Bug And DDoS Attacks Are Crippling Onion Webites On The Tor Network

Tor bug

People visit the dark web to do many things. Among others, people visit the dark web to buy an sell things that aren't available (legal) on the surface web.

And here, many onion sites are down because a bug prevents them from preserving the "live" status on the "consensus". This happened as the Tor network in general, or the network that powers the dark web, is unstable due to uncontrolled DDoS attacks that attack some dark web websites.

Apparently, the attacks that have been going on since January 6, 2021, quickly escalated to overwhelming the (HSDir) nodes of the Tor network, resulting in an inability to connect to 'V3' onion sites.

A large number of of those websites have been affected, some of them are even struggling as they are left offline for more than 12 hours.

Naturally, downtimes on the Tor network will affect a large number of onion websites, including some Bitcoin services.

Due to the unreliable network, some dark web services launched temporary V2 and V1 of their onion domains to return online, while the Tor Project team was racing for a fix.

The Tor Network is an open-source network that allows anybody to join with their computer using a free software.

Once part of the network, users will have their data routed between different nodes before reaching its destination, encrypting it so no one can trace the data back to the users.

To ensure that nodes know which of the volunteers are available, there are nine privileged Tor directory servers, plus one “consensus” server.

These servers are distributed around the world and run as independently as possible, in order to make it difficult for anyone to take them over.

Every time the Tor Browser or client is ran, they will ping them at startups. And on every hour, these directory servers will vote on the state of the network, keeping each other informed about which node to fulfill which function, which nodes behave poorly, or to know which nodes have been deemed malicious and need to be kicked off the network.

The explanation regarding why V3 onion domains were affected by the attack while previous versions weren’t, is because the newer versions has a bug in the service implementation.

This caused the dropping of the “live” state of the consensus, even though that the state is still valid.

And because after a few hours and rounds, the consensus will enter a status that marked it as no longer "live", services will stop publishing descriptors, stopping clients from fetching them.

The network couldn't come to a consensus about the state of the network, makes the Tor's hidden services unreachable, and for some, can even make the Tor browser to give an error message during startup.

Tor agent

It has been long known that the Tor-powered dark web is far less reliable that the surface web. And this issue is making things even worse.

The successful attack on the Tor Network has made some services to think twice before having or moving their networks to Tor, with fear of availability issues.

What's more, the weakness may inspire researchers to invent a more decentralized network that relies less, or not at all, on consensus models.

At this time, it's unclear who is culprit behind the attacks, although that it seems unlikely that error or the bug alone is to blame.

Defending such complex Tor network against DDoS attacks is tedious, but Tor know that despite the network has grown, securing it is possible.

One of the options for example, is by increasing the capacity and bandwidth of the consensus nodes. Creating multiple mirrors of the data and “private” backchannels could also be a solution.

At this time, the team at Tor is testing the “Alpha” version of Tor (