On April 4, the Mossos d'Esquadra announced that they had launched a denial of service attack - popularly known as DDoS - against the page that RansomHouse has on the Tor network and where it hosted 4.5 GB of stolen data. to the Hospital Clínic in the infiltration that this group of hackers carried out on the systems of this hospital center on March 5. The action was partially successful, as the page remained offline until it came back online on Sunday, April 9, although the stolen data could not be downloaded.
Last Thursday, for less than three hours, the data was accessible again, until it was attacked again and went offline again. But the next day, the hackers managed to raise it again, in what seems to be a war of attacks and successive counterattacks in which the Catalan police and RansomHouse have entered.
One of the surprising things was that, to date, DDoS attacks were not believed to be possible on Tor. This network is part of what is known as the dark web, which is estimated to contain 6% of all Internet content. To access it you need special software. Tor is not the only one, but it is the most popular network on the dark web, since there are others such as Freenet and I2P, for example. It should not be confused with the deep web, which is the part of the internet that is not publicly accessible and is not indexed, such as all those sites that require a password to access -banking services, etc-, academic databases or company data repositories. The deep web is the lion's share of network content, as it represents 90% of the total.
The network that we all use every day, public and indexed, contains only 4% of the content of the internet. In any case, the big difference with the dark web is the system or the routing protocol or, what is the same, the way in which the information circulates through the network. Tor uses routes between a series of nodes to pass the user's request to the server that contains the information they want to see and from the server to the user who made the request. These routes are random for both the outbound and return paths. In addition, the information between the nodes is encrypted and each one of the nodes only knows the next node to which it has to send it, but it does not know what information it is sending or who has made the request, or from which server the information is sent. .
This makes Tor a network that ensures the anonymity and privacy of the actors that operate on it (servers and browsers). In addition, the design of its communication protocols is precisely what was believed to make it invulnerable to denial of service attacks, which are among the most common on the public Internet. But not anymore.
Tor is currently an open source project that began in the mid-1990s at the United States Navy's Naval Research Lab, when it became clear that the Internet was insecure and could be used for surveillance and security purposes. tracking. It was deployed for the first time in October 2002 and since 2006 it has been managed by the Tor Project In., a non-profit organization. It was this same organization that warned, in February of this year, that something was up and that "for at least seven months, several different types of continuous denial-of-service (DDoS) attacks have affected the Tor network. At some points , the attacks affected the network severely enough that users were unable to load pages or access services."
At the same time, it added that "we have been working hard to mitigate the impact and defend the network from these attacks. The methods and targets of these attacks have changed over time and we are adapting as these attacks continue. It is not possible determine with certainty who is carrying out these attacks or their intentions". Finally, they asked for financial support - about $215,000 - to be able to cover the technical developments necessary for Tor to "mitigate the impact of these attacks."
Obviously, those responsible for Tor do not offer details of how these attacks have been produced or what vulnerability they have exploited, but sources consulted by La Vanguardia talk about the possibility that the attackers have introduced malicious nodes in Tor. According to the Stack Overflow site, whose Tor services have also been affected by the DDoS, the DDoS were received from Tor exit nodes.
In Tor, thanks to the anonymity it offers, you can find sites dedicated to the forgery of documents and credit cards, extreme pornography, the sale of weapons and drugs, among many other illegal activities. From this point of view, the fact that it is more difficult to access this network, there are those who may consider it something positive. But nothing further from reality.
The same thing that makes this network the ideal refuge for cybercriminals - its security, anonymity and the difficulty of tracing - makes it ideal for the secure exchange of information. Tor is used by the US military and by a host of activists working in countries where rights and democracy are in jeopardy.
In the same way, in Tor there are services such as Secure Drop that some media outlets such as The Guardian use so that readers can send them information anonymously. This service was created by activist Aaron Swartz and is now administered by the Freedom of the Press Foundation, whose executive committee is a member of Edward Snowden. Or Global Leaks, which the Barcelona City Council uses to maintain an anonymous mailbox so that citizens can report, for example, cases of corruption. Also Tails, a distribution of Linux -the most popular operating system in the world- designed to preserve privacy and anonymity, and which can be downloaded from its website on Tor to further ensure this anonymity. During the preparation of the 1-O referendum in Catalonia, some activists used Tails to leave no trace on the equipment they used.
