Options
Large botnet responsible for the increase in Tor usage
Thought you guys might like this - A couple of weeks ago many noticed a large and sudden increase in Tor usage. There were a bunch of theories on what the cause was. Here is a SANS diary covering it:
https://isc.sans.edu/diary/Tor+Use+Uptick/16478
As it turns out, the owners of the Mevade botnet moved their command-and-control infrastructure over to a Tor server in an attempt to become more stealthy; the idea backfired when the entire bot (estimated 1.5 - 5 million hosts) all began using the Tor service to check in, causing an extremely sudden and visible increase in Tor usage. Their very attempts at obscurity is what ultimately got the botnet noticed.
Darkreading covers it here:
How The Massive Tor Botnet 'Failed' -- Dark Reading
As the article suggests 'the bad guys can screw up, too' - Very interesting closure to the Tor use issue, IMO. So I thought I'd share.
Edit: More detailed reading on the botnet itself at the Fox-IT blog: http://blog.fox-it.com/2013/09/05/large-botnet-cause-of-recent-tor-network-overload/
https://isc.sans.edu/diary/Tor+Use+Uptick/16478
As it turns out, the owners of the Mevade botnet moved their command-and-control infrastructure over to a Tor server in an attempt to become more stealthy; the idea backfired when the entire bot (estimated 1.5 - 5 million hosts) all began using the Tor service to check in, causing an extremely sudden and visible increase in Tor usage. Their very attempts at obscurity is what ultimately got the botnet noticed.
Darkreading covers it here:
How The Massive Tor Botnet 'Failed' -- Dark Reading
As the article suggests 'the bad guys can screw up, too' - Very interesting closure to the Tor use issue, IMO. So I thought I'd share.
Edit: More detailed reading on the botnet itself at the Fox-IT blog: http://blog.fox-it.com/2013/09/05/large-botnet-cause-of-recent-tor-network-overload/
Comments
-
Options
cknapp78
Member Posts: 213 ■■■■□□□□□□
Classic. Reinforces the point to always check your code
-
Options
YFZblu
Member Posts: 1,462 ■■■■■■■■□□
Well the code worked as intended and appears to have been implimented properly; it just wasn't a very well thought out plan all things considered. -
Options
Master Of Puppets
Member Posts: 1,210
Thanks for sharing. Kind of funny, this was one of my first thoughts when they initially started talking about the sudden increase in Tor users.Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for.