How Tor Network Performance Can Be Degraded for Just a Few Thousand Dollars a Month

By Riley ThompsonTechnology News

Researchers Reveal How Tor Network Performance Can Be Degraded for a Low Cost

Experts from Georgetown University and the U.S. Naval Research Laboratory presented an intriguing report at the USENIX conference, focusing on the degradation of Tor network performance. According to their findings, it is possible to significantly disrupt Tor’s functionality using simple DDoS attacks targeting TorFlow, Tor bridges, and specific nodes. Even more concerning, such attacks could cost only thousands or tens of thousands of dollars per month—a trivial amount for “government hackers” or major cybercriminal groups.

Targeting the Entire Tor Network vs. Specific Components

Attacking the entire Tor network is an unrealistic goal. For a full-scale DDoS attack, an attacker would need at least 512.73 Gbps of bandwidth, costing around $7.2 million per month. However, the researchers argue that such drastic measures are unnecessary.

Instead, they suggest focusing on Tor bridges—special entry nodes whose IP addresses are not publicly listed, making them difficult to block. The Tor Browser includes a list of pre-installed bridges, and additional settings can be found at bridges.torproject.org. Bridges help users bypass censorship in countries where authorities actively try to block Tor.

Cost of Attacking Tor Bridges

Currently, not all Tor bridges are operational (the researchers found only 12 working bridges at the time of their study). A DDoS attack on these would cost just $17,000 per month. Even if all 38 bridges were active, attacking them would cost only $31,000 per month.

Attacking TorFlow: The Load Balancing System

Another possible attack scenario involves DDoS attacks on TorFlow, the load balancing system within the Tor network that distributes traffic to prevent server overload and slowdowns. According to the researchers, a sustained DDoS attack on TorFlow using publicly available DDoS services would cost only $2,800 per month. Their simulations showed that such an attack could reduce the average client download speed by 80%.

Targeting Specific Tor Nodes

The third attack scenario involves targeting the most common type of Tor servers—specific relay nodes. Instead of DDoS attacks, this approach exploits logical errors within Tor itself to slow down performance and increase content loading times. Such vulnerabilities have been used for years by malicious actors and rival hacker groups, and Tor developers continually work to fix these bugs.

According to the experts, attacks on specific .onion resources are also quite affordable. For example, an attacker could increase the average traffic load time on a particular site by 120% for just $6,300 per month, or by 47% for only $1,600 per month.

Implications and Conclusions

“It is well known that governments sponsor DoS attacks, and the simplicity and low cost of our proposed attacks suggest that authorities could use them to undermine Tor both in the short and long term. We believe that governments might choose DoS as an alternative to traffic filtering, since Tor continually improves its ability to bypass blocks and censorship,” the researchers write.

Worse yet, the researchers believe that these attack vectors could be even more effective than Sybil attacks, which involve infiltrating the Tor network with malicious nodes to collect metadata, sniff exit nodes, and even deanonymize users. In other words, the analysts are confident they have found a cheaper and more reliable strategy for degrading Tor network performance compared to attempts at traffic deanonymization.

Leave a Reply