Experts from Georgetown University and the US Navy Research Laboratory presented an interesting report at the USENIX conference on the degradation of Tor network performance. DDoS attacks on Tor can be quite cheap.Researchers claim that Tor can be significantly damaged by simple DDoS attacks on TorFlow, Tor bridges, and specific nodes. Worse, such attacks can cost thousands or tens of thousands of dollars, which is ridiculous when it comes to “government hackers” or serious cybercriminal groups.
Of course, attacking the entire Tor network is a utopian idea. If we talk about DDoS, attackers will need to gain at least 512.73 Gbit/s capacity, and it will cost about 7.2 million dollars a month. However, according to researchers, such drastic measures are completely optional.
Instead, experts suggested attacking Tor bridges – special input nodes, the list of IP addresses of which is not publicly available, and therefore they cannot be easily blocked. Consequently, in the Tor browser, there is a list of predefined bridges, and settings can also be found on bridges.torproject.org. Bridges allow bypassing censorship in countries where authorities are actively prevent Tor usage.
Researchers write that currently, not all Tor bridges are operational (according to their information, only 12 of them are working), and a DDoS attack on them will cost only $17,000 a month. Nevertheless, even if all 38 bridges work, then an attack on them will cost only $31,000 a month.
Another possible attack scenario is DDoS aimed at TorFlow, a Tor network load balancer that distributes traffic to prevent overflow and slowdowns of some servers.
According to analysts, a long-term DDoS attack on TorFlow using publicly available DDoS services will cost only $2,800 per month. At the same time, the report said that high-precision simulation showed that such an attack would reduce the average client download speed by 80%.
The third attack scenario proposed by researchers is attacks on the most common type of Tor-servers – on specific Tor-nodes (relay). In this case, it is supposed to use not DDoS attacks, but use the problems of Tor itself, that is, logical errors to slow down the work and load time of the content. Such problems have been used for many years by attackers and competing hack groups, and Tor developers are struggling with such bugs as much as possible.
According to experts, attacks on specific .onion resources are also quite inexpensive. So, an attacker can increase the average load time of traffic on a particular site by 120% for only 6300 dollars a month or by 47% for only 1600 dollars a month.
“As you know, states sponsor DoS attacks, and the ease of use and low cost of our attacks suggest that the authorities can use them to undermine Tor’s work both in the short and long term. We believe that states can, for example, choose DoS as an alternative to filtering traffic, because Tor is constantly improving its ability to bypass blocking and censorship”, – the researchers write.
It is worse that, according to experts, their attack vectors can give better results compared to sybil attacks, the meaning of which is to intentionally infiltrate third-party nodes into the Tor network, which (if there are a lot of them) will allow attackers to collect metadata, sniff output nodes and even deanonymize users. That is, analysts are confident that they have found a cheaper and more reliable strategy for degrading the performance of the Tor network in comparison to attempts to deanonymize traffic.