The group that allegedly took down Microsoft and Sony's gaming networks now says it's set its sights on a new target. Lizard Squad, which took credit for denial of service attacks that kept Xbox Live and PlayStation Network offline over Christmas, tweeted earlier today that it was going after the Tor encryption service.
To clarify, we are no longer attacking PSN or Xbox. We are testing our new Tor 0day.— Lizard Squad (@LizardMafia) December 26, 2014
Earlier today, Tor's service was flooded with new relays — the routers that users' data is passed between in order to make it untraceable — with the name LizardNSA. "Hi, do you guys still give away shirts for relay owners? We need about 3000," Lizard Squad bragged on Twitter. A member of Reddit's Technology board noted the influx, and security researcher Nadim Kobeissi posted a similar shot.
This is what the Tor network looks like right now. pic.twitter.com/0QQAGVTRRI— Nadim Kobeissi (@kaepora) December 26, 2014
Kobeissi, who developed the chat client Cryptocat, pointed to metrics that showed "LizardNSA" relays made up a significant part of the network. "Currently there's actually almost 10,000 relays, about 3,000 to 6,000 of those seem to be Lizard Squad's," he said over email. Theoretically, a group that controls enough of these nodes could track the traffic over them, compromising users' anonymity. The tactic of creating malicious relays isn't a new one; earlier this year, Tor reported that an unknown attacker had potentially captured some user data by setting up about 100 of them.
In a conversation on Twitter, Kobeissi and security researcher Frederic Jacobs expressed some concern, but the implications of all these new nodes aren't clear yet. "The attack won't be effective unless Lizard Squad's relays obtain enough consensus with the rest of the network, which is currently not happening due to the newness of the relays and their low bandwidth allowance," says Kobeissi. According to an explanation from Tor last year, new relays are initially capped at a very low bandwidth of about 20 KB/s, which means that they get "basically no use" for the first three days.
Lizard Squad, which supposedly halted its gaming network attacks after being offered gift vouchers by internet entrepreneur Kim Dotcom, has not elaborated on its intentions for Tor, although its Twitter bio currently reads "I cry when Tor deserves to die."
The Tor Project, meanwhile, doesn't seem all that worried. "This looks like a regular attempt at a Sybil attack: the attackers have signed up many new relays in hopes of becoming a large fraction of the network. But even though they are running thousands of new relays, their relays currently make up less than 1 percent of the Tor network by capacity," a spokesperson said, several hours after the nodes were added. "We are working now to remove these relays from the network before they become a threat, and we don't expect any anonymity or performance effects based on what we've seen so far."
Update December 26th, 7:40pm ET: Added statement from the Tor Project.