Russia Posts $110,000 Bounty For Cracking Tor's Privacy

hypnosec writes: The government of Russia has announced a ~$110,000 bounty to anyone who develops technology to identify users of Tor, an anonymising network capable of encrypting user data and hiding the identity of its users. The public description (in Russian) of the project has been removed now and it only reads "cipher 'TOR' (Navy)." The ministry said it is looking for experts and researchers to "study the possibility of obtaining technical information about users and users' equipment on the Tor anonymous network."

Where's Snowden the second?

[cogeek]

Just get a low level tech to release some NSA docs to the Russians, instant $110k!

Re:

[Jeremiah Cornelius]

Chump change for these guys. The NSA spend more with Narus and Verint.

Re:

[tomhath]

They already have everything a low level tech from NSA can provide. Probably something in there has piqued their interest in TOR.

Re:

[Shoten]

Just get a low level tech to release some NSA docs to the Russians, instant $110k!

Actually, the NSA attempted this, and didn't have consistent success. At least, not according to what Snowden revealed.

Transparency FTW!

[xfizik]

And they say Russia is too secretive. This is the pinnacle of transparency!

Re:Transparency FTW!

[EvilSS]

And they say Russia is too secretive. This is the pinnacle of transparency!

It frightens me that this is both funny and insightful at the same time.

Re:Transparency FTW!

[Tailhook]

Transparency? Oh Ye of Little Cynicism.

They've already cracked TOR. This is the FSB attempting to convince Russia's dissidents that TOR is secure.

Yay interwebs.

Re:

[Anonymous Coward]

this level of paranoia is delightful... and i don't doubt it for a second. dear lord, orwell was a time-wizard wasn't he?

Re:

[currently_awake]

Given the pathetically low level of security at the NSA (Snowden was just a sub-contractor!) it's likely that everything they get is forwarded to the Russians, and given what we know of the NSA it's likely they have compromised TOR. So this probably is misdirection to fool the dissidents.

Re:

[SigmundFloyd]

given what we know of the NSA it's likely they have compromised TOR.

Well... Citation needed.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Anonymous Coward]

I keep reading this, over and over. It's not true. Research encryption and you'll find you cannot just "crack" it, unless the algorithm is particularly predictable (almost no chance of that, billions/trillions of dollars and people's lives have depended on it, and much of it was made by the US Government).

Essentially encryption produces a random set of characters, where if brute-forced, would just result in a large set of various sets of random characters. Encryptions have been broken, but we've evolved bey

TOR is a US-backed project

[Anonymous Coward]

Remember, TOR was made by the US Navy specifically to anonymize the traffic of government spies. The public release of the project and transfer to EFF and later parties was specifically to provide cover for said spies. The current developers even consult with the NSA regarding it's security, and the NSA itself has tools to deanonymize it to a certain extent. (It probably relies on the fact that they run a large amount of exit nodes.)

Russia doesn't want to decrypt your packets. They want to decrypt the CIA/NSA/FBI traffic you're relaying around.

Re:

[Anonymous Coward]

There is so much wrong with your post that I don't know if you are vastly uninformed or if you are a troll.

Remember, TOR was made by the US Navy specifically to anonymize the traffic of government spies.

No, TOR was a project about creating the ability for people in repressive countries to be able to access the Internet in ways that their government was either blocking, or whose access could endanger the user since it was not in line with the government's decrees and/or filters.

The public release of the project and transfer to EFF and later parties was specifically to provide cover for said spies.

Ah, the standard conspiracy theorists' "that's what they want you to think, but really ..." (fill in with unlikely or unsub

Re:TOR is a US-backed project

[Anonymous Coward]

No, TOR was a project about creating the ability for people in repressive countries to be able to access the Internet in ways that their government was either blocking, or whose access could endanger the user since it was not in line with the government's decrees and/or filters.

No, you're wrong and OP is right:

http://cryptome.org/0003/tor-spy.htm

Creators of TOR:
David M. Goldschlag
Michael G. Reed
Paul F. Syverson
Naval Research Laboratory

More:

http://www.onion-router.net/Publications/IH-1996.pdf
http://www.isoc.org/inet97/proceedings/F7/F7_1.HTM
http://www.onion-router.net/

TOR Made for USG Open Source Spying Says Maker

Date: Tue, 22 Mar 2011 16:57:39 -0400
From: Michael Reed
To: tor-talk[at]lists.torproject.org
Subject: Re: [tor-talk] Iran cracks down on web dissident technology

On 03/22/2011 12:08 PM, Watson Ladd wrote:
> On Tue, Mar 22, 2011 at 11:23 AM, Joe Btfsplk wrote:
>> Why would any govt create something their enemies can easily use against
>> them, then continue funding it once they know it helps the enemy, if a govt
>> has absolutely no control over it? It's that simple. It would seem a very
>> bad idea. Stop looking at it from a conspiracy standpoint& consider it as
>> a common sense question.
> Because it helps the government as well. An anonymity network that
> only the US government uses is fairly useless. One that everyone uses
> is much more useful, and if your enemies use it as well that's very
> good, because then they can't cut off access without undoing their own
> work.

BINGO, we have a winner! The original *QUESTION* posed that led to the
invention of Onion Routing was, "Can we build a system that allows for
bi-directional communications over the Internet where the source and
destination cannot be determined by a mid-point?" The *PURPOSE* was for
DoD / Intelligence usage (open source intelligence gathering, covering
of forward deployed assets, whatever). Not helping dissidents in
repressive countries. Not assisting criminals in covering their
electronic tracks. Not helping bit-torrent users avoid MPAA/RIAA
prosecution. Not giving a 10 year old a way to bypass an anti-porn
filter. Of course, we knew those would be other unavoidable uses for
the technology, but that was immaterial to the problem at hand we were
trying to solve (and if those uses were going to give us more cover
traffic to better hide what we wanted to use the network for, all the
better...I once told a flag officer that much to his chagrin). I should
know, I was the recipient of that question from David, and Paul was
brought into the mix a few days later after I had sketched out a basic
(flawed) design for the original Onion Routing.

The short answer to your question of "Why would the government do this?"
is because it is in the best interests of some parts of the government
to have this capability... Now enough of the conspiracy theories...

-Michael

Re:

[Anonymous Coward]

It doesn't matter what the original purpose was. As long as it can be repurposed and it isn't backdoored and broken. Unfortunately, it looks like the protocol is weaker than expected, given the Carnegie Mellon mess. And of course there's issues with using JavaScript (which would allow canvas-based tracking among others). And it's easy to tell whether some IP is connected to the TOR network (and a VPN is a band-aid to that problem, and potentially broken given some of the language related to NSA's XKeyscore)

Re:

[khchung]

No, TOR was a project about creating the ability for people in repressive countries to be able to access the Internet in ways that their government was either blocking, or whose access could endanger the user since it was not in line with the government's decrees and/or filters.

No, you're wrong and OP is right:

http://cryptome.org/0003/tor-spy.htm

You DO noticed that the "rebuttal" is the typical deflection you see from politicians and large companies after getting caught doing something naughty, right? "Hey, you lied and cheated!" "No, what I did was about ...." (a long answer that never denied the lying and cheating part)

"No, TOR was a project about ..." noticed that the rebuttal did NOT mention who created TOR? The entire first sentence NEVER contradicted OP's point even though it started with a "No" -- "TOR was made by the US Navy specifically

Re:

[AHuxley]

Re the AC ' I do admit though that spies could also take advantage of it"
Read the origin papers the grants and funding:
http://www.onion-router.net/Sp... [onion-router.net]
https://www.torproject.org/abo... [torproject.org]
"It was originally developed with the U.S. Navy in mind, for the primary purpose of protecting government communications."
The origins are Office of Naval Research and DARPA. Have a read of http://www.onion-router.net/Pu... [onion-router.net] AC.
ie bi-directional gov/spy communication that would hide the source and destination from ano

Re:

[ElusiveJoe]

Russia doesn't want to decrypt your packets.

Correct.

They want to decrypt the CIA/NSA/FBI traffic you're relaying around.

Incorrect. They want to be able to detect who is showing up some TOR activity and tag them as "suspicious citizens". Later on, they could try to infect target computers with their malware, the lot for which is posted somewhere nearby (it is nicknamed Chameleon-2).

Silly commies...

[fuzzyfuzzyfungus]

Clearly our attempts to lead the commies out of the darkness and into the glories of the free market were not entirely successful. Surely a good, honest, American, defense contractor wouldn't even reply to an RFP for that kind of money, much less actually deliver, and comrade Putin wants a finished hack? The nerve...

Re:

[MikeBabcock]

Based on the NSA's spying behaviour and the number of federally sanctioned assassinations (by drone or otherwise), I could've sworn the commies lead the US into darkness, not the other way around.

Re:

[fuzzyfuzzyfungus]

That would be nice. Unfortunately, while others can provide tips, only we can compromise our principles...

Isn't this a good thing?

[Anonymous Coward]

If it's crackable, we should hope it comes to light. Although, I'm guessing the Russians would keep it a secret.

Soooo ..

[OzPeter]

I'm supposed to give an oppressive government details on how to crack a piece of software, and they'll give me (pinky to mouth) $100,000?

This is the same government that plays around with nuclear tipped umbrellas isn't it? That likes to shoot down civilian planes? If so what guarantees do I have that 1) I'll get the money, or 2) that I'll live to tell the tale?

Re:Soooo ..

[hguorbray]

So who is the capitalist now?

the Russians who are opening up this request for a solution to the marketplace

or the Americans, who have a State agency (albeit staffed by contractors) which builds tools like this behind closed doors

I must have overlooked the fact that this is opposite century or something....

-I'm just sayin'

Re:

[cold fjord]

What you overlooked is that Russia also has state agencies* that build tools like this behind closed doors.

* Very likely NOT staffed by contractors

Re:

[Anonymous Coward]

You really should do a little more research about what Russia does around all of it's borders and how shitty life is for everyone who ain't Russian.

Not just Ukraine or Georgia. Keep going around the border.

Re:

[Anonymous Coward]

Americans never lose, they just run out of time.

Re:

[cavreader]

Might as well give it a rest. Everyone knows that every country in the world except for the US and possibly Israel are a bunch of meek pacifists who would never engage in state violence of any type under any circumstances and even to suggest such a thing is now a despicable war crime. Although I have to say with all the peace, love, and understanding being spread around the world today I am pretty happy the US massively overspends on the military because were really going to need it in the not so distant fu

Re:

[cold fjord]

Europe will need it, and won't have it.

Re:

[billstewart]

The Russians didn't shoot down that plane. Ukrainian separatists did, using missiles they got from the Russians.

And it's not like the US hasn't accidentally shot down civilian aircraft before, if you remember that Iranian plane [wikipedia.org] the USS Vincennes shot down.

Re:

[cavreader]

When the Iranian jet was shot down the naval task group had declared a 100 mile restricted airspace zone over the naval group which was in international waters at the time. Even today that is SOP whenever a carrier or other naval assets are in international waters. They establish and enforce the no-fly zone in the air and on the surface. Prior to the Iranian plane being shot down Iranian military jets had attempted to violate the restricted airspace several times a day over the previous 7 days. When the co

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Nemyst]

Except if you wanted to do that, you'd report the bugs to the TOR developers. Russia would NEVER forward those bug reports, so all you'd manage is to let Russia exploit a flaw without allowing the TOR developers to know about it. You'd make TOR worse out of selfish greed.

Re:

[Anonymous Coward]

1. Find bug in Tor.
2. Give exploit to Russia and get money.
3. Give bug description to Tor developers so they can fix it.
4. Profit and have clear conscience!

(You better watch out for people with ricin umbrellas afterward though.)

Re:

[John.Banister]

You might want to check with these guys [hrw.org] about promises to pay. I talked to a talented Russian once who told me that you get promises of money before you produce results and promises to let you live if you go away quietly after you produce results. Of course, if you're sufficiently talented at interpersonal politics, you may convince someone that they will see more benefit in the long run by cultivating a relationship with you now, but this money doesn't relate so much to their initial promise as to your n

Re:

[currently_awake]

For the people this is targeted at 100,000 dollars is a very large amount of money. Imagine the hacker computer rig you could build with that! And imagine the street cred in finding holes in TOR (and patching them).

$110,000

[Martin S.]

I think the Russia Mafia would pay 10 times that at least

Re:

[Anonymous Coward]

Russians are really cheap bastards. I suppose it is out of necessity.

$110,000 is probably 1 night of gay hookers and blow for Putin.

my invention

[Mister Liberty]

The awesomeness of a Gestapo like state structure, and a zeal to ask all inhabitants
the following question: "Are you a tor user".

USA beat them to it

[jbmartin6]

Well, the US government is already doing this so the Russkies are behind again.

Re:

[AHuxley]

Re How the West could do it:
You need trust that the exit nodes are fast, well funded and NGO like. You need national level mastery of all packet traffic in and out of every tame provider.
Think of the cost of setting and funding per month a really good set of TOR servers/nodes.
You would really want the commanding height of the fastest say top 5 exit relays, then a larger pool of a good few 10's of other relays.
This would herd and make clear most traffic in a larger nation.
To cover this project set up a

Catch up at the back

[Anonymice]

TOR's already broken!

This [theregister.co.uk], from last week:

Black Hat anti-Tor talk smashed by lawyers' wrecking ball
Boring Carnegie-Mellon University lawyers have scuppered one of the most hotly anticipated talks at the Black Hat conference – which would have explained how $3,000 of kit could unmask Tor hidden services and user IP addresses.

cheapskates

[ipstas]

cheapskates

In Soviet Russia...

[l0n3s0m3phr34k]

TOR cracks YOU!