Someone Is Running Hundreds of Malicious Servers on the Tor Network and Might Be De-Anonymizing Users

Home Technology Someone Is Running Hundreds of Malicious Servers on the Tor Network and Might Be De-Anonymizing Users
Someone Is Running Hundreds of Malicious Servers on the Tor Network and Might Be De-Anonymizing Users
Image for article titled Someone Is Running Hundreds of Malicious Servers on the Tor Network and Might Be De-Anonymizing Users
Screenshot: Jody Serrano / Gizmodo / Tor Project

New research shows that someone has been running hundreds of malicious servers on the Tor network, potentially in an attempt to de-anonymize users and unmask their web activity. As first reported by The Record, the activity would appear to be emanating from one particular user who shows signs of persistent, sophisticated use, with the resources to run droves of high-bandwidth servers for years on end.

Advertisement

Also referred to as the “Onion router,” Tor is perhaps the world’s best known online privacy platform, and its software and related network are supposed to protect your web browsing activity from scrutiny by hiding your IP address and encrypting your traffic. The network, which was initially launched in 2002, has experienced attacks and malicious activity before, though this recent activity appears to reveal a craftier, less obvious actor than your average cybercriminal.

The malicious servers were initially spotted by a security researcher who goes by the pseudonym “nusenu” and who operates their own node on the Tor network. On their Medium, nusenu writes that they first uncovered evidence of the threat actor—which they have dubbed “KAX17”—back in 2019. After doing further research into KAX17, they discovered that they had been active on the network as far back as 2017.

In essence, KAX appears to be running large segments of Tor’s network—potentially in the hopes of being able to track the path of specific web users and unmask them.