Lizard Patrol, the hacking group claiming responsibility for the Christmas attacks on PlayStation and Xbox Live, has announced a new target: Tor, the anonymous internet service.
The hacker group appears to be attempting to dominate Tor’s relays to the point where it can comprise anonymity. Tor keeps you anonymous by bouncing your communications around a network of volunteer nodes. But if one group is controlling the majority of the nodes, it could be able to eavesdrop on a substantial number of vulnerable users. Which means Lizard Squad could gain the power to track Tor users if it infiltrates enough of the network.
So far, they have already established over 3000 relays, nearly half of the total number. That’s very not good.
“Someone who claims to be a part of Lizard Squad has set up a large number of Tor relays. That’s it,” Runa A. Sandvik, an advocate with the Tor project, told me.
Update: The Tor Project has released a statement about the attack. “This looks like a regular attempt at a Sybil attack: the attackers have signed up many new relays in hopes of becoming a large fraction of the network. But even though they are running thousands of new relays, their relays currently make up less than 1% of the Tor network by capacity. We are working now to remove these relays from the network before they become a threat, and we don’t expect any anonymity or performance effects based on what we’ve seen so far.” So hopefully this gets nipped in the trollish bud before anonymity is affected.