The Agora dark web drug marketplace has shut down after suspicious server activity indicated that the anonymising features of Tor used to protect users may have been compromised.
The owner of Agora said in a statement posted to the dark web and mirrored on Reddit that new research shows that vulnerabilities in Tor can leave users at risk by “de-anonymising” their server location.
“We have recently been discovering suspicious activity around our servers which led us to believe that some of the attacks described in the research could be going on, and we decided to move servers once again. However, this is only a temporary solution,” the statement reads.
“Most of the new and previously known methods require substantial resources to be executed, but the new research shows that the amount of resources could be much lower than expected, and in our case we believe we have interested parties who possess such resources.”
The research in question, conducted by MIT, successfully demonstrated a vulnerability in the design of Tor. The research found that an attacker can identify a hidden server location, or the source of the information passing through the Tor, by analysing the traffic pattern of encrypted data running through the volunteer computers that make up the network.
Agora administrators have decided to shut down rather than risk the possibility of its users being identified.
“We have a solution in the works which will require big changes to our software stack which we believe will mitigate such problems, but unfortunately it will take time to implement,” the administrator said.
“It would be unsafe to keep our users using the service, since they would be in jeopardy. Thus, and to our great sadness, we have to take the market offline for a while until we can develop a better solution. This is the best course of action for everyone involved.”
David Goulet, a developer with the Tor project, told MIT News that the flaw is a significant problem for the hidden service.
“[The research paper] showed that it’s possible to do it passively, but it still requires an attacker to have a foot in the network and to gather data for a certain period of time,” he said.
“We are considering their countermeasures as a potential improvement to the hidden service. But I think we need more concrete proof that it definitely fixes the issue.”
Security expert Graham Cluley said in a blog post that it’s “no surprise that a lot of people have been interested in determining whether Tor is really as secure as it promises”.
“Although there are undoubtedly legitimate uses for Tor (for instance, in countries with oppressive regimes which restrict internet access), it’s clear that the technology is also used by online criminals to keep their activities beyond the reach of the law,” he added.
Popular dark web drug marketplace The Silk Road was seized by the FBI in 2013, and its administrator, Ross Ulbricht, who went by the title Dread Pirate Roberts, was sentenced to life in prison.