Report: Large malicious attackers once ran 23% of Tor network exit relays

According to a report released by Nusenu, an independent security researcher, since January 2020, large-scale malicious attackers have been adding servers to the Tor service, a privacy protection tool, in order to perform SSL for users who access encrypted currency-related sites through the Tor browser. Strip attack. The attacker selectively deletes the HTTP to HTTPS redirect to fully access ordinary unencrypted HTTP information without causing TLS certificate warnings. It is difficult for Tor Browser users who do not specifically look for “https://” in the URL bar to detect this attack. The malicious attacker once ran 23% of Tor network exit relays in May this year. As of August 8, multiple indicators indicate that the attacker is still running more than 10% of the Tor network’s export capacity. Nusenu has contacted some known affected Bitcoin sites, so these sites can use HSTS preloading to alleviate this situation on a technical level. The above information is sufficient to show that the current relay detection methods are not sufficient to protect against such attacks and pose a greater threat to Tor users. The main responsibility for preventing further harm to Tor users lies in the Tor project and Tor directory authorities (Tor directory authorities, that is, all nodes that maintain the entire Tor network and are responsible for distributing the master list containing all known Tor repeaters).