Tor Project
warned users that it had discovered a group of relays it believes were attempting to reveal their identities. Tor says people who used the system between February and July "should assume they were affected."
The extent of the attack remains unclear.
"We know the attack looked for users who fetched hidden service descriptors, but the attackers likely were not able to see... what pages were loaded, or even whether users visited the hidden service they looked up," Tor's blog said.
Tor said it was also unsure about "how much data the attackers kept" or whether the intruders "aided other attackers in de-anonymizing users."
Gizmodo
reports Tor believes the attack was carried out by researchers at Carnegie Mellon University's
Computer Emergency Response Team (CERT), which works with government, corporations, law enforcement and academia to "develop advanced methods and technologies to counter large-scale, sophisticated cyber threats."
"The majority of our work contributes to government and national security efforts," says CERT's website.
CERT, in turn, is a division of Carnegie Mellon's Software Engineering Institute (SEI), which is funded mainly by the US Department of Defense.
When asked about Tor's allegations, SEI researcher Alexander Volynkin
said, "Unfortunately, I cannot comment."
Tor says CERT researchers have unexpectedly cancelled a highly-anticipated talk scheduled for the upcoming
Black Hat Internet security conference in Las Vegas. This has fueled speculation about CERT's role in the Tor attack.
"If this attack was in fact related to the research done by CERT for Black Hat, then judging by the abstract the researchers wrote for their presentation, the attack did successfully de-anonymize users hidden services," Tor Project advocate Runa Sandvik told Gizmodo.
Tor was the preferred mode of covert communication used by National Security Agency whistleblower
Edward Snowden as he leaked a massive trove of classified US documents detailing NSA spying on Americans and foreigners.
The NSA, with assistance and funding from the US State Department, has been
working to undermine the anonymity of Tor users since Snowden's revelations began making worldwide headlines last year.
Leaked NSA documents
prove the agency has logged the IP addresses of many Tor users. The NSA may have also spied on emails of international users, with the exception of people in the so-called "Five Eyes" intelligence alliance comprised of the United States, Canada, Britain, Australia and New Zealand.
One of the leaked documents details an NSA presentation titled
"Tor Stinks," in which the agency states, "we will never be able to de-anonymize all Tor users all the time," but "with manual analysis we can de-anonymize a very small fraction of Tor users."
Tor has advised users to use a version that is no longer vulnerable to attack. The network has recommended
upgrades that can help protect users.
