The Growing Problem of Malicious Relays on the Tor Network

In autumn 2019 I stumbled on something odd: Tor relays doing something that the official tor software is unable to do. This is intentionally vague to avoid giving away the detection methodology to the adversary. This new detection technique combined with other methods resulted in the discovery of a large long-running suspicious relay group. For the first time since looking for malicious relays an actually worrisome and non-trivially discoverable group that has been running relays since before 2017 was uncovered (initially, at least some of their relays).

The Growing Problem of Malicious Relays on the Tor Network