Tor Network's Security Compromised: Attack Targets 'Guard Nodes'

Tor Network's Security Compromised: Attack Targets 'Guard Nodes'

An investigation has revealed that the Tor network, a popular tool for online anonymity, faced a targeted attack on its 'guard nodes'. These nodes, also known as entry servers, facilitate communication via Ricochet. The incident has raised concerns about the network's security and the potential for traffic tracking, particularly given Germany's significant hosting of Tor relays.

The attack employed a temporary analysis method, not exploiting software vulnerabilities but rather relying on long-term traffic monitoring. This approach allows attackers to gather information over time, potentially compromising users' anonymity. The Tor team has since bolstered security by updating Ricochet to the new Ricochet-Refresh version, which includes Vanguard protection.

The updated Ricochet Refresh version, developed by Activision, incorporates several improvements aimed at preventing cheating in Call of Duty: Black Ops 6. These include enforcement of TPM 2.0 and Secure Boot with Remote Attestation via Microsoft, new in-game notifications explaining TPM/Secure Boot errors, and Limited Matchmaking to segregate suspicious accounts. However, security experts warn that attacks using temporal analysis remain possible.

German authorities have previously de-anonymized darknet participants using traffic analysis over time, including those involved with the Boystown platform. The Tor team suspects that a vulnerability in the outdated Ricochet messenger may have been exploited for these de-anonymizations. Following these incidents, users of Tor Browser have questioned the network's security.

The Tor team has taken steps to enhance protection, speed, and performance, including the Ricochet-Refresh update. However, concerns persist about potential traffic tracking, particularly in Germany where the majority of Tor network relays are hosted. As attacks using temporal analysis remain possible, users are advised to stay informed about updates and best practices for maintaining their anonymity.

Read also:

• Web3 gaming platform, Pixelverse, debuts on Base and Farcaster networks
• Amazon customer duped over Nvidia RTX 5070 Ti purchase: shipped item replaced with suspicious white powder; PC hardware fan deceived, discovers salt instead of GPU core days after receiving defective RTX 5090.
• Infiltration of Estonian airspace by Russian military aircraft
• Cyber aggression intensifies by China-backed TA415 group, targeting Taiwan's semiconductor production and supply networks