(The Hosting News) – Tor, an encryption service used worldwide by everyone from law enforcement to cyber criminals, announced that its systems had been breached earlier this year.
In a blog post published on Wednesday, the Tor team warned users that they “should assume they were affected” if they accessed the Tor hidden services between early February and July 4th.
“We know the attack looked for users who fetched hidden service descriptors, but the attackers likely were not able to see any application-level traffic,” says the company. “The attack probably also tried to learn who published hidden service descriptors, which would allow the attackers to learn the location of that hidden service.”
“We don’t know how much data the attackers kept, and due to the way the attack was deployed (more details below), their protocol header modifications might have aided other attackers in deanonymizing users too.”
Tor developers noted that they suspect the attack was the work of two researchers from Carnegie Mellon University, who were scheduled to talk at a Black Hat conference next month about how to hack into Tor’s systems, though the demonstration was quickly canceled by the university because it was not approved, reports The Verge.
“Eventually we did get some hints from them which is how we started looking for the attacks in the wild,” said the Tor team. “They haven’t answered our emails lately, so we don’t know for sure, but it seems likely that the answer to [whether they’re responsible] is yes.”