The event is not isolated, a similar case was reported in December 2014 by another operator on the Tor mailing list, and also in that case the website suffered a DoS attack. Both operators revealed that their websites were flooded with a significant number of simultaneous connections that paralyzed the hidden service.
The black market is Middle Earth and its operator using the Reddit name MEMGandalf confirmed the attacks on the server.
“Middle Earth and Agora are the focus of the most serious attack TOR has ever seen.” He explained and confirmed that Middle Earth’s operator had reported the flaw to Tor. (The bug report was opened under the name “alberto.”) .
The problem, which is similar to the one reported by another hidden site operator in December on the Tor mailing list, allows attackers to conduct a denial of service attack against hidden sites by creating a large number of simultaneous connections, or “circuits,” via Tor, overwhelming the hidden service’s ability to respond.
The experts analyzing the issue have discovered that it could be caused by a flaw in the negotiation process between a client and the hidden server. It seems that it is possible for an attacker to abuse the “introduce” message, implemented in the Tor Hidden Services protocol and used to negotiate the connection between the client and server. Every time a client sends an “introduce” message to a hidden service it creates a circuit and allocate server resources to manage the request. By sending multiple “introduce” requests to the same hidden service, an attacker could cause a DoS attack.
“Currently, it seems like clients are able to send multiple INTRODUCE1 cells to the IP. The result is that many INTRODUCE2 cells reach the HS, which means that the HS will try to establish multiple rendezvous circuits. This gives a better position to attackers who want to flood a HS with rendezvous circuits (like #15463), since with a single circuit they can cause hundreds of rendezvous.” reports the Tor Project.
The worrying aspect of the Tor flaw is that it is not possible to fix it in the short-term due to its heavy impact on the Tor’s Hidden Services Protocol implementation.
A long term propose includes the use of dedicated bridges (part of Tor’s Proposal 188) to connect larger hidden sites to the Tor network.
(Security Affairs – Tor, hacking)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.