Karlstad University researchers Philipp Winter and Stefan Lindskog monitored 1,000 Tor exit relays for four months and found 25 evil exit relays. "These exit relays engaged in various attacks such as SSH and HTTPS MitM, HTML injection, and SSL stripping."
They used a Python-based exit relay scanner to determine that someone in Russia running exit relays was spying on Facebook users as well as Tor users browsing other sites. The attacker issued a fake and malicious digital certificate in order to engage in man-in-the-middle (MitM) attacks. They found two exit relays that interfered with network traffic because of DNS censorship, basically meaning they blocked pornography, and one that was misconfigured.
Tor maintains a list of known bad Tor relays, but Spoiled Onions listed "all malicious or misconfigured exit relays we discovered since September 2013." The researchers wrote that while the list might appear scary, "it is important to understand that these are merely 25 out of more than 1,000 relays over four months!" That is "a very small fraction which means that Tor users are not likely to encounter many such relays 'in the wild'. Furthermore, Tor's path selection algorithm prefers faster relays over slower ones;" so since the malicious exit relays "contributed little bandwidth," then very few Tor users probably used them.
And even if you, as a user, happen to select a malicious exit relay, it doesn't mean that everything is lost. TorBrowser ships with extensions such as HTTPS-Everywhere which are able to foil some HTTPS-based attacks. Finally, all of the attacks we found are of course not limited to the Tor network. You might very well be more exposed to these attacks on any public WiFi.
On the Tor Project blog, the researchers wrote, all the security best practice knowledge "you already know from Firefox or Chrome also applies to TorBrowser.
In particular, I'm referring to Firefox' warning page you might see every now and then. It says something along the lines of 'This Connection is Untrusted' or 'This is not the site you are looking for'. These warning pages should tell users that the connection to the site isn't quite right."
Sign up for CIO Asia eNewsletters.