In this post I want to give you an update on the malicious Tor relay situation for the first seven months of 2020 by looking at a single large scale malicious actor that is of ongoing concern. It demonstrates once more that current checks are insufficient to prevent such large scale attacks.
The Scale of the malicious Operator
So far 2020 is probably the worst year in terms of malicious Tor exit relay activity since I started monitoring it about 5 years ago. As far as I know this is the first time we uncovered a malicious actor running more than 23% of the entire Tor network’s exit capacity. That means roughly about one out of 4 connections leaving the Tor network were going through exit relays controlled by a single attacker.