Officials with the Tor privacy service have uncovered an attack that may have revealed identifying information or other clues of people operating or accessing anonymous websites and other services over a five-month span beginning in February.

The campaign exploited a previously unknown vulnerability in the Tor protocol to carry out two classes of attack that together may have been enough to uncloak people using Tor Hidden Services, an advisory published Wednesday warned. Tor officials said the characteristics of the attack resembled those discussed by a team of Carnegie Mellon University researchers who recently canceled a presentation at next week's Black Hat security conference on a low-cost way to deanonymize Tor users. But the officials also speculated that an intelligence agency from a global adversary might have been able to capitalize on the exploit.

Either way, users who operated or accessed hidden services from early February through July 4 should assume they are affected. Tor hidden services are popular among political dissidents who want to host websites or other online services anonymously so their real IP address can't be discovered by repressive governments. Hidden services are also favored by many illegal services, including the Silk Road online drug emporium that was shut down earlier this year. Tor officials have released a software update designed to prevent the technique from working in the future. Hidden service operators should also consider changing the location of their services. Tor officials went on to say:

Unfortunately, it's still unclear what "affected" includes. We know the attack looked for users who fetched hidden service descriptors, but the attackers likely were not able to see any application-level traffic (e.g. what pages were loaded or even whether users visited the hidden service they looked up). The attack probably also tried to learn who published hidden service descriptors, which would allow the attackers to learn the location of that hidden service. In theory the attack could also be used to link users to their destinations on normal Tor circuits too, but we found no evidence that the attackers operated any exit relays, making this attack less likely. And finally, we don't know how much data the attackers kept, and due to the way the attack was deployed (more details below), their protocol header modifications might have aided other attackers in deanonymizing users too.

The first attack, known as a traffic confirmation attack, works when the adversary controls or observes relays on both ends of a Tor circuit and compares traffic timing, volume, or other characteristics to discover pairs of relays on the same circuit. When the first relay in a circuit knows the IP address of the user and the last relay knows the destination of the Tor hidden service, the attacker can deanonymize the user.

Worries about a “large intelligence agency”

The attackers injected a signal into Tor protocol headers that could be read by relays on the other end of a circuit. When Tor users connected to an attacker-controlled hidden service relay, the relay sent the hidden service name in an encoded format through the circuit. When other attacking relays were randomly chosen as the first hop of a circuit, they would learn which clients requested information about a hidden service. The injection leaked potentially privacy-breaking information that could be detected not only by the attackers but also by anyone else who may have been running a relay and looking for the encoded traffic. The advisory stated:

And we might also worry about a global adversary (e.g. a large intelligence agency) that records Internet traffic at the entry guards and then tries to break Tor's link encryption. The way this attack was performed weakens Tor's anonymity against these other potential attackers too—either while it was happening or after the fact if they have traffic logs. So if the attack was a research project (i.e. not intentionally malicious), it was deployed in an irresponsible way because it puts users at risk indefinitely into the future.

The traffic confirmation attack was combined with a Sybil attack, in which adversaries create large numbers of pseudonymous identities on a targeted network to gain a disproportionately large influence. The attack observed earlier this year wielded about 115 fast non-exit relays (all running on the IP blocks 50.7.0.0/16 or 204.45.0.0/16). Collectively, they acted as "entry guards" for a "significant chunk of users over their five months of operation," the advisory explained.

One of the questions that remains unanswered, according to Wednesday's advisory, is "Was this the Black Hat 2014 talk that got canceled recently?" The advisory went on to say: "We spent several months trying to extract information from the researchers who were going to give the Black Hat talk, and eventually we did get some hints from them about how 'relay early' cells could be used for traffic confirmation attacks, which is how we started looking for the attacks in the wild. They haven't answered our e-mails lately, so we don't know for sure, but it seems like that answer ... is 'yes.' In fact, we hope they were the ones doing the attacks, since otherwise it means somebody else was."

Tor officials said they still don't know if they have uncovered all the malicious relays, if the malicious relays targeted points outside of the Tor hidden services, and if the data collected has been destroyed.