Logo

American Security Council Foundation

Back to main site

Alan W. Dowd is a Senior Fellow with the American Security Council Foundation, where he writes on the full range of topics relating to national defense, foreign policy and international security. Dowd’s commentaries and essays have appeared in Policy Review, Parameters, Military Officer, The American Legion Magazine, The Journal of Diplomacy and International Relations, The Claremont Review of Books, World Politics Review, The Wall Street Journal Europe, The Jerusalem Post, The Financial Times Deutschland, The Washington Times, The Baltimore Sun, The Washington Examiner, The Detroit News, The Sacramento Bee, The Vancouver Sun, The National Post, The Landing Zone, Current, The World & I, The American Enterprise, Fraser Forum, American Outlook, The American and the online editions of Weekly Standard, National Review and American Interest. Beyond his work in opinion journalism, Dowd has served as an adjunct professor and university lecturer; congressional aide; and administrator, researcher and writer at leading think tanks, including the Hudson Institute, Sagamore Institute and Fraser Institute. An award-winning writer, Dowd has been interviewed by Fox News Channel, Cox News Service, The Washington Times, The National Post, the Australian Broadcasting Corporation and numerous radio programs across North America. In addition, his work has been quoted by and/or reprinted in The Guardian, CBS News, BBC News and the Council on Foreign Relations. Dowd holds degrees from Butler University and Indiana University. Follow him at twitter.com/alanwdowd.

ASCF News

Scott Tilley is a Senior Fellow at the American Security Council Foundation, where he writes the “Technical Power” column, focusing on the societal and national security implications of advanced technology in cybersecurity, space, and foreign relations.

He is an emeritus professor at the Florida Institute of Technology. Previously, he was with the University of California, Riverside, Carnegie Mellon University’s Software Engineering Institute, and IBM. His research and teaching were in the areas of computer science, software & systems engineering, educational technology, the design of communication, and business information systems.

He is president and founder of the Center for Technology & Society, president and co-founder of Big Data Florida, past president of INCOSE Space Coast, and a Space Coast Writers’ Guild Fellow.

He has authored over 150 academic papers and has published 28 books (technical and non-technical), most recently Systems Analysis & Design (Cengage, 2020), SPACE (Anthology Alliance, 2019), and Technical Justice (CTS Press, 2019). He wrote the “Technology Today” column for FLORIDA TODAY from 2010 to 2018.

He is a popular public speaker, having delivered numerous keynote presentations and “Tech Talks” for a general audience. Recent examples include the role of big data in the space program, a four-part series on machine learning, and a four-part series on fake news.

He holds a Ph.D. in computer science from the University of Victoria (1995).

Contact him at stilley@cts.today.

Hackers Intercept Cryptocurrency Payments on the Tor Network Through SSL Stripping

Wednesday, August 26, 2020

Categories: ASCF News Cyber Security

Comments: 0

Hackers intercepted the Tor network by attaching malicious servers to perform SSL stripping attacks on cryptocurrency payments, an independent security researcher has revealed. The attacks targeted cryptocurrency-related traffic passing through the network.

The report by Nusenu says that Tor network users had a one in four chance of sending traffic through the compromised servers. At their peak operation around May 2020, the malicious group controlled about 380 Tor’s network exit relays. Tor responded by removing a huge chunk of the malicious servers from its network, but the full extent of the malicious operation remains unknown.

SSL stripping attacks on cryptocurrency payments through the Tor network

The attackers were “performing person-in-the-middle attacks on Tor users by manipulating traffic as it flows through their exit relays,” the report says. Profit was the primary motive for the Tor network takeover by the attackers who carefully targeted users accessing cryptocurrency-related websites through the Tor Browser or related software.

To execute the attack, the cybercriminals downgraded users’ requests from HTTPs to HTTP traffic which allowed them access to unencrypted cryptocurrency payments without triggering TLS certificate warnings. The malicious entities then replaced Bitcoin addresses with their destinations. The affected cryptocurrency payments took place through Bitcoin mixing services. Such transactions involve breaking cryptocurrency payments into small sums before sending them through different addresses. On reaching the destination, the funds are consolidated into a single amount. However, the Bitcoin address rewriting attacks allowed the hackers to intercept the small cryptocurrency payments and to reroute the payments to their wallets, thus stealing bitcoins without the users’ or the mixers’ knowledge.

Tor team faces challenges in verifying relay operators

Tor project team is facing verification challenges because of the current COVID-19 crisis which has affected the company’s resources due to worker layoffs. The low staff levels had affected the team’s ability to verify all relay operators on the Tor network, creating an opportunity for abuse.

The Tor network team has not been able to track trusted relay operators throughout their presence on the Tor network. Consequently, malicious operators could register as genuine providers before executing attacks.

Reasons for the success of SSL stripping attacks

The threat actors relied on users’ weaknesses in distinguishing between “https://” and “http://” on the Tor browser’s address bar. Additionally, most users rarely type the full address, hence exposing their requests to unsafe redirects. Website owners also fail to enforce HTTPS redirects, thus opening their websites to both encrypted and unencrypted access.

The Tor network team has advised webmasters to enable the HTTP Strict Transport Security (HSTS) functionality. Additionally, the group advised owners of unencrypted websites to install various free SSL certificates, such as the “Let’s Encrypt” certificate, to protect their customers from similar exploits.

Risk of similar attacks remains high

While the current exploit targeted cryptocurrency payments only, criminals could use similar tactics to target any traffic passing through the Tor network.

Similarly, the Tor network team has failed to remove the malicious servers entirely. Experts claim that up to 10% of the malicious relays remain within the Tor network. The independent researcher also believes that the malicious entities have adopted other tactics to target cryptocurrency payments within the Tor network while evading detection.

Photo and Link: https://www.cpomagazine.com/cyber-security/hackers-intercept-cryptocurrency-payments-on-the-tor-network-through-ssl-stripping/?utm_source=ActiveCampaign&utm_medium=email&utm_content=Hackers+Intercept+Cryptocurrency+Payments+on+the+Tor+Network+Through+SSL+Stripping&utm_campaign=Weekly+Highlights

Comments RSS feed for comments on this page

There are no comments yet. Be the first to add a comment by using the form below.