Dark website Agora closes over Tor vulnerability suspicions

News by Robert Abel

Agora, one of the largest online black market sites, halted operations after concerns arose of vulnerabilities in Tor's hidden services.

Agora, one of the largest online black market sites, halted operations after concerns arose that vulnerabilities in Tor's hidden services could lead to its servers being located.

The concerns stem from a Massachusetts Institute of Technology (MIT) study, released last month, detailing how certain attacks could expose servers, according to published Reports.

“We have recently been discovering suspicious activity around our servers which led us to believe that some of the attacks described in the research could be going on,” Agora's administrators said in a message originally posted to Agora's dark web home and then reposted to Reddit.

Administrators said they are moving their servers and would remain offline until all problems are mitigated. The statement also said that they would do their best to clear all outstanding orders and recommended that all users to withdraw money from their accounts.

A Tor Project spokesperson told SCMagazine.com via email correspondence Thursday that they are not in communication with Agora and so are unsure of their reasoning.

“There are known theoretical and research attacks against hidden services, but little demonstration of their value in practice, and the entire area needs more research and development,” the spokesperson said.

Tor Project added, "that none of the known attacks against the hidden services apply to Tor Browser users."

This article was first published by our sister publication SC Magazine.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming event 

Webcast: Understanding this year's biggest adversaries - and how to combat them 

Nation-state activity, versatile, slippery strategies and Big Game Hunting - the threats are real, dangerous and ever changing. 
Brought to you in partnership with Crowdstrike