The developers of Tor, the software that tries to mask netizens' identities on the internet, have downplayed the arrival of 3,000 new relays – which are courtesy of a gang of mischief-makers.
Tor Project members say the flood of nodes will largely be ignored by the network.
The relays were seemingly introduced by Lizard Squad – which earlier claimed to have ruined Christmas Day for gamers by knocking Xbox Live and the PlayStation Network offline. On Friday, the squad turned its attention to Tor: it insinuated on Twitter that it had added at least 3,000 relays, which bounce connections around the world to hide users' public IP addresses, to the network.
And with that, a few thousand "LizardNSA" relays appeared, with IP addresses assigned to Google's cloud engine; this suggested someone went a bit nuts with a $500 coupon, or stole some credit cards, and spun up a shedload of tiny virtual machines running Tor, or similar.
This is what the Tor network looks like right now. pic.twitter.com/0QQAGVTRRI— Nadim Kobeissi (@kaepora) December 26, 2014
It was feared the influx of relays, controlled by a single group, could be used to trace users' connections through the network and de-anonymize them. However, as per the Tor specification, the new nodes are given little weight by the systems governing the network – meaning netizens are highly unlikely to encounter them, we're told. And, in any case, the new relays are now being blacklisted, so clients won't use them.
3000 relays, 0.2743% of the Tor network. I can't even be bothered to dredge up the golf clap gif for LizardTeam.— Eva (@evacide) December 27, 2014
In a statement in the past few minutes, the Tor Project tweeted:
This looks like a regular attempt at a Sybil attack: the attackers have signed up many new relays in hopes of becoming a large fraction of the network.
But even though they are running thousands of new relays, their relays currently make up less than 1 per cent of the Tor network by capacity. We are working now to remove these relays from the network before they become a threat, and we don't expect any anonymity or performance effects based on what we've seen so far.
Earlier, Lizard Squad had claimed it was testing out an alleged zero-day vulnerability in the Tor service, and then later said it was null-routing traffic reaching its relays. Each of the nodes is capable of carrying little bandwidth, though, further driving down their weighting in the network. ®
Sponsored: Webcast: Ransomware has gone nuclear