- SMB Spotlight
Kaspersky Lab researchers have detected a boom in criminal activity on the anonymous Tor network.
Senior security researcher at Kaspersky Lab Sergey Lozhkin reported the spike in a blog post, revealing that an average of 900 hidden, criminal services are running on Tor.
"Over the last few months I have been closely monitoring so-called dark net resources, mostly the Tor network. And one thing that is immediately obvious is that the cyber criminal element is growing," read the post.
"We managed to find approximately 900 hidden services online at the current time. There are also approximately 5,500 nodes in total and 1,000 exit nodes, but the possibility of creating an anonymous and abuse-free underground forum, market or malware command and control (C&C) server is attracting more and more criminals to the Tor network."
Tor is a free service designed to let people hide their internet activity. It does this by directing internet traffic through a volunteer network of relays that conceal the user's location and web activity.
David Emm, Kaspersky Lab's senior regional researcher, told V3 that the hidden operations included a number of malicious criminal enterprises.
"They're using Tor to host malicious infrastructure and to sell malware services – botnets, malware toolkits, credit cards, carding and skimming equipment – and to launder money," he said
Lozhkin highlighted campaigns such as the recently discovered Zeus Tor Trojan and ChewBacca malware as key threats hiding in the Tor network and proof that criminals are investing more resources to develop their attacks.
"A quick look at Tor network resources reveals lots of resources dedicated to malware – C&C servers, admin panels, etc. Hosting C&C servers in Tor makes them harder to identify, blacklist or eliminate," read the post.
"Cyber criminals have started actively using Tor to host malicious infrastructure. We found Zeus with Tor capabilities, then we detected ChewBacca and finally we analysed the first Tor Trojan for Android."
Security firm RSA discovered the ChewBacca malware stealing customer card details and personal information from "several dozen" retailers in January.
Emm said the success of Tor-based malware, such as ChewBacca, means criminals will inevitably continue to invest in the network.
"The anonymity offered by Tor is attractive to cyber criminals, so it's likely that its use will grow in the future – notwithstanding the greater work required to create a Tor communication module within malware," he said.
Combating crime on the anonymous Tor network has been an ongoing battle for law enforcement and security vendors. The FBI had some luck with its anti-Tor crime efforts in August 2013, when it successfully exploited a flaw in Tor to shut down a child pornography ring.