14 DAY TRIAL // Lizard Squad, the hackers that brought down the gaming networks of Xbox and PlayStation on Christmas day, have shifted focus towards Tor anonymity network, artificially inflating it with no less than 3,000 new relays.
These are systems responsible for routing the connection in the TOR network so that the IP address it originates from becomes anonymous. For increased security, all traffic in Tor is moved through at least three relays, also called nodes, before it is directed towards the intended destination of the user.
Lizard Squad runs a Sybil attack on Tor
On December 26, the hackers announced that they would concentrate their efforts on Tor, motivating that “only hackers, miscreants and pedophiles use Tor.”
The result of their action was an additional 3,015 nodes becoming available in Tor, giving rise to a so-called Sybil attack.
Although this type of people also try to hide their identity, there are plenty of individuals who do not communicate through Tor for nefarious purposes. Journalists and basically anyone trying to escape censorship in their country also use the network.
Tor is an infrastructure that relies on a large number of volunteers that provide machines to carry out the traffic from one node to another inside the network, with certain systems acting as exit points, which pass the data to the destination, without knowing where it comes from.
All data passing from one node to another is encrypted, but if an entity has control over a sufficient number of nodes (at least half), it could be able to determine the original IP address of a request, thus compromising the anonymity of the user.
A Sybil attack means diluting the reputation of a service by controlling a large portion of the network, and thus ensuring that most of the connections pass through the compromised part of the structure.
The bad nodes are no longer part of the network
It goes without saying that the maintainers of Tor have not been sitting idle and deployed defensive actions to ensure that the real identity of the users relying on the network to keep it safe is not exposed.
In a statement on Friday, Tor Project said that the initiative of the hackers was not uncommon and that they “have signed up many new relays in hopes of becoming a large fraction of the network.”
However, despite their efforts, “their relays currently make up less than 1% of the Tor network by capacity,” the statement says.
The maintainers are aware of the machines that have been newly added to the network, and pinpointed the bad ones, which are called LizardNSA. At the moment, it seems that all of them have been eliminated, as per multiple Tor status pages.
By the looks of it, the IP addresses of the Lizard Squad relays are from the Google Cloud service, meaning they are virtual machines rented to run Tor connections.
In the statement from Tor it is said that no impact on anonymity or performance is expected based on what has been seen thus far, mainly because newly added relays are not given too much weight.
Only hackers, miscreants and pedophiles use Tor.
— Lizard Squad (@LizardMafia) December 26, 2014
Hi, do you guys still give away shirts for relay owners? We need about 3000 @torproject
— Lizard Squad (@LizardMafia) December 26, 2014
.@torproject Did you like our little sample? Now imagine 3000 nodes slowly creeping up, from different locations across the world...
— Lizard Squad (@LizardMafia) December 27, 2014
3000 relays, 0.2743% of the Tor network. I can't even be bothered to dredge up the golf clap gif for LizardTeam.
— Eva (@evacide) December 27, 2014