Censorship and Sybil Attacks Threaten Tor | Avast

Anonymity service Tor has been blocked by the Russian government and impersonated by an unknown bad actor. Russia’s Federal Service for Supervision of Communications, Information Technology, and Mass Media, known as Roskomnadzor, blocked the main Tor site last week, cutting off the service from about 300,000 active Tor users in the country. Roskomnadzor claimed the sharing of illegal content was the reason for the block. “This is equivalent to banning the internet because people share illegal content,” commented Avast Security Evangelist Luis Corrons. “We all agree that certain types of contents can be illegal – child pornography being a good example – and what authorities have to do is to enforce law and prosecute those violating it, not ban a tool that provides anonymity and is widely used by citizens in certain countries trying to protect themselves from authoritarian governments.”

Tor maintains its anonymity guarantee by working through relay nodes, and researchers have found that a bad actor has set up hundreds of malicious Tor relay nodes that have been active since 2017. If a user’s traffic passes through one of the malicious nodes, privacy is compromised. Because the camouflaged nodes pretend to have a different identity, this type of attack is known as a Sybil attack, named after the 1970 TV movie about a woman with 16 different personalities. For more on this story, see Ars Technica.

China tries Covid misinformation campaign on Meta

Meta took down 524 Facebook accounts, 20 Facebook pages, four Facebook groups, and 86 Instagram accounts as part of an investigation on an influence operation allegedly launched by the Chinese government to spread misinformation on Covid research. The campaign centered around a Swiss biologist named Wilson Edwards who claimed that the U.S. was pressuring World Health Organization scientists studying the origins of the virus. According to the Swiss Embassy in Beijing, Wilson Edwards does not exist. Upon that announcement, Meta took down the posts and began an investigation. For more, see The Verge.

Ransomware affiliate arrested in Romania

A 41-year-old suspect has been arrested in Craiova, Romania for their alleged participation in international ransomware campaigns. The arrest comes at the end of a joint investigation by Europol, the FBI, and Romanian authorities. One of the the targets in this ransomware campaign was a large IT company that delivers services in the retail, energy, and utilities sectors. Authorities have not yet released the suspect’s name. The suspect is considered a “ransomware affiliate,” which means that instead of creating ransomware, they rent it. For more on this story, see The Record.

Tighter rules proposed in U.K. Online Safety Bill

As the U.K. government considers the proposed Online Safety Bill, a new parliamentary report is calling for stricter rules and the addition of specific scams and offenses. For instance, if a social media platform is found guilty of an offense, the report calls for a named senior manager at the company to be personally liable for the offense in court. The 191-page report also suggests that all pornography sites need to ensure that childlren cannot access them, that paid advertising scams, as well as fake ads, are covered in the bill and that “the potental harmful impact of algorithms is also covered. The bill is expected to reach Parliament in early 2022. For more, see BBC News.

Billions of Wi-Fi and Bluetooth chips have coexistence bugs

Researchers have proved that it is possible to extract passwords and manipulate traffic on a Wi-Fi chip by targeting the device’s Bluetooth component. Though Wi-Fi and Bluetooth are two separate services on the device, they share the same resources, such as the antenna or wireless spectrum. Using multiple flaws in chip architecture and protocols, those shared resources can be used as a bridge to launch lateral attacks that include code execution, memory readout, and denial of service. Because the “coexistence bug” takes advantage of the chip’s physical architecture, the threat will exist until new chips are created. In the meantime, Bleeping Computer suggests that users delete unnecessary Bluetooth device pairings, remove unused Wi-Fi networks from the settings, and use cellular instead of Wi-Fi in public places. 

This week’s ‘must-read’ on The Avast Blog

When it comes to cybersecurity trends and threats, what can we expect to see in the new year? Tune in as Avast experts predict and warn of audio deepfakes, optimized ransomware campaigns, and crypto malware in 2022.