It appears as if there are malicious tor nodes in the wild, which are designed to spy on darknet sites. Ever since Tor was created, it became apparent keeping the entire network safe at all times would be a monumental task. With users running individual nodes on the network, it is hard to determine what their ulterior motives are.
Bad exit nodes on the Tor network are nothing new under the sun, as they have been around for quite some time now. What such a node allows users to do is sniff network traffic routed through these connections. Back in 2014, researchers uncovered a total of 25 different bad nodes, all of which managed to decrypt web traffic.
Interestingly enough, this research also indicated how it appeared Russian entities were involved in setting up these bad Tor nodes. But it looks like exit nodes are not the only types of connections being targeted. Ordinary nodes can show malicious behavior as well, which makes Tor traffic less private than it is supposed to be.
So far, there have been over 100 regular Tor nodes identified as acting maliciously. Do keep in mind this is still a small number compared to the over 3,100 modes using the HSDir flag. What such as HSDir flag does is allow for removing the logging of services themselves, as well as ensure deep web addresses remain undiscovered.
But as it turns out, there are a fair few service directories spying on deep web sites. So-called “honeypots” do not appear malicious from the outside, albeit they will ensure website traffic is logged. With this information, honeypot owners can identify addresses websites which are not found through conventional means.
But these nodes can be far more dangerous than just acting as a directory filled with log files. Several nodes were identified to be aggressively probing the Tor network. It is not unlikely the node owners use various exploits to take over particular services. It is possible the majority of these malicious Tor nodes belong to law enforcement agencies, albeit that cannot be concluded with absolute certainty at this stage.
Image credit 1
If you liked this article follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin and altcoin price analysis and the latest cryptocurrency news.
Ethereum developers have officially named the network’s post-Glamsterdam 2026 upgrade Hegota. The name merges two…
TRON is pushing deeper into real-world financial infrastructure. TRON has announced that Kalshi, the world’s…
The “crypto Robin Hood” story has reached its legal end. A London court has sentenced…
$NEAR is now live on Solana. And the implications go far beyond a simple token…
Bitcoin moved fast. Then it pulled back just as quickly. A sudden surge pushed BTC…
Hyperliquid is facing one of its most consequential governance moments yet. A proposal now before…
