Posted by: Benjamin Vitáris
November 21, 2015
The recent news about the CMU helping the FBI made the Tor Project to realize, they need to improve the security of the domains on the dark web, As it was reported by Jospeh Cox on motheboard.vice They have patched the vulnerability points the attackers took advantage of, however, according to them, there are still improvements to make. Tor is planning to launch several security tweaks to their infrastructure in order to keep the hidden .onion websites actually hidden in the network.
“When a random person sets up a hidden service, they expect that hidden service to be hidden,” Tor developer, ‘d20’, who wants to remain pseudonymous since privacy reasons, made this statement. He also added:
“The plan for the next generation of .onion services includes enhanced security as well as improved performance.” The attack, which has been denied by both the university and the FBI, was focused on the end nodes. “Guard nodes are the first hop of a Tor circuit and hence the only part of the network that can see the real IP address of a hidden service,” d20 said, describing the function of the nodes.
It is a fact, though, that the more guard nodes a network use, the more exposed it will become to cyber attacks, so there might be a bigger chance for the attackers to unmask the users of the hidden service.
“The way Tor currently picks entry guards is not ideal, and the current code that manages this is not bulletproof,” d20 stated.
There’s another attack point of the .onion websites, which is via a “directory server.” These servers store information about hidden services and are required for a user in order to access such sites. However, the directory servers could also be used to harvest the addresses and other details of Tor hidden services if run by an attacker.
“It’s a problem because when a random person sets up a hidden service, they expect that hidden service to be hidden,” said d20.
Dark web sites are hidden for a reason. They can’t be found like “normal” clearnet websites by search engines, if the admin of a .onion domain decides that he does not want to share the website with other people, then only he will know about the site he created on the dark net. However, at the moment, this is only working in theory since law enforcement authorities are working hard to index and to track down most of the illegal hidden websites on the dark side of the internet.
The future improvement to the directory system of Tor is, when a directory server exchanges information with a client, an “ephemeral identity” will be used.
“So now the directory servers never learn the long-term identity,” d20 stated.
“The improvements are already being rolled out,” Kate Krauss, the spokesperson of the Tor Project, informed Motherboard in an online chat.