Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Agora Dark Web market discovers suspicious activity on servers, pauses operations

Darlene Storm | Aug. 27, 2015
The Agora Dark Web market cited Tor Hidden Services security vulnerabilities that could allow de-anonymization attacks and temporarily shut down operations after detecting suspicious activity on its servers.

Largest online black market temporarily goes offline

Agora, the largest online black market on the Dark Web, is temporarily shutting down in response to “vulnerabilities in the Tor Hidden Services protocol which could help to deanonymize server locations.”

MIT and Qatar Computing Research Institute published research in July, showing how to launch successful de-anonymization attacks as well as how to prevent them. The research showed that resources to pull off such attacks are “much lower than expected.” Agora added, “In our case, we do believe we have interested parties who possess such resources.”

After “discovering suspicious activity around our servers which led us to believe that some of the attacks described in the research could be going on,” Agora has chosen to “pause operations.”

“We have a solution in the works which will require big changes into our software stack which we believe will mitigate such problems, but unfortunately it will take time to implement,” Agora said via a statement on Reddit as well as Pastebin, announcing the temporary shutdown of its marketplace. “We decided to move servers once again, however this is only a temporary solution.”

At this point, while we don't have a solution ready it would be unsafe to keep our users using the service, since they would be in jeopardy. Thus, and to our great sadness, we have to take the market offline for a while until we can develop a better solution. This is the best course of action for everyone involved.

The research referenced by Agora involves a circuit fingerprinting technique that could determine with a 99% accuracy if a Tor circuit was being used as “an ordinary Web-browsing circuit, an introduction-point circuit, or a rendezvous-point circuit. Breaking Tor’s encryption wasn’t necessary.”

The researchers were able to passively pull off circuit fingerprinting. MIT reported:

Furthermore, by using a Tor-enabled computer to connect to a range of different hidden services, they showed that a similar analysis of traffic patterns could identify those services with 88% accuracy. That means that an adversary who lucked into the position of guard for a computer hosting a hidden service, could, with 88% certainty, identify it as the service’s host.

The Tor Project blog said the research was “a well-written paper.”  The researchers’ proposed countermeasures to neutralize the attack were called “interesting,” by a Tor spokesman; he added, “We need more concrete proof that these measures actually fix the issue.”

Agora apparently is done waiting and intends to take action to mitigate the problem. “We shall do our best to clear all outstanding orders and we ask all of you users who have money on their accounts, withdraw them as soon as possible, because we don't want to be responsible for it during the time when the market will be offline.” There “might be some delays in payouts, since many people are expected to withdraw money at the same time, but we intend to resolve any such issues in the end.”

 

1  2  Next Page 

Sign up for Computerworld eNewsletters.