Russia Posts $110,000 Bounty For Cracking Tor's Privacy

hypnosec writes: The government of Russia has announced a ~$110,000 bounty to anyone who develops technology to identify users of Tor, an anonymising network capable of encrypting user data and hiding the identity of its users. The public description (in Russian) of the project has been removed now and it only reads "cipher 'TOR' (Navy)." The ministry said it is looking for experts and researchers to "study the possibility of obtaining technical information about users and users' equipment on the Tor anonymous network."

TOR is a US-backed project

[Anonymous Coward]

Remember, TOR was made by the US Navy specifically to anonymize the traffic of government spies. The public release of the project and transfer to EFF and later parties was specifically to provide cover for said spies. The current developers even consult with the NSA regarding it's security, and the NSA itself has tools to deanonymize it to a certain extent. (It probably relies on the fact that they run a large amount of exit nodes.)

Russia doesn't want to decrypt your packets. They want to decrypt the CIA/NSA/FBI traffic you're relaying around.

Re:TOR is a US-backed project

[Anonymous Coward]

There is so much wrong with your post that I don't know if you are vastly uninformed or if you are a troll.

Remember, TOR was made by the US Navy specifically to anonymize the traffic of government spies.

No, TOR was a project about creating the ability for people in repressive countries to be able to access the Internet in ways that their government was either blocking, or whose access could endanger the user since it was not in line with the government's decrees and/or filters.

The public release of the project and transfer to EFF and later parties was specifically to provide cover for said spies.

Ah, the standard conspiracy theorists' "that's what they want you to think, but really ..." (fill in with unlikely or unsubstantiated claim) I do admit though that spies could also take advantage of it, along with criminals, botnets, etc.

The current developers even consult with the NSA regarding it's security

I don't know if that is true, but assuming it is, Congress has given the NSA the role of being the US government authority on computer security and on encryption, as well as aiding US companies and interests in these areas to benefit the US. Since protecting the ability of people in hostile locations to continue to access resources such as gmail and twitter, often through the use of tools like TOR, has been deemed in the US interest, the NSA's charter therefore covers helping to ensure TOR is a safe, secure, and robust tool. I do not see the problem, other than guilt by association. Of course by that same logic, almost all major security products you utilize would similarly be suspect (assuming you are in the US).

the NSA itself has tools to deanonymize it to a certain extent. (It probably relies on the fact that they run a large amount of exit nodes.)

Other than running TOR exit nodes to monitor and potentially manipulate the traffic entering the TOR network (a well known attack against TOR that many actors are utilizing, not just the NSA), are you claiming they have other ways to deanonymize the traffic? If so, cite?

Russia doesn't want to decrypt your packets. They want to decrypt the CIA/NSA/FBI traffic you're relaying around.

While I am sure Russia would like to see any spy traffic that is using TOR, I am pretty sure the bigger reason is what I mentioned about about repressive regimes. They are much more interested in the actions of their own citizens that they feel may endanger the state, i.e. their corrupt, crony filled government, since a well-informed populace would be their greatest threat. Just read about how the state-owned/controlled media there is currently reporting the "facts" surrounding the MH17 airplane crash, then consider that their biggest obstacle is that the people can get information from sources other than the Russian government. They would love to be able to shut that down, or at least know who is going around them so they can shut THEM down.

Re:TOR is a US-backed project

[Anonymous Coward]

No, TOR was a project about creating the ability for people in repressive countries to be able to access the Internet in ways that their government was either blocking, or whose access could endanger the user since it was not in line with the government's decrees and/or filters.

No, you're wrong and OP is right:

http://cryptome.org/0003/tor-spy.htm

Creators of TOR:
David M. Goldschlag
Michael G. Reed
Paul F. Syverson
Naval Research Laboratory

More:

http://www.onion-router.net/Publications/IH-1996.pdf
http://www.isoc.org/inet97/proceedings/F7/F7_1.HTM
http://www.onion-router.net/

TOR Made for USG Open Source Spying Says Maker

Date: Tue, 22 Mar 2011 16:57:39 -0400
From: Michael Reed
To: tor-talk[at]lists.torproject.org
Subject: Re: [tor-talk] Iran cracks down on web dissident technology

On 03/22/2011 12:08 PM, Watson Ladd wrote:
> On Tue, Mar 22, 2011 at 11:23 AM, Joe Btfsplk wrote:
>> Why would any govt create something their enemies can easily use against
>> them, then continue funding it once they know it helps the enemy, if a govt
>> has absolutely no control over it? It's that simple. It would seem a very
>> bad idea. Stop looking at it from a conspiracy standpoint& consider it as
>> a common sense question.
> Because it helps the government as well. An anonymity network that
> only the US government uses is fairly useless. One that everyone uses
> is much more useful, and if your enemies use it as well that's very
> good, because then they can't cut off access without undoing their own
> work.

BINGO, we have a winner! The original *QUESTION* posed that led to the
invention of Onion Routing was, "Can we build a system that allows for
bi-directional communications over the Internet where the source and
destination cannot be determined by a mid-point?" The *PURPOSE* was for
DoD / Intelligence usage (open source intelligence gathering, covering
of forward deployed assets, whatever). Not helping dissidents in
repressive countries. Not assisting criminals in covering their
electronic tracks. Not helping bit-torrent users avoid MPAA/RIAA
prosecution. Not giving a 10 year old a way to bypass an anti-porn
filter. Of course, we knew those would be other unavoidable uses for
the technology, but that was immaterial to the problem at hand we were
trying to solve (and if those uses were going to give us more cover
traffic to better hide what we wanted to use the network for, all the
better...I once told a flag officer that much to his chagrin). I should
know, I was the recipient of that question from David, and Paul was
brought into the mix a few days later after I had sketched out a basic
(flawed) design for the original Onion Routing.

The short answer to your question of "Why would the government do this?"
is because it is in the best interests of some parts of the government
to have this capability... Now enough of the conspiracy theories...

-Michael

Re:$110,000

[Anonymous Coward]

Russians are really cheap bastards. I suppose it is out of necessity.

$110,000 is probably 1 night of gay hookers and blow for Putin.