Tor: Mystery Spike In Hidden Addresses

Uploaded on 2016-02-29 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

TOR 'the onion router': In this example onion, the source of the data sends the onion to Router A, which removes a layer of encryption to learn only where to send it next and where it came from (though it does not know if the sender is the origin or just another node). Router A sends it to Router B, which decrypts another layer to learn its next destination. Router B sends it to Router C, which removes the final layer of encryption and transmits the original message to its destination.

A security expert has noticed an unprecedented spike in the number of hidden addresses on the Tor network.

Prof Alan Woodward at the University of Surrey spotted an increase of more than 25,000.onion "dark web" services.

Prof Woodward said he was not sure how best to explain the sudden boom. One possibility, he said, might be a sudden swell in the popularity of Ricochet, an app that uses Tor to allow anonymous instant messaging between users.

Tor, or The Onion Router, allows people to browse the web anonymously by routing their connections through a chain of different computers and encrypting data in the process.

On his blog, Prof Woodward noted there had not been a similar increase in.onion sites in the history of the Tor network.

"Something unprecedented is happening, but at the moment that is all we know," he told the BBC.

"It is hard to know for certain what the reason is for the jump because one of the goals of Tor is to protect people's privacy by not disclosing how they are using Tor," said Dr Steven Murdoch at University College London.

Another curiosity described by Prof Woodward was the fact that, despite the rise of hidden addresses, traffic on the network has not seen a comparable spike. It is generally not possible to decipher the content of traffic on the Tor network

He said there was a chance the spike was due to a network of computers called a botnet suddenly using Tor - or hackers launching ransomware attacks.
It could even be the result of malware that might be creating unique .onion addresses when it infects a victim's computer - though there is no evidence yet for this.

Prof Woodward said that he believed a rise in the use of an anonymous chat app called Ricochet - which has just received a largely positive security audit - is the most likely explanation.

Dr Murdoch said this was indeed a possibility but added that the spike could also be the result of someone running an experiment on Tor.

What is Ricochet?
Ricochet uses the Tor network to set up connections between two individuals who want to chat securely.

The app's website states that this is achieved without revealing either user's location or IP address and that, instead of a username, each participant receives a unique address such as "ricochet:rs7ce36jsj24ogfw".

Ricochet has been available for some time, but on 15 February reasonably positive results of an audit by security firm NCC Group were published.

On his blog, Prof Woodward noted that every new user of Ricochet would create a unique .onion address when setting up the service.

That could account for the surge in services, though he admitted 25,000 new users for the app in just a few days would suggest "spectacular" growth.

BBC: 

« Retailers Are Hardest Hit by Malware
Mobile And IOT Technologies Are Inside The Curve Of Human Time. »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

European Council on Foreign Relations (ECFR)

European Council on Foreign Relations (ECFR)

ECFR is a pan-European think-tank conducting research and promote informed debate on European foreign policy. Cyber security is becoming an intrinsic element of foreign policy debate.

Cato Networks

Cato Networks

Cato connects your branch locations, physical and cloud datacenters, and mobile users into a secure and optimized global network in the cloud.

ControlScan

ControlScan

ControlScan is a Managed Security Services Provider (MSSP) - our primary focus is protecting your business and securing your sensitive data.

Array Networks

Array Networks

Array Networks, the network functions platform company, develops purpose-built systems for hosting virtual networking and security functions with guaranteed performance.

Sabasai

Sabasai

Sabasai specialises in all aspects of insider threat management from training and education to building security frameworks and insider threat programs to on-site risk & vulnerability assessments.

Scantist

Scantist

Scantist is a cyber-security spin-off from Nanyang Technological Universiy (Singapore) which leverages its expertise to provide vulnerability management solutions to enterprise clients.

Cyber Police of Ukraine

Cyber Police of Ukraine

Cyber Police of Ukraine is a law enforcement agency within the the Ministry of Internal Affairs of Ukraine dedicated to combating cyber crime.

AppGuard

AppGuard

AppGuard prevents breaches by blocking applications from performing inappropriate processes using our patented dynamic isolation and inheritance technologies.

European Cyber Security Conference

European Cyber Security Conference

EU Cyber Security Conference will debate what Europe’s response to evolving threats in a dynamic global risk landscape should look like and what the next steps for all actors of the ecosystem.

Abion

Abion

At Abion (formerly BRANDIT), we empower your business by providing comprehensive brand protection and web security services.

Intracom Telecom

Intracom Telecom

Intracom Telecom is a global telecommunication systems & solutions vendor offering a complete range of professional services and solutions including Information Security.

Swissbit

Swissbit

Swissbit AG is the leading European manufacturer of storage, security and embedded IoT solutions for demanding applications.

CrossCountry Consulting

CrossCountry Consulting

CrossCountry Consulting is a trusted business advisory firm that provides customized finance, accounting, human capital management, risk, operations and technology consulting services.

SignalFire

SignalFire

SignalFire invest across both enterprise and consumer sectors at the seed and early growth stages.

Oregon Systems

Oregon Systems

Oregon Systems is a Regional Leader & Distributor with value added services for OT, IoT, IIoT & IT Cybersecurity products, Solutions & professional services throughout the middle-east region.

Infisign

Infisign

Infisign addresses the challenges of traditional IAM systems and offers a comprehensive solution for modern identity management.