The Tor Project is warning that there may be an upcoming attack on its network infrastructure in the next few days—but it stressed that maintaining user anonymity remains the top priority.
Meanwhile, there has been a curious compromise of an exit node cluster for Tor.
Tor is a network that exists to give those wanting privacy and protection from government surveillance a way to navigate the internet without worrying about being identified or tracked. The would-be attackers will be looking to hijack the service’s directory authorities, it said, which help Tor clients learn the list of relays that make up the Tor network.
“We have learned that there may be an attempt to incapacitate our network…through the seizure of specialized servers in the network called directory authorities,” the company said in a notice on its website. We are taking steps now to ensure the safety of our users, and our system is already built to be redundant so that users maintain anonymity even if the network is attacked.”
The alert stressed, “Tor remains safe to use.”
The author also reminded the attackers—who presumably would be reading the notice—that attempts to disable the Tor network would interfere with all users, not just ones disliked by the attacker.
“The Tor network provides a safe haven from surveillance, censorship, and computer network exploitation for millions of people who live in repressive regimes, including human rights activists in countries such as Iran, Syria and Russia,” the posting said. “People use the Tor network every day to conduct their daily business without fear that their online activities and speech (Facebook posts, email, Twitter feeds) will be tracked and used against them later. Millions more also use the Tor network at their local internet cafe to stay safe for ordinary web browsing. Tor is also used by banks, diplomatic officials, members of law enforcement, bloggers and many others.”
No further technical details were given. But, if the network is affected, Tor said that it will post a notice on its blog and via its Twitter feed @TorProject, along with further information.
In the meantime, Thomas White, who runs an a large exit node cluster for the Tor network as well as a collection of mirrors, warned that his account had been suspended by his ISP, so that he has “lost control of all servers.” He said that the chassis of the servers appeared to have been opened and an unknown USB device plugged in, but only for 30-60 seconds before the connection was broken.
“From experience I know this trend of activity is similar to the protocol of sophisticated law enforcement who carry out a search and seizure of running servers,” he said. But, he also told users to check for malicious code, in the event that this is a result of a state-sponsored cyber-attack.