Can you set up a server that anyone can access but no one can find? Yes you can. Since 2004 we have deployed location hidden servers on the Tor network. Anyone can set one up and hide it using Tor. (Tor is a freely available anonymous communication network developed by the Naval Research Laboratory and the Free Haven Project. It is the most widely deployed and used anonymizing network ever in existence. It currently consists of about 250 servers on six continents and has an unknown (hidden) number of users estimated to be in the hundreds of thousands. Tor was named one of the 100 best products of 2005 by PC World.) Hidden services have many uses from resisting server DDoS to anonymous blogging. Undergroundmedia.org has published a guide to "Torcasting" (anonymity preserving and censorship resistant podcasting). And both the Electronic Frontier Foundation and Reporters Without Borders have issued guides that describe using hidden services via Tor to protect the safety of dissidents as well as resist censorship. Our primary focus in this presentation will be attacks. We will start by briefly describing the basic motivation and design of hidden services, outline how to set up your own hidden server and question how secure these hidden services really are. We will then demonstrate attacks we have recently carried out in experiments on the deployed Tor network that uncover the location of hidden servers in a matter of hours. We will also tell you how to protect against these attacks. We will present helper nodes and other countermeasures to these attacks that have recently been implemented and describe how they counter the attacks. Lasse Overlier is an employee of the Norwegian Defence Research Establishment (www.ffi.no) where he works on Computer Network Operations. He also lectures security classes at the Master of Science in Information Security program at Gjovik University College (www.hig.no) and at the University Graduate Center (www.unik.no) at Kjeller. He is currently located at the Naval Research Laboratory in Washington DC working on the security of anonymity systems while struggling towards a PhD at Gjovik University College. Paul Syverson is inventor of Onion Routing (for which he received the Edison Invention Award) and designer of all three generations of Onion Routing systems, including the latest system, Tor. Dr. Syverson has been designing and analyzing security and privacy systems at the Naval Research Laboratory (YATLA) for sixteen years. He has been chair of eight conferences and workshops ranging from the European Symposium on Research in Computer Security to the Privacy Enhancing Technologies Workshop and the Financial Crypto Conference. He is the editor of several books on these topics, as well as author of many dozens of papers published in refereed conferences and journals. He is also the author of _Logic, Convention, and Common Knowledge_, a book that discusses philosophical foundations of logic, and employs game theory and distributed computing in doing so. More at www.syverson.org