Lizard Squad Attacks Tor Network But Failed To Compromise
Lizard Squad allegedly took down the PSN and Xbox Live network on Christmas, now has turned their attention to hacking the Tor Network.
It all started with a tweet where the hacker collective, Lizard Squad said they have stopped attacking Xbox Live and PSN but have acquired a new target, the Tor network.
Lizard Squad then signed up some 3000 Tor relays on the Tor network. The plan was simply to dominate in the numbers game for the ownership of Tor relay by acquiring about half of all tor relays.
The news broke like wildfire with privacy concerned users cursing the Lizard Squad for attacking the Tor network.
With less knowledge rises more questions
Cursing the Lizards for attacking Tor started as someone tweeted, “Lizards have control over half the total number of relays on Tor network” which they believed had lead to Tor network being compromised by the Lizard Squad.
At least for an hour, many users didn’t use Tor believing the Tor network had been hacked.
Was Tor hacked by Lizard Squad or were they really trying to hack it?
Nadim Kobeissi, a Computer Researcher tweeted a screenshot of what the Tor network looked like after the Lizard Squad signed up the 3000 new Tor relays.
A Tor user remains anonymous because the property of Tor network, where the request of the Tor user is passed through at least three relays. (also known as nodes or routers) The first two relays are called middle relays which passes the users request after encrypting it and hiding the original location of the user to the final exit relay which then completes the users request. Theoretically, a group that controls almost half the total number of Tor nodes or relays could track the traffic over them.
But is it that simple?
Looking at how newly added Tor relay works, it goes through a full phased verification with the first 3 days of phase one it gets roughly no use, thus using a very low bandwidth during this phase. The same can be seen from the image embedded in the above tweet from Nadim Kobeissi. These relays are shown using less bandwidth. Later, these nodes have to pass through three more phases to become fully functional.
Security researcher, Runa Sandvik had worked with the Tor project earlier spreads more light on how the attack was a flop. Sandvik told Zdnet that taking control of a handful of Tor relays by Lizard Squad did not have any affect on Tor anonymiser network or its deanonymising capability. This is because all the relays controlled by Lizard Squad operated on Google Cloud services and in the same IP address range. Also, they only signed up new relays to the Tor network, which then requires several verification steps to get completely active and be a part of the Tor relay network.
Tor later in a statement confirmed, that they were working to remove these relays before they could start working for what it was planned to do.
Tor said, This looks like a regular attempt at a Sybil attack: the attackers have signed up many new relays in hopes of becoming a large fraction of the network. But even though they are running thousands of new relays, their relays currently make up less than 1% of the Tor network by capacity. We are working now to remove these relays from the network before they become a threat, and we don’t expect any anonymity or performance effects based on what we’ve seen so far.
While it seemed as if the attack was a total failure, the Lizard Squad had more plans of lulz for Tor.
They shut down the Tor project’s official website.
Compromising the Tor network became a flop plan. Lizard Squad then changed their minds and DDoS’ed the Tor project’s website.
Calling Tor network a safe home for pedophiles, they started the DDoS.
torproject.org was now down
This angered the privacy lovers, more with the Anonymous collective activists and hacktivists around the Globe asking Lizard Squad to put an end to their evil plans.
Hey @LizardMafia don't fuck with the Tor network. People need that service because of corrupt governments. Stand the fuck down.
— Anonymous (@YourAnonNews) December 27, 2014
While the conversation and lulz between Lizard Squad and some of the world’s top privacy advocates were still going on, many Tor users were still confused about whether the Lizard Squad was able to take down the entire Tor network.
YourAnonNews later confirmed, it was only Tor Project’s website which was down and not the entire Tor network.
The Lizards are DDoSing @torproject's webpage, not the network because – well, they can't.
— Anonymous (@YourAnonNews) December 27, 2014
The DDoS attack lasted a few hours with the Tor’s website now being fully operational.
Final thoughts on the entire Lizard Squad hacks, Tor network drama
Well to be honest, if Lizards would have wanted to compromise the Tor Network, they wouldn’t have publicly announced that they were signing up 3000 new Tor relays.
Why would a hacker even give a small hint of what he is planning to do?
Most probably this was all drama just for the lulz, though DDoS attacks from the Lizard Squad is real trouble for a fully functional organization to stand its strength.
Thanks to Lissa Chapman for helping with this Story
The author Abhishek Kumar Jha
Knowledge is Power