Over the past seven months, the anonymous messaging platform Tor has experienced various types of distributed denial of service (opens in a new tab) (DDoS) causing downtime and slowdowns for users, the company has revealed.
In company blog post (opens in a new tab)Tor Project Executive Director Isabela Dias Fernandes said the attacks were sometimes so severe that users experienced slow page loading or, in more extreme cases, pages not loading at all.
She added that project engineers are “working hard” to fix the problem, but also added that methods and goals change over time, forcing the project to adapt as attacks continue.
I2P also attacked
So far, no one has come forward to take responsibility for the attacks, and Tor has been unable to determine the identity or motives of the attackers. “We will continue to increase and improve security on the Tor network to combat this problem,” Fernandes concluded.
While Tor may not know who is behind the attacks, users suspect nation states may have something to do with it, mainly because another similar project is experiencing similar aggravating circumstances.
Beeping Computer also reported that the Invisible Internet Project (I2P) peer-to-peer network has also been the target of heavy DDoS attacks for at least three days. The attacks forced some i2pd routers to crash due to out of memory errors, rendering the service poor or completely unusable for some users.
“As you already know, the I2P network has been the target of a denial of service attack for the last ~3 days. The attacker is flooding the network with malicious floodfill routers that respond incorrectly or not at all to other routers and feed the network false information,” the project announced in a Reddit thread.
“This causes performance and connectivity issues because floodfills provide peer-to-peer information to network participants. The result is a form of sybil attack that is used to cause a widespread denial of service. This attack degraded network performance but remains intact and usable. Java I2P routers still seem to handle issues better than i2pd routers. Various mitigations should appear in the developer builds of both Java and C++ routers next week.
By: Beeping Computer (opens in a new tab)