A major cyberattack used havoc and made accessing the darknet difficult, which ended up leaving many users unable to connect, in late October 2024. The attack, which lasted from October 29 to November 7, caused widespread interruptions and in turn, raised serious problems about online security and privacy, which need solutions.
Key Insights
- Between October 29 and November 7, 2024, a cyberattack disabled 50 to 150 Tor nodes
- The attackers claimed their motive was to combat child pornography, but cybersecurity experts rejected this, suggesting the claim served as a cover for unknown objectives.
- The attack coincided with the U.S. election on November 5, prompting theories of potential election-related interference.
- The hackers used IP address spoofing to flood the Tor network, causing internet providers to shut down nodes. It required advanced technical expertise and substantial resources.
- The true motives and identities of the attackers remain unknown
Attackers Claim Ethical Motive
The attackers claimed they wanted to fight child pornography on the darknet, saying on a blog, “So this is what Tør defends.” They referred to news about law enforcement shutting down sites selling illegal content. While this might sound like a good moral reason, many experts don’t believe it. Cyberattacks like this are usually about personal, political, or even financial gain and never ethical causes.
Some think the attackers used this issue as an excuse to justify their actions or distract people from their real motives, which are unknown. Whether it was a stealth attack against a Darknet Market or to block off election fraud is still unknown.
Andrew Morris, a cybersecurity expert from GreyNoise Intelligence, doubts the claim, saying, “Hackers don’t care about pedophiles.” He pointed out that carrying out such a complicated and technical attack takes a lot of skill and doesn’t match up with what a vigilante group would normally do. The timing of the attack, which was during the U.S. election period, also came with some suspicions. Many believe the true goal was to disrupt the Tor network for other reasons, not to take a stand against illegal activity.
Speculations on Timing and Motive
The timing of the attack on the Tor network raised eyebrows among cybersecurity experts. With the U.S. election taking place on November 5, some, like Andrew Morris, speculated that the attackers could have been trying to disrupt Tor usage during a critical period. Tor is often used by activists, journalists, and dissidents to bypass censorship and communicate securely, leading to theories that the attack may have been politically motivated. Morris suggested the attackers might have tried to stop secret communications or anonymous activity around the election, saying, “They didn’t want Tor to work in the days before and during the U.S. election.”
Quite a few other experts, challenged this idea, saying that this kind of motive doesn’t usually align with how the Tor network is typically used in the U.S. Steven Murdoch, a security expert and professor at University College London, pointed out that, unlike countries with heavy internet censorship, the U.S. does not rely on Tor to make sure the election is transparent or access to information. “Tor plays an important role in elections when there is internet censorship, but the U.S. doesn’t have this problem,” Murdoch explained. He added that there was no clear incentive for anyone trying to manipulate the election to focus on disabling Tor.
Instead, some experts thought it might be other motives which are unrelated to the election. The attack may have been a test of technical capabilities, an attempt to discredit Tor, or even a personal vendetta against the platform. The attack caused noticeable problems but only affected part of Tor’s system. This raises questions about whether it was a large-scale attack or meant to send a message. Even though Morris and Murdoch had different opinions about the motive, they both agreed the attack was complicated and required a lot of resources, showing the attackers likely had a clear purpose, even if it was still a mystery.
Technical Details of the Attack
The attack involved “spoofing” the IP addresses of Tor nodes, making it appear as though these servers were flooding the internet with malicious traffic. This led internet providers to shut down those IP addresses, taking them offline. Morris noted, “We know that it was done by somebody who had in-depth knowledge of how Tor operates.”
Gustavo Gus of the Tor Project, the Massachusetts-based non-profit group that maintains the anonymous software, reported that the attack temporarily shut down between 50 and 150 nodes. He shut down speculations on the identities or motives of the hackers but stated, “It doesn’t seem to be a nation-state attack.”
Impact on the Tor Network and Users
The attack on Tor just proved how vulnerable even well-established anonymity networks can be to these types of attacks. The temporary shutdown of 50 to 150 nodes naturally caused frustration for users who need Tor for safety and privacy, especially in countries with heavy internet security and censorship. For activists, political dissidents, and journalists, Tor provides a needed lifeline to communicate and share information without risking their safety. The Tor Project, in its blog post, condemned the attack, stating that it put the privacy and security of countless users worldwide, at risk, many of who depend on the network to try to avoid censorship.
While Tor does have many useful purposes, it’s also used for illegal activities on the darknet, which has led to criticism from law enforcement and governments. Andrew Morris acknowledged these issues but pointed out that Tor helps a wide range of users, like those discussing sensitive topics or whistleblowers revealing corruption in different aspects of society. The attack showed how much some people rely on Tor and how vulnerable they can be if it’s attacked. This raises important questions about how to balance protecting users’ privacy with holding people accountable for illegal activities.
Ongoing Investigations and Future Implications
The attack on the Tor network shows how even the most secure systems can be vulnerable. It’s a strong reminder that no platform is completely safe from being disrupted, especially those that protect privacy and free speech in today’s closely watched online platforms. The Tor Project and cybersecurity experts are working hard to find out who was behind the attack, improve the network’s security, and keep it available for people who rely on it, like whistleblowers and activists.
As the investigation continues, this event raises big questions about how cyberattacks are becoming more advanced and the need to make tools like Tor even stronger. Whether the attackers acted for ethical reasons or had other motives, the incident shows how important it is for developers, security experts, and advocates to work together. Protecting privacy and fighting censorship is crucial to ensuring these platforms stay dependable for the people who need them most.