Agora Black Market fearing Tor vulnerabilities goes down

Agora black marketplace announced Tuesday evening that it will go temporary offline fearing the exploitation of the Tor flaws recently discovered.

Operators of principal black markets are concerned about the real level of anonymity offered by the Tor network after the discovery of critical vulnerabilities affecting the anonymizing system.

The administrators of the Agora black market, one of the most important dark marketplaces, has decided to shut down and move its operations elsewhere because the flaws in the Tor network that could be exploited by law enforcement to track buyers and sellers.

On the Agora black market it is possible to purchase several illegal products, the majority of its sales are related to drugs.

In July, security experts at the Massachusetts Institute of Technology (MIT) revealed how to successfully attack Tor servers in order to de-anonymize location of hidden servers.

Researchers from the MIT have discovered a vulnerability in Tor, which lead the identification of hidden services with up to 88 percent accuracy.

The team of experts composed of researchers from MIT and the Qatar Computing Research Institute (QCRI) will present their work at the next Usenix Security Symposium.

The discovery is disconcerting, the researcher demonstrated how to unmask Tor hidden services in the Tor Network by analyzing the traffic patterns of encrypted data passing through a single machine in the Tor network.

Due to the presence of these flaws in the Tor network, the administrators of Agora are inviting their users to avoid using the platform and are warning sellers of the illicit goods “to abort any orders that haven’t been sent out or processed yet.”

In other words, the operations will be shut down for now, because the operators behind the popular marketplace are planning to move the platform far from the Tor network. They announced that are already working to another solution to secure the users of the platform. It was confirmed that the data of the platform would be accessible when Agora will be reopened.

“We have a solution in the works which will require big changes into our software stack which we believe will mitigate such problems, but unfortunately it will take time to implement,” the Agora admin wrote. “Additionally, we have recently been discovering suspicious activity around our servers which led us to believe that some of the attacks described in the research could be going on and we decided to move servers once again, however this is only a temporary solution.” explained the administrators with a message posted both to the market site and to the “darknetmarkets” Reddit forum.

In June, the users of the popular Agora Dark Market have been targeted by unknown crooks who sent them malicious java script exploit that tries to steal their Bitcoin.

The fraudsters sent them malicious messages trough their PM system, the messages contain a malicious java script exploit that was designed to drain the Bitcoins from the victim’s wallet.

“Immediately after I clicked to open the page, tons of Agora tabs opened up saying “Unable to withdraw amount: 1.0000000”, “Unable to withdraw amount: 2.0000000″, etc. and there were like at least 20 pages with different amounts. 2.0, 0.5, etc. Luckily I had only like $20 in my account.” reported one of the victims in a discussion started on Reddit.

The following image was reported by the popular deepdotweb.com:

When Agora users click the link in the message, the malicious JS code tries to exploit a CSRF vulnerability in the Dark Market to steal users fund from Agora’s wallet as well as changing the users PGP key and reset his PIN code.

Stay Tuned

Pierluigi Paganini

(Security Affairs – Agora, Tor Network)