Is Russia Trying to Deanonymize Tor Traffic?

A contractor for Russia's intelligence agency suffered a breach, revealing projects they were pursuing -- including one to deanonymize Tor traffic.

An anonymous reader shared this report from ZDNet: The breach took place last weekend, on July 13, when a group of hackers going by the name of 0v1ru$ hacked into SyTech's Active Directory server from where they gained access to the company's entire IT network, including a JIRA instance. Hackers stole 7.5TB of data from the contractor's network, and they defaced the company's website with a "yoba face," an emoji popular with Russian users that stands for "trolling..." Per the different reports in Russian media, the files indicate that SyTech had worked since 2009 on a multitude of projects.
In February ZDNet reported that Russia disconnected itself from the rest of the internet in a test -- and suggests today that it was a real-world test of one of these leaked "secret projects" from the Russian intelligence agency. But the other projects include:

• Nautilus-S - a project for deanonymizing Tor traffic with the help of rogue Tor servers.
• Nautilus - a project for collecting data about social media users (such as Facebook, MySpace, and LinkedIn).
• Reward - a project to covertly penetrate P2P networks, like the one used for torrents.
• Mentor - a project to monitor and search email communications on the servers of Russian companies.
• Tax-3 - a project for the creation of a closed intranet to store the information of highly-sensitive state figures, judges, and local administration officials, separate from the rest of the state's IT networks.

ZDNet also reports that the Tor-deanonymizing project, started in 2012, "appears to have been tested in the real world," citing a 2014 paper which found 18 malicious Tor exit nodes located in Russia.

Each of those hostile Russian exit nodes used version 0.2.2.37 of Tor -- the same one described in these leaked files.

Re:

[Z00L00K]

At this stage illegal activities are probably finding other channels than TOR. If you don't move you will get caught.

Re:

[beepsky]

That's like saying gangsters will be finding other means of killing each other than guns... despite its age Tor works better than anything else out there

Re:

[beepsky]

While I salute your dedication to privacy, that's not necessary at all. Tor is at its heart 3 VPNs in a row, so all you're achieving is slowing down your traffic.

Re: This why you use

[Anonymous Coward]

Tor over VPN obscures the fact your IP is using tor at all... assuming your VPN of choice is itself secure.

Re:

[K10W]

While I salute your dedication to privacy, that's not necessary at all. Tor is at its heart 3 VPNs in a row, so all you're achieving is slowing down your traffic.

He's right it is totally necessary and common misconception I see a lot that tor is a privacy tool. Tor is anonymity tool NOT privacy tool. When used correctly it does its job really well but many seem to think it is like using a vpn when it is far from it as the traffic is visible to all the middlemen thus the vpn. For example if 99% of the postal mail was postcards or clear envelopes then to be anonymous/blend in you'd send your sensitive mail in the same form, that message on the postcard is anonymous if

Wow.

[Gravis Zero]

35 AC posts before a single real post. Seems Russia doesn't like it's secrets getting out.

Re:

[beepsky]

First sentence in and I can already say your post is wrong. Tor isn't fast enough to support "real-time child abuse material". If you don't believe me just fire it up and go visit twitch.tv to test it for yourself

Sounds like the NSA

[LordWabbit2]

The NSA has been doing this for years, Russia's trying to play catch up with Snowdens help. The article makes it sound like Russia is being "bad", if that's the case the USA has been "bad" for a number of years.

This Russiafobia crap is getting on my tits. It's OK if the US interferes with another countries elections, or spies on everyone, or invades countries, but if anyone else does it they are the DEVIL!!!

Just like this stupid app that ages peoples faces, "It's sending data to the Russians!!!" Just like every fucking iPhone/Android phone sent data to the the Americans!!! But of course, we can trust the Americans, they would never ever do anything bad with all the data they are collecting. Oh no, totally trustworthy. (That was sarcasm for you dimwitted Americans out there).

Well tell Paul Manafort's gout when you see him.

[Anonymous Coward]

“'Charging the president with a crime was an option we could not consider,” Mueller said.

“If we had had confidence that the president clearly did not commit a crime, we would have said so,” Mueller added.

“We did not however make a determination as to whether the president did commit a crime.”

Mueller said “it would be unfair” to accuse someone with a crime who can’t defend himself at trial, emphasizing that he was following a Justice Department policy aga

Re:

[andydread]

I see what you did there Oleg.

Re: Sounds like the NSA

[Anonymous Coward]

Hey asshole, both governments are the enemy of the people. No government should be doing this crap.

Re:

[AHuxley]

Reads like most advanced nations tax, state and federal police work.
Only part police would hide real deep is their smartphone voice print database contractor :)
This decades police and a nations gov/mil know of "social media" after years of http and ftp?
Police/gov/mil have an interest in the origins of onion routing given NGO, other gov use of such networking.
What nation does not have a list of its own companies?

Would anyone in Russia approve paperwork to keep anything of interest with "contractors"

Re:

[acrimonious howard]

if that's the case the USA has been "bad" for a number of years. .. This Russiafobia crap...

The difference is a lot of /.'ers live in the US, and the topic is that Russia is trying to inspect our tor traffic. If the current article was the CIA, then we'd surprisingly be just at outraged, but today's topic is Russia, and we're talking about some evidence that they're trying to deanonymize Tor traffic, collect social media info, penetrate P2P networks, and search email of private companies. If you have evidence of the CIA doing these things, don't post here - submit that as a new article! That's

Re:

[andydread]

Do the Americans kill journalists (numerous) that report on the corruption of politicians? Do the Americans kill political opponents? Do the Americans poison their exiled dissidents with polonium 210? Last I checked Snowden is still alive. Assange is also not dead. Many Americans would love to see those two dead but they are still breathing. Seems like you are trying to draw some kind of false equivalence here. The Americans are far from perfect but killing journalists and political opponents is bad,

Re:

[acrimonious howard]

Jeez this needs mod points so bad. The US (86/100) has a slightly worse reputation than West European countries (~93/100), but Russia is abysmal (20/100).

With loyalist security forces, a subservient judiciary, a controlled media environment, and a legislature consisting of a ruling party and pliable opposition factions, the Kremlin is able to manipulate elections and suppress genuine dissent. Rampant corruption facilitates shifting links among bureaucrats and organized crime groups.

https://freedomhouse.org/repor... [freedomhouse.org]

Re:

[Xenna]

You're obviously confused. I'll help you. The people with the missiles pointed at you are the enemy. For anyone in the 'free West' that means (among others) the Russians.

Doesn't matter, maybe even good

[beepsky]

It should be noted that 18 malicious Tor nodes is fucking nothing. The network has over 6000 relays, and you need to own at minimum 2 in the chain of 3 to deanonymise someone, and getting selected as a relay in someone's tunnel is absolutely based on luck and opportunistic rather than targeted.
You also shouldn't be concerned about people attacking Tor in general. If it's possible to break Tor, then breaking it is a *good* thing, because in the long run it results in patches and improvements. Security by o

Re:

[AHuxley]

Recall the US work with EgotisticalGiraffe, Quantum Cookie and FoxAcid server.
The way to see people with Fairview, Blarney, Oakstar and Stormbrew.
Collected with XKeyscore.

Sure

[nospam007]

If they convince Betteridge first.

What a dumb question, of course they are!

[Rick Schumann]

So is every other government on the planet in a country with a big enough budget to have a real Intelligence department.
Also every sizeable criminal organization, I'm sure.

Re:

[RhettLivingston]

Exactly. Can you imagine the havoc they could cause if they penetrated it, captured a couple months of traffic, filtered it down to everyone with political connections in the US, and simply outed them all at once? Just the possibility is worth funding a small project to continually pursue it.

Re:

[Rick Schumann]

Also the reverse: use the 'dark web' to hide your own intelligence traffic. Look at how hard it's been tracking down drug trafficking sites and murder-for-hire sites that existed on the dark web, and those were relatively speaking amateurs compared to professional intelligence personnel.