new users for the app in just a few days would suggest "spectacular" growth.

BBC: 

« Retailers Are Hardest Hit by Malware
Mobile And IOT Technologies Are Inside The Curve Of Human Time. »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Lanner Electronics

Lanner Electronics

Lanner Electronics is a leading hardware provider for advanced network appliances and industrial automation solutions including cyber security.

NordForsk

NordForsk

NordForsk facilitates and provides funding for Nordic research cooperation and research infrastructure. Project areas include digitalisation and digital security.

Cyber Security Austria (CSA)

Cyber Security Austria (CSA)

Cyber Security Austria (CSA) is an independent non-profit association with the aim to address security issues in the area of IT/cyber security of critical/strategic infrastructures in Austria.

iONLINE

iONLINE

iONLINE delivers high quality IT services and solutions to businesses in Azerbaijan.

LightEdge Solutions

LightEdge Solutions

LightEdge’s highly-trained compliance and security experts take the guesswork out of keeping your business protected.

Threatspan

Threatspan

Threatspan is a cybersecurity firm helping shipping and maritime enterprises achieve and maintain nautical resilience in an age of increasing cyber threats.

Axis Security

Axis Security

Axis Security technologies transform open networks and vulnerable applications into fully protected resources that the business can trust.

AirITSystems

AirITSystems

AirITSystems offer companies comprehensive IT security solutions that take all security considerations into account and are tailored to your business.

Federal Bureau of Investigation (FBI) - USA

Federal Bureau of Investigation (FBI) - USA

The mission of the FBI is to protect and defend against intelligence threats, uphold and enforce criminal laws, and provide criminal justice services.

X-Analytics

X-Analytics

X-Analytics is a cyber risk analytics application to create a better way for organizations to understand and manage cyber risk.

CloudGuard

CloudGuard

CloudGuard is an AI-driven XDR platform that helps organisations to proactively detect and automatically remediate threats in real-time.

Applied Insight

Applied Insight

Applied Insight work closely with government agencies and industry to overcome technical and cultural hurdles to innovation, empowering them with the latest cloud, data and cyber capabilities.

Vantyr

Vantyr

Vantyr's core mission is to safeguard the business-led adoption of SaaS applications by automating the lifecycle management and security of non-human identities.

Karthik Consulting (KC)

Karthik Consulting (KC)

Karthik Consulting is a technology service provider specializing in IT services for the U.S. federal government.

QualySec

QualySec

QualySec is a leading cybersecurity firm specializing in comprehensive penetration testing and risk assessment services.

GrabDefence

GrabDefence

GrabDefence enables digital businesses to thrive by safeguarding their ecosystem against fraud risk, digital identity threats and compliance challenges.