The 'Sybil' attack was an attempt to insinuate a block of 115 relays as 'guard' relays as the system rotated them into use. Because this block accounted for around 6.4 percent of Tor's guard capacity, they would have been used by a large number of users over time.
"While we don't know when they started doing the attack, users who operated or accessed hidden services from early February through July 4 should assume they were affected," Tor's post said. "Unfortunately, it's still unclear what 'affected' includes."
The enemy here is uncertainty. Tor knows it was attacked and roughly how but can't work out what effect this might have had on users. Tor said it would form a group to devote more time to looking for malicious relays as well as issuing a software update for relays themselves to reduce the system's vulnerability.
Last week The Russian Interior Ministry announced an £111,000 bounty for anyone who can come up with a compromise method to use against Tor. This was interpreted as a hopeful punt; a compromise as fundamental as the one the Russians would like to find looks highly unlikely and would be incredibly hard for even well-resourced organisations to find.
The NSA and FBI would also reportedly like to find a way in even though, ironically, the service is indirectly funded by US Government agencies.
"If this was in fact the work of CMU researchers, I would hope that in the future they choose to contribute to security knowledge without jeopardizing public safety," commented Tripwire security researcher Craig Young.
Sign up for CIO Asia eNewsletters.