DDoS Attacks On TOR

Updated on:


DDOS Attack word cloud with magnifying glass, business concept 3D illustration
Since 5th November 2015 at 1800 UTC, I have found massive DDoS attacks on each of my Tor exit nodes from a common/ source.

Tor can serve as a proxy with exit nodes allowing users to browse anonymously website pages externally on World Wide Web.

As a result, Tor provides moderate anonymity to anyone looking to encrypt communication back to their host device or computer as well as disguise their identity.

The routing obfuscation design in the Tor network offers users added protection for their anonymity.

Tor – DDoS Attacks

The number of DDoS (distributed denial-of-service) attacks on the 2nd quarter of this year was higher than twice that of last year, a new report from Akamai Technologies says.

Your TOR usage is being watched

Mega sized attacks number that are larger than 100 gigabits per second also doubled, while infrastructure layer attacks were up to 134% and application layer attacks increased to 122%.

Also, between January and May 2015, International Business Machines Corporation noted that there were more than 300,000 situations where businesses in the manufacturing industries, communications and finance suffered from cyber-attacks that utilized Tor to hide their origins.

The most famous country for a cyber-attack to come from, since it has a higher number of Tor nodes, was the United States, with 200,000 situations, followed by Netherlands with 150,000 and then Romania with 75,000.

Sometimes, the malware attack is not directed at the business itself, but instead the attackers seek to inject code into vulnerable website servers that serve end users accessing malicious site links to sites that download ransomware onto the user’s personal computer.

The DDoS attacks are increasingly coming from small business and home routers, as well as from WordPress sites that have been hacked.

WordPress currently powers more than a quarter of all websites, and this market share has been increasing continuously over the previous few years as has the website size itself.

The number of third-party WordPress themes and plugins has also been increasing, written by developers with different levels of experience and skills.

Last quarter, Akamai Technologies analyzed 1,322 popular themes and plugins and uncovered 49 previously known vulnerabilities.

The director of Akamai Technologies for adversarial resilience, Erick Kobrin said that Akamai has reached out to the plugins and themes developers, but not all were able or willing to fix the problems.

“We find 5,000 or 10,000 compromised WordPress websites attacking our clients at once, and we are finding more WordPress websites existing out there, so you begin to recognize the growth potential,” He said.

At the beginning of 2014, the favorite distributed DDoS attack strategy was sending messages to misconfigured servers along with spoofed return address; the misconfigured servers would try to reply to those messages, enabling the attackers increase the impact of their traffic.

As the servers got patched, their strategy increasingly became less effective.

But according to the report by Akamai, the strategy is back except this time round, instead of hitting DNS servers or data center serves, the attackers are targeting personal computers on misconfigured home networks.

DDoS Attacks on TOR Exit Nodes

One user of Tor exit nodes posted a PGP-signed message on 9th November this year and had the following warning: “Hey, I am an operator of various exit nodes and would wish to stay anonymous due to the nature of the ongoing attacks.

Since 5th November 2015 at 1800 UTC, I have found massive DDoS attacks on each of my Tor exit nodes from a common/ source.

These attacks originate from the United Kingdom.”

Tor can serve as a proxy with exit nodes allowing users to browse anonymously website pages externally on World Wide Web.

Several website owners such as Quantik have specifically noted that these attacks are “massive,” and linked their finding directly to the Tor Project’s metrics site.

At the time of posting, the site’s graph indicated clearly “A third of Tor relays crashed simultaneously.”

Although this was speculated as a glitch on the Tor metrics website, one of the largest new mysteries was the Abraxas marketplace disappearance.

For several days before Abraxas stopped functioning, users reported extremely slow servers and difficulty in logging into the marketplace.

This could be because of targeted DDoS attack.

It is also worth to remember that in a time like this last year, The DNM community experienced Operation Onymous, an operation by an international law enforcement targeting several darknet markets and several other hidden services on the Tor network.

More than 400 sites were seized which included Hydra, Cloud 9, and Silk Road 2.0.

The operation was a collaborative joint effort by the European Law Enforcement, FBI, HSI, and ICE acting through Eurojust and Europol.

Write for us


The articles and content found on Dark Web News are for general information purposes only and are not intended to solicit illegal activity or constitute legal advice. Using drugs is harmful to your health and can cause serious problems including death and imprisonment, and any treatment should not be undertaken without medical supervision.