The Tor anonymous encryption service offers internet users a way to surf the web with anonymity and prides itself on the level of security it offers. Well it looks as though the network was compromised earlier this year along with some user data, according to a recent Tor developer blog post. It also said that those who used Tor between early February and July 4th of this year „should assume“ they have been in some way affected by the attack.
While not entirely proven, Tor thinks the attackers were from the CERT department at Carnegie Mellon University’s Software Engineering Institute. CERT recently cancelled a black hat hacker conference called „You Don’t Have to be the NSA to Break Tor: Deanonymizing Users on a Budget.“ While the Tor team had no idea what the talk was supposed to be about, it eventually caught wind of how the researchers were going to divulge a way to compromise Tor with $3000 using a series of traffic relays. The group says this information is how it „started looking for the attacks in the wild.“ The folks at Tor also said „we don’t know for sure, but it seems likely that the answer“ as to whether or not it was them appears to be „yes.“