Peeling the Onion: How the FBI Hacked TOR

The FBI and other international law enforcement agencies recently scored a big coup in Operation Onymous.  They managed to track down and shutter over 410 services running 27 dark web markets including the notorious Silk Road 2.0.  These operations were all running on the “Dark Web” and using TOR (The Onion Router) and it’s huge network of proxy servers to obscure their Internet address and hide the physical location of their illegal operations from discovery.

And yet they were, in fact, discovered.  How this happened has the non-profit group The TOR Project scratching their heads about just how it happened.  The FBI has been notoriously tight lipped about this, and two researchers from Carnegie Mellon University who were scheduled to speak at Black Hat 2014 canceled their presentation about their experiences breaking TOR.

Why should we care?  After all, a bunch of cyber-criminals being brought to justice is a good thing, right?  Well TOR is a tool that many people use to remain hidden while online.  This includes political dissidents in countries where to dissent is punishable with prison or even death.  Not to mention those of us who simply don’t want to be tracked, found, or harassed for holding unpopular opinions or political beliefs.

It appears that the Feds were successful on several fronts.

  • TOR relays had been seized by government officials in several countries, including three systems that were used as exit nodes.
  • Other attacks on the TOR network, in an effort to map services with physical locations.
  • Many of the dark web sites were attacked using SQL injection exploits and were vulnerable because the creators had not subjected their sites to standard security practices.  In other words, they were  hastily built, poorly coded, and therefore easily hacked.
  • Bitcoin transactions, which are supposed to be untraceable, were analyzed in such a way that Bitcoin handles (user names) were able to be paired with originating IP addresses.

It appears that the cyber-criminals were largely victim of their own lack of proper operational security.  In this way the fell victim in a similar fashion as an average user falls victim to a phishing email or through use of weak passwords.  Seems kind of ironic really.

For more on this subject:

Sophos: Tor Project puzzles over how the law shredded anonymity in Operation Onymous
Wikipedia:  Operation Onymous
New Web Order: Nik Cubrilovik
I was going to link to the Europol site, but oddly enough there was a certificate error which made this link appear to be dangerous.  Oh well…


About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.