First they claimed to have stolen Christmas from millions of gamers, and now they’re going after people's online anonymity. Well, Tor, at least.
“Tor. Anonymity, online" is the tagline of a Tor Internet commercial.
Yes, it would seem the the anonymity-granting Tor service is now the target of the hacking collective known as Lizard Squad — the same group claiming responsibility for taking down Xbox Live and Playstation Network on Christmas Day.
Tor, for those unfamiliar, is an anonymous browsing tool that connects people to the deep web for a wide range of reasons — from illegally purchasing drugs and firearms to whistleblowing.
Friday, users reported seeing an influx of “LizardNSA” IP addresses flood Tor’s network. Specifically, 3,015 of them.
While this doesn’t do much to the Tor network itself, which is created through various relays set up by users’ routers, it could result in deep web users losing their anonymity.
Think of the Tor network like a public company and relays like shares. The more shares, or relays, a single entity controls, the more power that entity has over people's anonymity on the network.
That’s because instead of going through various routers from multiple users, a user's’ connection starts going through various routers from just one entity, who can then track the source. This, in deep web terms, is called a “Sybil attack”.
Speaking to The Washington Post, one alleged member of the Lizard Squad said the group now controls half of the total relays on the Tor network. But the member also admitted very little traffic was going through the relays they controlled.
That low amount of traffic is because, for their first three days in use, all of the fresh Lizard Squad relays are capped at 20 kilobytes per second, a very low amount.
As for how the Lizard Squad pulled this off? Some speculate the group is using thousands of Google Cloud accounts, or it may have something to do with the 3,000 Mega vouchers Kim Dotcom handed over to the group to stop the Xbox and Playstation attack.
Either way, Tor administrators don't seem too worried. A group spokesperson said Tor is currently working to remove the dummy Lizard Squad IP’s before they become a threat and that Tor doesn’t foresee any issues.