Tor: Mystery Spike In Hidden Addresses

Uploaded on 2016-02-29 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

TOR 'the onion router': In this example onion, the source of the data sends the onion to Router A, which removes a layer of encryption to learn only where to send it next and where it came from (though it does not know if the sender is the origin or just another node). Router A sends it to Router B, which decrypts another layer to learn its next destination. Router B sends it to Router C, which removes the final layer of encryption and transmits the original message to its destination.

A security expert has noticed an unprecedented spike in the number of hidden addresses on the Tor network.

Prof Alan Woodward at the University of Surrey spotted an increase of more than 25,000.onion "dark web" services.

Prof Woodward said he was not sure how best to explain the sudden boom. One possibility, he said, might be a sudden swell in the popularity of Ricochet, an app that uses Tor to allow anonymous instant messaging between users.

Tor, or The Onion Router, allows people to browse the web anonymously by routing their connections through a chain of different computers and encrypting data in the process.

On his blog, Prof Woodward noted there had not been a similar increase in.onion sites in the history of the Tor network.

"Something unprecedented is happening, but at the moment that is all we know," he told the BBC.

"It is hard to know for certain what the reason is for the jump because one of the goals of Tor is to protect people's privacy by not disclosing how they are using Tor," said Dr Steven Murdoch at University College London.

Another curiosity described by Prof Woodward was the fact that, despite the rise of hidden addresses, traffic on the network has not seen a comparable spike. It is generally not possible to decipher the content of traffic on the Tor network

He said there was a chance the spike was due to a network of computers called a botnet suddenly using Tor - or hackers launching ransomware attacks.
It could even be the result of malware that might be creating unique .onion addresses when it infects a victim's computer - though there is no evidence yet for this.

Prof Woodward said that he believed a rise in the use of an anonymous chat app called Ricochet - which has just received a largely positive security audit - is the most likely explanation.

Dr Murdoch said this was indeed a possibility but added that the spike could also be the result of someone running an experiment on Tor.

What is Ricochet?
Ricochet uses the Tor network to set up connections between two individuals who want to chat securely.

The app's website states that this is achieved without revealing either user's location or IP address and that, instead of a username, each participant receives a unique address such as "ricochet:rs7ce36jsj24ogfw".

Ricochet has been available for some time, but on 15 February reasonably positive results of an audit by security firm NCC Group were published.

On his blog, Prof Woodward noted that every new user of Ricochet would create a unique .onion address when setting up the service.

That could account for the surge in services, though he admitted 25,000 new users for the app in just a few days would suggest "spectacular" growth.

BBC: 

« Retailers Are Hardest Hit by Malware
Mobile And IOT Technologies Are Inside The Curve Of Human Time. »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Maureen Data Systems (MDS)

Maureen Data Systems (MDS)

Our mission at Maureen Data Systems is to digitally transform business environments with the use of cloud infrastructure, security and privacy controls, data analytics, and managed services.

Security Weekly

Security Weekly

Security Weekly provides free content within the subject areas of IT security news, vulnerabilities, hacking, and research.

Fieldfisher

Fieldfisher

Fieldfisher's Technology, Outsourcing & Privacy Group has class-leading expertise in privacy, data & cybersecurity, digital media, big data, the cloud, mobile payments and mobile apps.

Evidian

Evidian

Evidian, a Bull Group company, is the European leader and one of the major worldwide vendors of identity and access management software.

CERT.hr

CERT.hr

CERT.hr is the national authority competent for prevention and protection from computer threats to public information systems in the Republic of Croatia.

HackLabs

HackLabs

HackLabs is a penetration testing company providing services for network security, web application security and social engineering testing.

Fox-IT

Fox-IT

Fox-IT prevents, solves and mitigates the most serious cyber threats with smart solutions for governmental bodies, defense, law enforcement, critical infrastructure, banking and large enterprises.

Nok Nok Labs

Nok Nok Labs

Nok Nok is a market leader in next generation authentication for cloud, mobile and IoT applications.

Innovation Cybersecurity Ecosystem at BLOCK71 (ICE71)

Innovation Cybersecurity Ecosystem at BLOCK71 (ICE71)

Innovation Cybersecurity Ecosystem at BLOCK71 (ICE71) is Singapore's first cybersecurity entrepreneur hub.

Stratejm

Stratejm

Stratejm, a Next Generation Managed Security Services Provider, brings innovation and thought leadership to the fight against cyber criminals.

CyberSheath Services International

CyberSheath Services International

CyberSheath integrates your compliance and threat mitigation efforts and eliminates redundant security practices that don’t improve and in fact might probably weaken your security posture.

DeepFactor

DeepFactor

DeepFactor is the industry’s first Continuous Observability platform enabling Engineering and AppSec teams to find and triage RUNTIME security, privacy, and compliance risks in your applications.

BaaSid

BaaSid

BaaSid is next generation security technology for data security & security authentication based on De-centralized & Blockchain.

Aleo

Aleo

Aleo is building the world's leading developer platform for enabling absolute privacy on blockchains.

Zerify

Zerify

Zerify offers the industry’s only video conferencing platform built with a zero-trust architecture to keep your meetings secure, private and business compliant.

Auriga

Auriga

Auriga create innovative software and have become a benchmark for high quality banking software including cyber security solutions to protect business critical devices.