The Tor encryption service is a high-profile bastion of computer security, but the project appears to have been compromised earlier this year. Anyone who used Tor between early February and July 4th of 2014 should assume they were affected by the attack, says the Tor team. The attackers specifically looked for who was retrieving the public keys to hidden services, but they likely were not able to see any application-level traffic (e.g. The attack probably also tried to learn who published hidden service descriptors, which would allow the attackers to learn the location of that hidden service. Its possible, but less likely, that they also attempted to identify users who were just browsing the ordinary web through Tor.
Comments are closed.
