Tor Project to Fix Bug Exploited for Years in DDoS Attacks

The developers of the Tor Project are preparing to fix a bug that has been used in recent years to launch DDoS attacks against darknet (.onion) websites. This issue is expected to be resolved with the release of the Tor protocol version 0.4.2.

How the Vulnerability Works

The security flaw allows an attacker to disrupt the operation of an Onion service running on a web server that hosts a .onion site. In other words, an attacker can create thousands of connections to the targeted resource.

It’s important to note that for each connection, the Onion service must create a complex circuit through the Tor network to protect the connection between the remote user and the server. This process requires significant CPU resources.

As a result, if a large number of connections are initiated, the server’s processor can become fully loaded (100% CPU usage), making it unable to accept new connections.

A Longstanding Issue

This is a fairly old bug that the Tor developers have known about for many years. They were unable to fix the vulnerability earlier due to a “lack of human resources” and the absence of an easy solution to the problem.

Impact on Darknet Markets

This vulnerability has been used in DDoS attacks against popular darknet markets such as Dream Market, and later against platforms like Empire Market and Nightmare Market. The attacks were so severe that some sites switched from Tor to I2P, a less popular and less publicized alternative to Tor.

Availability of Attack Tools

The problem was made worse by the fact that the source code for tools to carry out such attacks was openly available on GitHub.