A mysterious group has hijacked Tor exit nodes to perform SSL stripping attacks

Discussion in 'privacy technology' started by mood, Aug 10, 2020.

  1. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    38,093
    A mysterious group has hijacked Tor exit nodes to perform SSL stripping attacks
    Group still controls 10% of all Tor exit nodes today
    August 10, 2020

    https://www.zdnet.com/article/a-mys...-exit-nodes-to-perform-ssl-stripping-attacks/
    How Malicious Tor Relays are Exploiting Users in 2020 (Part I)
     
  2. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    2,329
    I have done some extensive study on this subject as well. All the information above is directed at Crypto because of the profit from theft. It can apply to other areas quite easily. As one that employs Crypto countermeasures personally, may I simply suggest two surefire ways to cover ALL transactions. Regarding mixers, there are some reliable organizations the are full onion. Using onion servers front to back (6 servers) there is NO exit into clearnet so no data can be "picked off". Next, equally impactful, use a hardware wallet where the BTC address is displayed on the device itself. In this way the transaction is SIGNED in a way that ONLY the address on the device will be able to receive the transfer of coins. Not rocket science, but using these two simple methods assures you will not fall prey!
     
  3. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Huh, I thought that everyone knew to do that ;)
     
  4. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    38,093
    Tor security advisory: exit relays running sslstrip in May and June 2020
    August 14, 2020
    https://blog.torproject.org/bad-exit-relays-may-june-2020
     
  5. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    5,554
    Location:
    DC Metro Area
    "Cryptocurrency users targeted by Tor network exit nodes...

    The threat actor still controls a fair number of Tor exit nodes.
    ..

    The threat actor, through its exit relays, performed an SSL stripping attack on traffic headed towards cryptocurrency websites, downgrading the encrypted HTTPS connection to plaintext HTTP...

    Once the scheme was discovered, the exit relays were removed. However it only took a couple of days before the researcher started observing new relays exhibiting the same malicious behavior.

    Despite being outed, the threat actor continues to add new malicious nodes and Nusenu estimates that between 4% and 6% of the Tor exit nodes are still under the control of the threat actor..."

    https://www.techradar.com/news/cryptocurrency-users-targeted-by-tor-network-exit-nodes
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.