A dark market website that relies on the Tor privacy network to keep its operators anonymous is temporarily shutting down amid concerns attackers are exploiting a newly reported weakness that can identify server locations.
As Ars reported last month, the technique requires the adversary to control the Tor entry point for the server hosting the hidden service. It also requires the attacker to have previously collected unique network characteristics that can serve as a fingerprint for that particular service. Still, once that bar is met, the attack has an 88-percent accuracy rate. Hidden services are sites that are accessible only from within the Tor, which conceals IP addresses of servers and users.
"We have recently been discovering suspicious activity around our servers which led us to believe that some of the attacks described in the research could be going on and we decided to move servers once again," operators of Agora, a hidden service that markets everything from illicit drugs to unlicensed firearms, wrote in various online forums, including this post on Pastebin. "However, this is only a temporary solution."