One of the last refuges of dissidents in oppressive regimes has been taken down by hacker agencies working for the US government.
The Tor system, which was often the only way that dissidents could communicate in repressive regimes or that whistle blowers could leak their information, warned that many of its users might have been identified by government-funded researchers.
Tor Project leader Roger Dingledine said the service had identified computers on its network that had been altering Tor traffic for five months in an attempt to unmask users connecting to what are known as “hidden services.”
Dingledine said it was “likely” the attacking computers were operated on behalf of two researchers at the Software Engineering Institute, which is housed at Carnegie-Mellon University, but funded mainly by the US Department of Defence. The computers have been removed from the network, but the damage has already been done.
The pair had been scheduled to speak on identifying Tor users at the Black Hat security conference next month. After Tor developers complained to Carnegie-Mellon, officials there said the research had not been cleared and cancelled the talk.
Dingledine said that users who operated or accessed hidden services from early February through July 4 should assume they were affected.
Those navigating to ordinary websites should be in the clear.
Hidden services include underground drug sites such as the shuttered Silk Road, as well as privacy-conscious outfits such as SecureDrop, which is designed to connect whistle blowers with media outlets.
Dingledine said the physical locations where the hidden services were housed could have been exposed, although probably not the content on them that was viewed by a visitor.
All that matters now is if the spooks will just pop around to the researchers with a warrant and ask that they hand over all the details.
The FBI had no immediate response to questions about whether it would seek the data and the Defence Department was not sure if it had the right to raw research from the Institute.
Dingledine advised users to upgrade to the latest version of its software, which addresses the vulnerability that was exploited. He warned that attempts to break Tor were likely to continue.