In a blog post, Tor itself confirmed, someone snooping on TOR users, which actually meant only to DeAnonymize tor users, On July 4 2014 we found a group of relays that we assume were trying to DeAnonymize users. They appear to have been targeting people who operate or access Tor hidden services. The attack involved modifying Tor protocol headers to do traffic confirmation attacks, post reads.
So, now the question is who is that group or country or a hacker which is actually trying to DeAnonymize the Anonymous Network Tor, I think that all of them trying to hack the anonymity of TOR.
In the blog post, it was described that there were 115 MALICIOUS ToR RELAYS that WERE DE-ANONYMIZING USERS, finally Tor team found that on July 4 and removed them from the network same day.
It is not yet clear, what was affected from the service, but the attack looked for users who fetched hidden service descriptors.
Attackers likely were not able to see any application-level traffic (e.g. what pages were loaded or even whether users visited the hidden service they looked up). The attack probably also tried to learn who published hidden service descriptors, which would allow the attackers to learn the location of that hidden service.
Which version is affected?
Users running version 220.127.116.11/16 or 18.104.22.168/16 for over 5 months this year are affected. Malicious relays were trying to de-anonymize Tor users who visit and run so-called hidden services on Deep Web i.e. “.onion”.
Recently, Russia has offered $110,000 to one, who can break ‘TOR’ Anonymity. Well, this and so many reasons could be behind this Tor Hack, as everyone is now moving forward to crack the Tor, as NSA in its spying program PRISM tried to crack it, but failed.
Two Hackers also going to DeAnonymize the anonymity of TOR live at Black Hat 2014, which is going to held next month on Las Vegas.
Update: TOR experts found that the attacking relays joined the network on January 30 2014.