Lizard Squad, the group which crippled the Xbox Live and PS Network (again), is now aiming a new target, Tor. In what has already become a mockery of the whole “Secured network” thing, Lizard Squad is now attempting to dominate Tor’s relays to a point, where it is forced to compromise anonymity.
Mentioning their next target in a tweet, the hacker group mentions that they have left Xbox Live ( actually rescued by Kim DotCom) and PSN ( it is still trying to come out of its depression) and are now “testing” out Tor.
To clarify, we are no longer attacking PSN or Xbox. We are testing our new Tor 0day.
— Lizard Squad (@LizardMafia) December 26, 2014
Hi, do you guys still give away shirts for relay owners? We need about 3000 @torproject
— Lizard Squad (@LizardMafia) December 26, 2014
Though Tor has so far been able to sustain the attacks, but it won’t take long for the anonymous internet surfing service to break down. As per certain Tor users on Twitter, Tor has some 8000 relays and Lizard Squad is controlling more than half of them.
There’s a total of ~8,000 Tor relays – @LizardMafia now owns almost half of them. Big implications on Tor anonymity. https://t.co/6RhTLqDS2p
— Nadim Kobeissi (@kaepora) December 26, 2014
This is what the Tor network looks like right now. pic.twitter.com/0QQAGVTRRI
— Nadim Kobeissi (@kaepora) December 26, 2014
Tor provides you anonymity by bouncing your connection over a varied number of volunteer nodes across the globe. However, if an attacker (like Lizard Squad) in this case takes control of a majority of them, then the attacker may be able to eavesdrop on a certain set of users, depending on their vulnerability level.
If Tor infiltrates deep enough (which it may soon, considering its current attacking speed), the hackers will get hold of what users are viewing through Tor.
To further corroborate, Tor’s Atlas and Globe tools are unable to show matches for LizardNSA, displaying an error “Too many matches”. Here’s a screenshot from Atlas :
Incidentally, this is what the Tor Project had tweeted a few days ago :
Possible upcoming attempts to disable the Tor network https://t.co/XRcpy2fX1f #Tor #anonymity #humanrights pic.twitter.com/akUTL8asbK
— torproject (@torproject) December 19, 2014
UPDATE :
The Tor Project has now released a statement :
This looks like a regular attempt at a Sybil attack: the attackers have signed up many new relays in hopes of becoming a large fraction of the network. But even though they are running thousands of new relays, their relays currently make up less than 1% of the Tor network by capacity. We are working now to remove these relays from the network before they become a threat, and we don’t expect any anonymity or performance effects based on what we’ve seen so far.
We have contacted Tor for details and will continue updating the story with more updates.