After the network was hacked by a group of college students, Tor developers are looking into ways to make the anonymizing network more secure.
How Was Tor Hacked?
According to Motherboard, the network was hacked as part of a research project.
The Carnegie Mellon University Software Engineering Institute performed the hack. The group set up their own nodes on the Tor network. Those nodes were the first hops onto the Tor network for some users, which allowed the node to pick up the user’s actual IP address.
The researchers from Carnegie Mellon University went ahead and shared the information they found with the FBI, which caused no shortage of controversy, even among academics. Tor itself was criticized for not more aggressively providing protection against the exploit that the researchers used.
Motherboard revealed in its reporting that the CMU project was funded by a Department of Defense Contract.
There are other vulnerabilities that the Tor group is working to fix, as well.
What They’re Protecting
Tor is widely used by political dissidents to protect their anonymity. Tor has also gotten somewhat notorious as a sheltered place for black marketers such as the now-defunct SilkRoad.
That infamy has made it a target for law enforcement. As Motherboard points out, if law enforcement is able to breach the network, that means that the level of security available for all users is diminished, which could have serious implications for those who use Tor to protect themselves from retribution by authoritarian regimes around the world.
The Tor group has patched the vulnerability that allowed the researchers to work their way into the network.
Is Tor Safe?
Tor is generally regarded as a safe way to protect anonymity on the Internet. It’s also completely free to use the network, making it attractive to those who don’t have the ability to get a paid anonymity service.
To protect against being seen accessing the Tor network, users can employ a VPN. The VPN encrypts all traffic to and from the user’s computer. Without the VPN, an ISP or someone monitoring the connection or checking logs can tell that Tor is being accessed, though Tor’s encryption will protect the actual content from being accessed. VPNs encrypt all data, making it impossible to monitor what the user is accessing.
The US government, in particular the FBI, has recently been aggressive in pursuing ways for law enforcement to get past encryption. While doing so might net a few criminals here and there, it would also expose everyone to potential attacks and make encryption unreliable across the board.