HSDirs Could Be the Key to Dark Web Intelligence
January 12, 2017
An article on Security Affairs called Boffins spotted over 100 snooping Tor HSDir nodes spying on Dark Web sites points to a new tactic that could be useful to companies offering Dark Web intelligence services. Within the inner workings of the Dark Web live at least 100, according to researchers, malicious hidden service directories (HSDirs). These are the relays of the network that allow people to visit hidden services. The author quotes researchers Filippo Valsorda and George Tankersley who presented at the Hack in the Box Security Conference,
When a person wants to host a hidden service, they have to advertise their service on a Tor Onion database, which is a DHT made up of a group of stable relay machines called HSDirs . The person who wants to visit the hidden service has to request information about that service from the database. Therefore, those relays or HSDirs can see who is making the request for a connection and when you want to connect. Therefore, to deanonymize a user’s traffic, an attacker could choose to become the HSDir nodes for the hidden service.
Additionally, researchers from Karlstad University in Sweden found 25 nodes within the The Onion Router (Tor) which showed entities snooping on the supposedly anonymous network. It appears gaps exist. The research shows an unspecified actor from Russia was eavesdropping. Are these snoopers Dark Web intelligence or cybercriminals? We shall stay tuned.
Megan Feil, January 12, 2017