Dec 03 2021

KAX17 threat actor is attempting to deanonymize Tor users running thousands of rogue relays

Category: AnonymousDISC @ 10:33 am

KAX17 ran relay servers in various positions within the Tor network, including entry and exit nodes, researchers at the Tor Project have removed hundreds of servers set up by the threat actor in October and November 2021.

In August 2020, the security researcher that goes online with the moniker Nusenu revealed that in May 2020 a threat actor managed to control roughly 23% of the entire Tor network’s exit nodes. Experts warned that this was the first time that a single actor controlled such a large number of Tor exit nodes. A Tor exit relay is the final relay that Tor traffic passes through before it reaches the intended destination. The Tor traffic exits through these relays, this means that the IP address of the exit relay is interpreted as the source of the traffic.  Tor Exit relays advertise their presence to the entire Tor network, so they can be used by any Tor user.

Controlling these relays it is possible to see which website the user connects to and, if an insecure connection is used, it is also possible to manipulate traffic. In May 2020, the threat actor managed to control over 380 Tor exit nodes, with a peak on May 22, when he controlled the 23.95% of Tor exit relay.

Nusenu told The Record that it has observed a recrudescence of the phenomenon associated to the same attacker.

“But a security researcher and Tor node operator going by Nusenu told The Record this week that it observed a pattern in some of these Tor relays with no contact information, which he first noticed in 2019 and has eventually traced back as far as 2017.” reads the post published by The Record. “Grouping these servers under the KAX17 umbrella, Nusenu says this threat actor has constantly added servers with no contact details to the Tor network in industrial quantities, operating servers in the realm of hundreds at any given point.”

KAX17 threat actor is attempting to deanonymize Tor users running thousands of rogue relays

Tags: Anonymity, Anonymous (group)


Mar 13 2011

Lessons from Anonymous on cyberwar

Category: cyber security,CybercrimeDISC @ 11:44 am

Cyberwar soldiers

Image via Wikipedia

By Haroon Meer
A cyberwar is brewing, and Anonymous reprisal attacks on HBGary Federal shows how deep the war goes

“Cyberwar” is a heavily loaded term, which conjures up Hollywood inspired images of hackers causing oil refineries to explode.

Some security celebrities came out very strongly against the thought of it, claiming that cyberwar was less science, and more science fiction.

Last year on May 21, the United States Cyber Command (USCYBERCOM) reported reaching initial operational capability, and news stories abound of US soldiers undergoing basic cyber training, which all point to the idea that traditional super powers are starting to explore this arena.

Recent activities with one government contractor and Anonymous, however, show clearly that cyber operations have been going on for a long while, and that the private sector has been only too ready to fill the cyber mercenary role for piles of cash.

To read the remaining article and Anonymous vs. HBGary




Tags: Anonymous (group), cyberwarfare, Haroon, Hollywood, Loaded language, Oil refinery, Organisation for Economic Co-operation and Development, United States Cyber Command