Tor: Mystery Spike In Hidden Addresses

TOR 'the onion router': In this example onion, the source of the data sends the onion to Router A, which removes a layer of encryption to learn only where to send it next and where it came from (though it does not know if the sender is the origin or just another node). Router A sends it to Router B, which decrypts another layer to learn its next destination. Router B sends it to Router C, which removes the final layer of encryption and transmits the original message to its destination.

A security expert has noticed an unprecedented spike in the number of hidden addresses on the Tor network.

Prof Alan Woodward at the University of Surrey spotted an increase of more than 25,000.onion "dark web" services.

Prof Woodward said he was not sure how best to explain the sudden boom. One possibility, he said, might be a sudden swell in the popularity of Ricochet, an app that uses Tor to allow anonymous instant messaging between users.

Tor, or The Onion Router, allows people to browse the web anonymously by routing their connections through a chain of different computers and encrypting data in the process.

On his blog, Prof Woodward noted there had not been a similar increase in.onion sites in the history of the Tor network.

"Something unprecedented is happening, but at the moment that is all we know," he told the BBC.

"It is hard to know for certain what the reason is for the jump because one of the goals of Tor is to protect people's privacy by not disclosing how they are using Tor," said Dr Steven Murdoch at University College London.

Another curiosity described by Prof Woodward was the fact that, despite the rise of hidden addresses, traffic on the network has not seen a comparable spike. It is generally not possible to decipher the content of traffic on the Tor network

He said there was a chance the spike was due to a network of computers called a botnet suddenly using Tor - or hackers launching ransomware attacks.
It could even be the result of malware that might be creating unique .onion addresses when it infects a victim's computer - though there is no evidence yet for this.

Prof Woodward said that he believed a rise in the use of an anonymous chat app called Ricochet - which has just received a largely positive security audit - is the most likely explanation.

Dr Murdoch said this was indeed a possibility but added that the spike could also be the result of someone running an experiment on Tor.

What is Ricochet?
Ricochet uses the Tor network to set up connections between two individuals who want to chat securely.

The app's website states that this is achieved without revealing either user's location or IP address and that, instead of a username, each participant receives a unique address such as "ricochet:rs7ce36jsj24ogfw".

Ricochet has been available for some time, but on 15 February reasonably positive results of an audit by security firm NCC Group were published.

On his blog, Prof Woodward noted that every new user of Ricochet would create a unique .onion address when setting up the service.

That could account for the surge in services, though he admitted 25,000 new users for the app in just a few days would suggest "spectacular" growth.

BBC: 

« Retailers Are Hardest Hit by Malware
Mobile And IOT Technologies Are Inside The Curve Of Human Time. »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

BitSight Technologies

BitSight Technologies

BitSight transforms how companies manage information security risk with objective, verifiable and actionable Security Ratings.

Gilbert + Tobin

Gilbert + Tobin

Gilbert + Tobin is an Australian corporate law firm serving clients throughout Australia, and around the world, on a broad range of legal issues including cyber security.

LUCY Security

LUCY Security

LUCY is the answer when you want to increase your IT security, maintain your cyber security awareness, or test your IT defenses.

itbox.online

itbox.online

Itbox.online offers IT solutions to ensure that your company's technologies are always available and secure as your business demands.

DCX Technology

DCX Technology

Recognized as a leader in security services, DXC Technology help clients prevent potential attack pathways, reduce cyber risk and improve threat detection and incident response.

OurCrowd

OurCrowd

OurCrowd is a leading equity crowdfunding platform for investing in global startups.

HighPoint

HighPoint

HighPoint is a leading technology infrastructure solutions provider offering consultancy, solutions and managed services for network infrastructure and cybersecurity.

CyberSafe

CyberSafe

CyberSafe is a Portuguese company with a focus on cybersecurity solutions and services including network security, managed security, incident response and forensic analysis.

The ATOM Group

The ATOM Group

ATOM builds and secures technology for regulated industries. We design and build for a future we can all trust.

KryptoKloud

KryptoKloud

KryptoKloud offer a suite of Managed Services including Security Monitoring and Incident Response as well as a full portfolio of Compliance, Governance and Audit solutions.

NetBlocks

NetBlocks

NetBlocks is a global internet monitor working at the intersection of digital rights, cyber-security and internet governance.

Europol - European Cybercrime Centre (EC3)

Europol - European Cybercrime Centre (EC3)

The European Cybercrime Centre (EC3) was set up by Europol to strengthen the law enforcement response to cybercrime in the EU.

Assured Clarity

Assured Clarity

Assured Clarity are a global consultancy, specialising in Risk Management and Data Privacy, through Education, Awareness and Training, throughout an organisation.

BitLyft

BitLyft

BitLyft is a managed detection and response provider that is dedicated to delivering unparalleled protection from cyber attacks for organizations of all sizes.

Vertex Cyber Security

Vertex Cyber Security

Vertex provide Cyber Security Services to small to large businesses including Advise, Consulting, Adding Security Partnership, Penetration Testing, ISO 27001-2 and Audits.

Pistachio

Pistachio

Pistachio is the new evolution of cybersecurity awareness training and attack simulations.