Tor Finally fixed a bug that annoyed of DDoS

Launching DDoS attacks against dark web sites could soon be a little more difficult to pull off now Tor Project is preparing to fix a bug that has been abused by attackers for years.

A bug that annoyed for so many years . The bug itself is a denial of service (DoS) issue that an attacker can exploit to initiate thousands of connections to a targeted dark web site. 

The remote Onion service needs to negotiate a complex circuit through the Tor network to secure the connection between a user and the site’s server. As this process is very CPU resource intensive, initiating thousands of these connections can quickly overload a site’s server to the point where it can’t accept any new connections.

This is known and Tor Developers not released any patches or fix to overcome this obstacle

“The attacks exploit the inherent asymmetric nature of the onion service rendezvous protocol, and that makes it a hard problem to defend against. During the rendezvous protocol, an evil client can send a small message to the service while the service has to do lots of expensive work to react to it. This asymmetry opens the protocol to DoS attacks, and the anonymous nature of our network makes it extremely challenging to filter the good clients from the bad.”

To make matters worse, a tool named Stinger-Tor was uploaded to GitHub more than four years ago which allows anyone to carry out a DoS attack on a Dark Web site just by running a Python script. There are other tools like this one out there that exploit the bug in Tor and cyber crime groups have been selling them on underground forums.

Members of the Dread community have been encouraging users to donate to the Tor Project. These donations seem to have done the trick as developing a fix for this vulnerability is now being prioritized. The proposed fix won’t completely deal with the issue but it will make DoS attacks less effective against Dark Web sites.

The fix is scheduled to arrive with the upcoming Tor protocol 0.4.2 release and it should make things a bit easier for sites running on the Tor network.

Stolen data sold in Dark Web

Dark Web

A hacking group has started to flood a dark web hacking marketplace with databases containing a combined total of 73.2 million user records over 11 different companies.

For the past week, a hacking group known as Shiny Hunters has been busy selling a steady stream of user databases from alleged data breaches.

It started last weekend with Tokopedia, Indonesia’s largest online store, where a database of over 90 million user records was being sold.

Soon after, Shiny Hunters began selling a database of 22 million user records for Unacademy, one of India’s largest online learning platforms. .

On Wednesday, Shiny Hunters continued their rampage by claiming to hack into Microsoft’s GitHub account earlier this year and leaking files from the company’s private source code repositories.

Microsoft GitHub account breach

While Microsoft has not officially admitted that their GitHub account was breached, sources have told BleepingComputer that the shared data was indeed private repositories only accessible to Microsoft employees.

Now selling user records from 11 data breaches

Earlier this week,told by cyber intelligence firm ZeroFox that Shiny Hunters had begun selling databases for the meal kit delivery service HomeChef, photo print service ChatBooks, and Chronicle.com, a news source for higher education.

Chatbooks breach

With the three databases combined, there are a total of 26 million accounts being sold with prices for each database ranging between $1,500 and $2,500.

Soon after reporting on these breaches, ChatBooks started sending data breach notifications to their users.

Last night, cyber intelligence firm Cyble told that Shiny Hunters had started to “flood the market” with new data breaches from other companies, bringing the total amount of user databases being sold to 11.

From samples of user records seen by BleepingComputer, the data breaches look legitimate, but they have not been 100% confirmed.

Sample user database being sold


After being told about the new databases being sold, BleepingComputer had contacted the affected companies but has not heard back yet.

To be safe, if you have an account at any of the sites listed above, it is strongly suggested that you change your password to a strong and unique one used only at that site.

If the same password has been used at other sites, change your password to a unique one there as well.