Russia Posts $110,000 Bounty For Cracking Tor's Privacy

← Back to Stories (view on slashdot.org)

Russia Posts $110,000 Bounty For Cracking Tor's Privacy

Posted by Soulskill on Friday July 25, 2014 @08:50AM from the what-happens-in-siberia-stays-in-siberia dept.

hypnosec writes: The government of Russia has announced a ~$110,000 bounty to anyone who develops technology to identify users of Tor, an anonymising network capable of encrypting user data and hiding the identity of its users. The public description (in Russian) of the project has been removed now and it only reads "cipher 'TOR' (Navy)." The ministry said it is looking for experts and researchers to "study the possibility of obtaining technical information about users and users' equipment on the Tor anonymous network."

98 comments

Min score:

Reason:

Sort:

Where's Snowden the second? by cogeek · 2014-07-25 08:54 · Score: 1

Just get a low level tech to release some NSA docs to the Russians, instant $110k!
1. Re:Where's Snowden the second? by Jeremiah+Cornelius · 2014-07-25 08:58 · Score: 1
  
  Chump change for these guys. The NSA spend more with Narus and Verint.
  
  --
  "Flyin' in just a sweet place,
  Never been known to fail..."
2. Re:Where's Snowden the second? by tomhath · 2014-07-25 09:12 · Score: 1
  
  They already have everything a low level tech from NSA can provide. Probably something in there has piqued their interest in TOR.
3. Re:Where's Snowden the second? by Shoten · 2014-07-25 13:19 · Score: 2
  
  Just get a low level tech to release some NSA docs to the Russians, instant $110k!
  Actually, the NSA attempted this, and didn't have consistent success. At least, not according to what Snowden revealed.
  
  --
  
  For your security, this post has been encrypted with ROT-13, twice.
Transparency FTW! by xfizik · 2014-07-25 08:57 · Score: 5, Insightful

And they say Russia is too secretive. This is the pinnacle of transparency!
1. Re:Transparency FTW! by EvilSS · 2014-07-25 09:06 · Score: 4, Insightful
  
  And they say Russia is too secretive. This is the pinnacle of transparency!
  It frightens me that this is both funny and insightful at the same time.
  
  --
  I browse on +1 so AC's need not respond, I won't see it.
2. Re:Transparency FTW! by Tailhook · 2014-07-25 09:19 · Score: 5, Interesting
  
  Transparency? Oh Ye of Little Cynicism.
  They've already cracked TOR. This is the FSB attempting to convince Russia's dissidents that TOR is secure.
  Yay interwebs.
  
  --
  Maw! Fire up the karma burner!
3. Re:Transparency FTW! by Anonymous Coward · 2014-07-25 10:04 · Score: 1
  
  this level of paranoia is delightful... and i don't doubt it for a second. dear lord, orwell was a time-wizard wasn't he?
4. Re:Transparency FTW! by Anonymous Coward · 2014-07-25 14:17 · Score: 0
  
  They've already cracked TOR.
  [citation needed]. While it's obvious the usual suspects and Russia as well would be very interested in cracking Tor, there's no evidence that any of them succeeded. Unless the algorithm is broken, no amount of computer resources will be able to crack it without making people wonder where all the matter in the universe went. Before you say quantum computers, none of them have been proven useful yet.
5. Re:Transparency FTW! by currently_awake · 2014-07-25 14:44 · Score: 2
  
  Given the pathetically low level of security at the NSA (Snowden was just a sub-contractor!) it's likely that everything they get is forwarded to the Russians, and given what we know of the NSA it's likely they have compromised TOR. So this probably is misdirection to fool the dissidents.
6. Re:Transparency FTW! by Anonymous Coward · 2014-07-25 21:58 · Score: 1
  
  I keep reading this, over and over. It's not true. Research encryption and you'll find you cannot just "crack" it, unless the algorithm is particularly predictable (almost no chance of that, billions/trillions of dollars and people's lives have depended on it, and much of it was made by the US Government).
  Essentially encryption produces a random set of characters, where if brute-forced, would just result in a large set of various sets of random characters. Encryptions have been broken, but we've evolved beyond that (most likely), and those were due to some weird reasons I'm not totally aware of. It's extremely unlikely someone broke the encryption on Tor. However, what they have done is used correlation, and fingerprinting (combo's of settings and whatnot produce fairly unique signatures) to identify people (as in 1/1 million chance, this is the person who's correlated with known information, however with Tor that number is much lower since most Tor users use the same browser with similar settings, although there are things like cookies and whatnot that make each one different -- the basis of fingerprinting).
  However, you may sort of have a point. If you can get people to be honest in a peaceful manner, then the world evolves faster, but I highly doubt any country is smart enough to figure that out (and a good way to implement it). The position that government workers are in puts a high amount of pressure on irrational behavior, as their belief is both consciously and subconsciously that their one and only advantage is they can hit people harder. So, it's a sort of a being blinded by conditions of work kind of thing. That, and pride has a very large role too, and pride can be blinding, especially if you're proud of how much force you can output and think that's the solution you have. And a further point, is that the ones making these government-based solutions almost entirely chose from plans that have already been attempted. There's almost no creativity whatsoever in government.
7. Re:Transparency FTW! by Anonymous Coward · 2014-07-25 23:36 · Score: 0
  
  I keep reading this, over and over. It's not true. Research encryption and you'll find you cannot just "crack" it, unless the algorithm is particularly predictable (almost no chance of that, billions/trillions of dollars and people's lives have depended on it, and much of it was made by the US Government).
  You don't need to crack the encryption. Given that we are talking about the government it is not a simple MiM attack, they have access to the metadata from every ISP on the way unless it leaves the country. (In the case of NSA they get the metadata from almost every western nation too.)
  They won't need to decrypt every packet on the way to find out everything they want to. They just need to intercept the packet when it leaves the endpoint. Check what other computers sent data of a reasonable size to the endpoint recently before and keep following the metadata.
  Depending on how much communication occurred there will now be a limited people that could have sent the information. It doesn't really matter if it is two or a thousand, it is still a number that is reasonable to investigate further.
  Bring it down to ten or so and you can have them all assassinated if you want to, it is not like those organizations have a problem with collateral damage.
  If you are willing to kill on a hunch (and NSA have admitted to kill based on metadata.) you won't need perfect information.
8. Re:Transparency FTW! by SigmundFloyd · 2014-07-26 02:12 · Score: 1
  
  given what we know of the NSA it's likely they have compromised TOR.
  Well... Citation needed.
  
  --
  Knowledge is power; knowledge shared is power lost.
9. Re:Transparency FTW! by hairyfeet · 2014-07-26 03:58 · Score: 1
  
  I thought that it was pretty easy to crack TOR, just run a bunch of exit nodes and suck up the data. Sure it doesn't let you target a specific individual but its governments we are talking about here, where the typical goal isn't to get ALL the people, just enough that you are seriously rolling the dice if you try thus causing a nice chilling effect.
  
  --
  ACs don't waste your time replying, your posts are never seen by me.
TOR is a US-backed project by Anonymous Coward · 2014-07-25 08:57 · Score: 5, Informative

Remember, TOR was made by the US Navy specifically to anonymize the traffic of government spies. The public release of the project and transfer to EFF and later parties was specifically to provide cover for said spies. The current developers even consult with the NSA regarding it's security, and the NSA itself has tools to deanonymize it to a certain extent. (It probably relies on the fact that they run a large amount of exit nodes.)
Russia doesn't want to decrypt your packets. They want to decrypt the CIA/NSA/FBI traffic you're relaying around.
1. Re:TOR is a US-backed project by Anonymous Coward · 2014-07-25 09:40 · Score: 1, Informative
  
  There is so much wrong with your post that I don't know if you are vastly uninformed or if you are a troll.
  
  Remember, TOR was made by the US Navy specifically to anonymize the traffic of government spies.
  No, TOR was a project about creating the ability for people in repressive countries to be able to access the Internet in ways that their government was either blocking, or whose access could endanger the user since it was not in line with the government's decrees and/or filters.
  
  The public release of the project and transfer to EFF and later parties was specifically to provide cover for said spies.
  Ah, the standard conspiracy theorists' "that's what they want you to think, but really ..." (fill in with unlikely or unsubstantiated claim) I do admit though that spies could also take advantage of it, along with criminals, botnets, etc.
  
  The current developers even consult with the NSA regarding it's security
  I don't know if that is true, but assuming it is, Congress has given the NSA the role of being the US government authority on computer security and on encryption, as well as aiding US companies and interests in these areas to benefit the US. Since protecting the ability of people in hostile locations to continue to access resources such as gmail and twitter, often through the use of tools like TOR, has been deemed in the US interest, the NSA's charter therefore covers helping to ensure TOR is a safe, secure, and robust tool. I do not see the problem, other than guilt by association. Of course by that same logic, almost all major security products you utilize would similarly be suspect (assuming you are in the US).
  
  the NSA itself has tools to deanonymize it to a certain extent. (It probably relies on the fact that they run a large amount of exit nodes.)
  Other than running TOR exit nodes to monitor and potentially manipulate the traffic entering the TOR network (a well known attack against TOR that many actors are utilizing, not just the NSA), are you claiming they have other ways to deanonymize the traffic? If so, cite?
  
  Russia doesn't want to decrypt your packets. They want to decrypt the CIA/NSA/FBI traffic you're relaying around.
  While I am sure Russia would like to see any spy traffic that is using TOR, I am pretty sure the bigger reason is what I mentioned about about repressive regimes. They are much more interested in the actions of their own citizens that they feel may endanger the state, i.e. their corrupt, crony filled government, since a well-informed populace would be their greatest threat. Just read about how the state-owned/controlled media there is currently reporting the "facts" surrounding the MH17 airplane crash, then consider that their biggest obstacle is that the people can get information from sources other than the Russian government. They would love to be able to shut that down, or at least know who is going around them so they can shut THEM down.
2. Re:TOR is a US-backed project by Anonymous Coward · 2014-07-25 09:48 · Score: 0, Insightful
  
  I am pretty sure the bigger reason is what I mentioned about about repressive regimes. They are much more interested in the actions of their own citizens that they feel may endanger the state, i.e. their corrupt, crony filled government, since a well-informed populace would be their greatest threat.
  
  Much like NSA does with it's own citizens? Ah, the good old 'Murican Irony!
3. Re:TOR is a US-backed project by Anonymous Coward · 2014-07-25 09:54 · Score: 0
  
  Now I know which of the two you are.
4. Re:TOR is a US-backed project by Anonymous Coward · 2014-07-25 10:09 · Score: 5, Informative
  
  No, TOR was a project about creating the ability for people in repressive countries to be able to access the Internet in ways that their government was either blocking, or whose access could endanger the user since it was not in line with the government's decrees and/or filters.
  No, you're wrong and OP is right:
  http://cryptome.org/0003/tor-spy.htm
  
  Creators of TOR:
  David M. Goldschlag
  Michael G. Reed
  Paul F. Syverson
  Naval Research Laboratory
  More:
  http://www.onion-router.net/Publications/IH-1996.pdf
  http://www.isoc.org/inet97/proceedings/F7/F7_1.HTM
  http://www.onion-router.net/
  
  TOR Made for USG Open Source Spying Says Maker
  Date: Tue, 22 Mar 2011 16:57:39 -0400
  From: Michael Reed
  To: tor-talk[at]lists.torproject.org
  Subject: Re: [tor-talk] Iran cracks down on web dissident technology
  On 03/22/2011 12:08 PM, Watson Ladd wrote:
  > On Tue, Mar 22, 2011 at 11:23 AM, Joe Btfsplk wrote:
  >> Why would any govt create something their enemies can easily use against
  >> them, then continue funding it once they know it helps the enemy, if a govt
  >> has absolutely no control over it? It's that simple. It would seem a very
  >> bad idea. Stop looking at it from a conspiracy standpoint& consider it as
  >> a common sense question.
  > Because it helps the government as well. An anonymity network that
  > only the US government uses is fairly useless. One that everyone uses
  > is much more useful, and if your enemies use it as well that's very
  > good, because then they can't cut off access without undoing their own
  > work.
  BINGO, we have a winner! The original *QUESTION* posed that led to the
  invention of Onion Routing was, "Can we build a system that allows for
  bi-directional communications over the Internet where the source and
  destination cannot be determined by a mid-point?" The *PURPOSE* was for
  DoD / Intelligence usage (open source intelligence gathering, covering
  of forward deployed assets, whatever). Not helping dissidents in
  repressive countries. Not assisting criminals in covering their
  electronic tracks. Not helping bit-torrent users avoid MPAA/RIAA
  prosecution. Not giving a 10 year old a way to bypass an anti-porn
  filter. Of course, we knew those would be other unavoidable uses for
  the technology, but that was immaterial to the problem at hand we were
  trying to solve (and if those uses were going to give us more cover
  traffic to better hide what we wanted to use the network for, all the
  better...I once told a flag officer that much to his chagrin). I should
  know, I was the recipient of that question from David, and Paul was
  brought into the mix a few days later after I had sketched out a basic
  (flawed) design for the original Onion Routing.
  The short answer to your question of "Why would the government do this?"
  is because it is in the best interests of some parts of the government
  to have this capability... Now enough of the conspiracy theories...
  -Michael
5. Re:TOR is a US-backed project by Anonymous Coward · 2014-07-25 10:53 · Score: 1, Insightful
  
  It doesn't matter what the original purpose was. As long as it can be repurposed and it isn't backdoored and broken. Unfortunately, it looks like the protocol is weaker than expected, given the Carnegie Mellon mess. And of course there's issues with using JavaScript (which would allow canvas-based tracking among others). And it's easy to tell whether some IP is connected to the TOR network (and a VPN is a band-aid to that problem, and potentially broken given some of the language related to NSA's XKeyscore).
  In short it's best not to use Tor, the Internet, phones, speech, or pen and paper to communicate secrets. And soon thoughts. kek
6. Re:TOR is a US-backed project by Anonymous Coward · 2014-07-25 11:01 · Score: 0, Insightful
  
  So first he's an idiot or a troll, and now it doesn't matter that he was right?
  I think we know who the troll is here.
7. Re:TOR is a US-backed project by ElusiveJoe · 2014-07-25 11:16 · Score: 1
  
  Russia doesn't want to decrypt your packets.
  Correct.
  
  They want to decrypt the CIA/NSA/FBI traffic you're relaying around.
  Incorrect. They want to be able to detect who is showing up some TOR activity and tag them as "suspicious citizens". Later on, they could try to infect target computers with their malware, the lot for which is posted somewhere nearby (it is nicknamed Chameleon-2).
8. Re:TOR is a US-backed project by AHuxley · 2014-07-25 12:00 · Score: 1
  
  Re the AC ' I do admit though that spies could also take advantage of it"
  Read the origin papers the grants and funding:
  http://www.onion-router.net/Sp...
  https://www.torproject.org/abo...
  "It was originally developed with the U.S. Navy in mind, for the primary purpose of protecting government communications."
  The origins are Office of Naval Research and DARPA. Have a read of http://www.onion-router.net/Pu... AC.
  ie bi-directional gov/spy communication that would hide the source and destination from another gov or telco in the middle ie intelligence usage, security technology.
  But once a system like that is seen in the wild, it is trackable. You need to hide that under huge amounts of people seeking free speech in oppressive regimes.
  Follow the early no-bid federal contract, non-profit, pass through funding or gov funding.
  
  --
  Domestic spying is now "Benign Information Gathering"
9. Re:TOR is a US-backed project by khchung · 2014-07-25 13:11 · Score: 1
  
  No, TOR was a project about creating the ability for people in repressive countries to be able to access the Internet in ways that their government was either blocking, or whose access could endanger the user since it was not in line with the government's decrees and/or filters.
  No, you're wrong and OP is right:
  http://cryptome.org/0003/tor-spy.htm
  You DO noticed that the "rebuttal" is the typical deflection you see from politicians and large companies after getting caught doing something naughty, right? "Hey, you lied and cheated!" "No, what I did was about ...." (a long answer that never denied the lying and cheating part)
  "No, TOR was a project about ..." noticed that the rebuttal did NOT mention who created TOR? The entire first sentence NEVER contradicted OP's point even though it started with a "No" -- "TOR was made by the US Navy specifically to anonymize the traffic of government spies. "
  
  --
  Oliver.
10. Re:TOR is a US-backed project by Anonymous Coward · 2014-07-25 13:12 · Score: 0
  
  First off- your wrong. Tor has something called bridges. If your in a situation where you don't want the government to be able to block you or easily recognize the fact your using Tor you use a bridge.
11. Re:TOR is a US-backed project by Anonymous Coward · 2014-07-25 17:09 · Score: 0
  
  $110,000 is too cheap. They won't get squat for that kind of chicken scratch. Tor is easy enough to break, provided that one is wiling and able to make the necessary investments in bandwidth, relays and exit nodes. For a few billion dollars they could probably set up enough exit nodes and have enough traffic running through them to eventually de-anonymize given users. This is what the NSA does. They throw enough money at the problem so that they control enough relays and exit nodes to guarantee that at least some percentage of the Tor circuits are formed using servers under their control. If one agency controls all the relays of a circuit then those relays can collectively turn on the user and de-anonymize them. The Tor developers themselves acknoweldge the possibility of somebody doing this which is why they're always encouraging more independent relay and exit node operators to help prevent powerful organizations from cornering parts of the network within their spheres of influence.
12. Re:TOR is a US-backed project by Anonymous Coward · 2014-07-26 01:28 · Score: 0
  
  you're so adorable!
Its a trap. by Anonymous Coward · 2014-07-25 09:01 · Score: 0

Not sure if done to help a repressive government, to improve a security tool, or to hurt another repressive government.
1. Re:Its a trap. by Anonymous Coward · 2014-07-25 09:03 · Score: 0
  
  They're all out to get you. Hide!
Silly commies... by fuzzyfuzzyfungus · 2014-07-25 09:03 · Score: 1

Clearly our attempts to lead the commies out of the darkness and into the glories of the free market were not entirely successful. Surely a good, honest, American, defense contractor wouldn't even reply to an RFP for that kind of money, much less actually deliver, and comrade Putin wants a finished hack? The nerve...
1. Re:Silly commies... by MikeBabcock · 2014-07-25 15:47 · Score: 1
  
  Based on the NSA's spying behaviour and the number of federally sanctioned assassinations (by drone or otherwise), I could've sworn the commies lead the US into darkness, not the other way around.
  
  --
  - Michael T. Babcock (Yes, I blog)
2. Re:Silly commies... by fuzzyfuzzyfungus · 2014-07-28 04:20 · Score: 1
  
  That would be nice. Unfortunately, while others can provide tips, only we can compromise our principles...
Good job Russia by Anonymous Coward · 2014-07-25 09:12 · Score: 0

No sarcasm. It's really good they invest money in this direction. Either no one collects the bounty and then we know Tor is safe or someone does and the issues will surface and we will all get a better Tor. I doubt the disclosure is going to be public on the other hand, so it's not so great news after all, but I still hope.
1. Re:Good job Russia by Anonymous Coward · 2014-07-25 09:13 · Score: 0
  
  No sarcasm. It's really good they invest money in this direction. Either no one collects the bounty and then we know Tor is safe or someone does and the issues will surface and we will all get a better Tor. I doubt the disclosure is going to be public on the other hand, so it's not so great news after all, but I still hope.
  Your hope must be crushed. Hope is a disease. It infects you and blinds you to the cold, harsh reality of the world. Kill your hope and survive another day.
2. Re:Good job Russia by Anonymous Coward · 2014-07-25 10:42 · Score: 0
  
  This would be funny if not so naively stupid.
The point is... by Anonymous Coward · 2014-07-25 09:13 · Score: 0

If a system/network administrator has any clue at all, they regularly scrape the TOR exit node list and block everything (at the router level, the IP level, and in the service), unless they want to be constantly attacked 24/7/365, either by script kiddies, or nasty trolls if it is a message forum.
One might be able to put a proxy in front of their TOR exit node... but when push comes to shove, does a proxy want to be responsible for the traffic? Likely not, so I'm sure no VPNs would allow exit notes even near their services.
1. Re: The point is... by Anonymous Coward · 2014-07-25 22:04 · Score: 0
  
  Funny becuase I run an exit node over VPN. Changing exit IP every day or so.
Isn't this a good thing? by Anonymous Coward · 2014-07-25 09:14 · Score: 1

If it's crackable, we should hope it comes to light. Although, I'm guessing the Russians would keep it a secret.
Soooo .. by OzPeter · 2014-07-25 09:14 · Score: 5, Insightful

I'm supposed to give an oppressive government details on how to crack a piece of software, and they'll give me (pinky to mouth) $100,000?
This is the same government that plays around with nuclear tipped umbrellas isn't it? That likes to shoot down civilian planes? If so what guarantees do I have that 1) I'll get the money, or 2) that I'll live to tell the tale?

--
I am Slashdot. Are you Slashdot as well?
1. Re:Soooo .. by Anonymous Coward · 2014-07-25 09:24 · Score: 0
  
  You are not supposed to give a shit in the first place. Mostly because you can't provide any useful info at all.
2. Re:Soooo .. by Anonymous Coward · 2014-07-25 09:25 · Score: 0
  
  You are not supposed to give a shit in the first place. Mostly because you can't provide any useful info at all.
  How the fuck would you know what he knows or doesn't?
3. Re:Soooo .. by Anonymous Coward · 2014-07-25 09:29 · Score: 0
  
  He's an NSA contractor.
4. Re:Soooo .. by hguorbray · 2014-07-25 09:34 · Score: 4, Insightful
  
  So who is the capitalist now?
  
  the Russians who are opening up this request for a solution to the marketplace
  
  or the Americans, who have a State agency (albeit staffed by contractors) which builds tools like this behind closed doors
  
  I must have overlooked the fact that this is opposite century or something....
  
  -I'm just sayin'
5. Re:Soooo .. by Anonymous Coward · 2014-07-25 09:39 · Score: 0
  
  As if you could crack anything other than your knuckles.
6. Re:Soooo .. by Anonymous Coward · 2014-07-25 09:48 · Score: 0
  
  Likely to get a communist cold after telling them.
7. Re:Soooo .. by Anonymous Coward · 2014-07-25 10:15 · Score: 1
  
  You really should do a little more research about what Russia does around all of it's borders and how shitty life is for everyone who ain't Russian.
  Not just Ukraine or Georgia. Keep going around the border.
8. Re:Soooo .. by Anonymous Coward · 2014-07-25 10:21 · Score: 0
  
  Like anyone needs a neocon fuck to tell them about the shit that their policies have incurred on the world.
9. Re:Soooo .. by Anonymous Coward · 2014-07-25 10:22 · Score: 0
  
  Russkies can tell the same: keep walking around the US border and watch shitty life for everyone who ain't American. Wait, there's more: let's blame US for that!
10. Re:Soooo .. by Anonymous Coward · 2014-07-25 10:29 · Score: 0
  
  Russia is not going let NATO missiles be deployed on their doorstep. The US didn't stand for it back in the 60's, and Russian isn't going now either.
11. Re:Soooo .. by houghi · 2014-07-25 10:44 · Score: 2
  
  No, you give the makers of TOR a reason to make it better. The fact that you might get money for this bug-reporting is a bonus.
  The same reason you should be telling the people that there are security leaks in any other software.
  
  --
  Don't fight for your country, if your country does not fight for you.
12. Re:Soooo .. by Anonymous Coward · 2014-07-25 10:57 · Score: 0
  
  lol really? Let's see, Canada and Mexico......uhhh ya, I see what you mean.(lol)
  Sure, there has been some kerfuffle about copyright crap between the US and Canada and maybe a pipeline or two. So what?
  As for Mexico, what more could they ask for? A big bag of money handed to them as they illegally cross the border into the US with practically open arms?
  I think Putin should hire smarter shills...
13. Re:Soooo .. by Anonymous Coward · 2014-07-25 11:04 · Score: 0
  
  Self reinforced delusion. NATO isn't putting any missiles there. Russia only thinks that because that's what Russia would do. Russia is stuck in the past, like most of the middle east.
  It won't be a shock when they finally embrace their stone-age brothers(middle eastern muslims) and try to assert power on the rest of the world. That will be the moment everyone else realizes....we should have destroyed Russia long ago.
14. Re:Soooo .. by Anonymous Coward · 2014-07-25 11:16 · Score: 0
  
  I see what you did there. ok, let's omit most of the backyard: Colombia, Guatemala, Nicaragua, Cuba, Ecuador, what else did I missed? As for Mexico, "A big bag of money handed to them" is exactly the thing that media wants you to think. Keep you narrow-minded view for yourself.
15. Re:Soooo .. by Anonymous Coward · 2014-07-25 11:28 · Score: 0
  
  More neocon genocidal pablum.
16. Re:Soooo .. by Anonymous Coward · 2014-07-25 11:49 · Score: 0
  
  Why are Russians such poor losers? You should be used to it by now....
17. Re:Soooo .. by Anonymous Coward · 2014-07-25 12:26 · Score: 0
  
  It's opened to Russians only, so you can't even if you wanted to.
  No, they did not shoot down that plane. Honestly, the US of A fights more wars and arms more people than Russia ever has.
18. Re:Soooo .. by Anonymous Coward · 2014-07-25 12:29 · Score: 0
  
  tebe, faschingtonskiy pidorok, ebat' tvoego papashu privichnee
19. Re:Soooo .. by Anonymous Coward · 2014-07-25 13:21 · Score: 1
  
  Americans never lose, they just run out of time.
20. Re:Soooo .. by cavreader · 2014-07-25 13:34 · Score: 1
  
  Might as well give it a rest. Everyone knows that every country in the world except for the US and possibly Israel are a bunch of meek pacifists who would never engage in state violence of any type under any circumstances and even to suggest such a thing is now a despicable war crime. Although I have to say with all the peace, love, and understanding being spread around the world today I am pretty happy the US massively overspends on the military because were really going to need it in the not so distant future.
21. Re:Soooo .. by John.Banister · 2014-07-25 14:14 · Score: 2
  
  You might want to check with these guys about promises to pay. I talked to a talented Russian once who told me that you get promises of money before you produce results and promises to let you live if you go away quietly after you produce results. Of course, if you're sufficiently talented at interpersonal politics, you may convince someone that they will see more benefit in the long run by cultivating a relationship with you now, but this money doesn't relate so much to their initial promise as to your negotiating skill.
22. Re:Soooo .. by cold+fjord · 2014-07-25 14:42 · Score: 1
  
  What you overlooked is that Russia also has state agencies* that build tools like this behind closed doors.
  * Very likely NOT staffed by contractors
  
  --
  much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
23. Re:Soooo .. by cold+fjord · 2014-07-25 14:45 · Score: 1
  
  Europe will need it, and won't have it.
  
  --
  much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
24. Re:Soooo .. by currently_awake · 2014-07-25 14:52 · Score: 2
  
  For the people this is targeted at 100,000 dollars is a very large amount of money. Imagine the hacker computer rig you could build with that! And imagine the street cred in finding holes in TOR (and patching them).
25. Re:Soooo .. by Anonymous Coward · 2014-07-25 16:06 · Score: 0
  
  I'm supposed to give an oppressive government details on how to crack a piece of software, and they'll give me (pinky to mouth) $100,000?
  This is the same government that plays around with nuclear tipped umbrellas isn't it? That likes to shoot down civilian planes? If so what guarantees do I have that 1) I'll get the money, or 2) that I'll live to tell the tale?
  Well now that's the rub isn't it. The guys you would be working for are rat bastards who can't be trusted. They would like you to do work for them on the promise of reward. On success there are several possibilities: 1) The best: they actually pay you and that's that, but use it against your country. 2) They take your hard work, use it against your country, but don't pay you. 3) They take your hard work, don't pay you, and also take your life, then use it against your country. 4) Take your hard work, don't pay you, threaten your life and the lives of your family/relatives/friends, make you their slave, eventually kill you, and use it against your country. ... So those are your options, and there are likely more. The roughly $100,000 they pay you may make your life better, but maybe not. If you have to spend the rest of your life covering your tracks, (they might worry about you getting caught or turning yourself into your own government, causing the encryption to change, rendering their payout worthless: to protect their investment, you are a loose end, you need to be tied down or snipped off. Even if they promise otherwise, and nothing happens for years, there is always the prospect that they will change their minds. Remember the part about their being un-trustworthy? There might be some stupid or desperate to work with them, but even if you get paid out cleanly, you are still supporting a terrorist state, and even indirectly, it could wind up biting you in the ass (your side could arrest you, or the damage they do to your state could affect you badly).
26. Re:Soooo .. by billstewart · 2014-07-25 16:25 · Score: 2
  
  The Russians didn't shoot down that plane. Ukrainian separatists did, using missiles they got from the Russians.
  And it's not like the US hasn't accidentally shot down civilian aircraft before, if you remember that Iranian plane the USS Vincennes shot down.
  
  --
  
  Bill Stewart
  New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
27. Re:Soooo .. by Nemyst · 2014-07-25 16:40 · Score: 1
  
  Except if you wanted to do that, you'd report the bugs to the TOR developers. Russia would NEVER forward those bug reports, so all you'd manage is to let Russia exploit a flaw without allowing the TOR developers to know about it. You'd make TOR worse out of selfish greed.
28. Re:Soooo .. by Anonymous Coward · 2014-07-25 19:20 · Score: 0
  
  and also.... its proven beyond and doubt that you have that airplane thing, tottaly wrong.
  cheers
29. Re:Soooo .. by Anonymous Coward · 2014-07-25 22:45 · Score: 0
  
  Well, those "Ukrainian separatists" are mostly Russians (as in, citizens, not only ethnic Russians), all their leaders are Russian citizens, all their weapons, and all their financial support comes from Russia. So, it is pretty accurate to state that the Russians shot down the plane.
30. Re:Soooo .. by Anonymous Coward · 2014-07-25 23:35 · Score: 1
  
  1. Find bug in Tor.
  2. Give exploit to Russia and get money.
  3. Give bug description to Tor developers so they can fix it.
  4. Profit and have clear conscience!
  (You better watch out for people with ricin umbrellas afterward though.)
31. Re: Soooo .. by Anonymous Coward · 2014-07-26 01:24 · Score: 0
  
  Those guys? You don't know anything about "the left", you stupid Republicunt.
32. Re:Soooo .. by cavreader · 2014-07-27 08:56 · Score: 1
  
  When the Iranian jet was shot down the naval task group had declared a 100 mile restricted airspace zone over the naval group which was in international waters at the time. Even today that is SOP whenever a carrier or other naval assets are in international waters. They establish and enforce the no-fly zone in the air and on the surface. Prior to the Iranian plane being shot down Iranian military jets had attempted to violate the restricted airspace several times a day over the previous 7 days. When the commercial jet was shot down their flight plan was headed right into the restricted airspace. The Iranians knew about the air space restrictions and knowingly let the commercial jet fly into that area instead of routing the plane away from the danger. The plane in question would also not acknowledge any communication attempts by the navy to warn them off. And to top it off the plane had it's transponder turned off making it difficult to identify the plane. It almost feels like the Iranian actions were a setup to cause exactly what happened to secure a huge propaganda victory. The US acknowledged the shoot down immediately and did not try to hide or deny the incident. Instead the navy captain who ordered the plane to be shot down was exonerated and the US paid millions dollars to the Iranians in reparations. The circumstances of the Ukrainian shoot down are nothing like what happened in Iran.
33. Re: Soooo .. by Anonymous Coward · 2014-07-28 05:34 · Score: 0
  
  Pretty sexist insult there. Sad to see from someone who claims to know something about the left.
Biggest weakness of the Internet: IP addresses by Anonymous Coward · 2014-07-25 09:20 · Score: 0

Without the ability to split identity from your IP address, there's no way to be truly anonymous on the Internet. I hope Tor stays on the winning side of the technological arms race.
$110,000 by Martin+S. · 2014-07-25 09:26 · Score: 1

I think the Russia Mafia would pay 10 times that at least
1. Re:$110,000 by Anonymous Coward · 2014-07-25 09:54 · Score: 0
  
  Why?
2. Re:$110,000 by Anonymous Coward · 2014-07-25 10:49 · Score: 0
  
  That's probably one of those cost to pay-off versus cost to bump-off situations. Maybe you should offer a discount.
3. Re:$110,000 by Anonymous Coward · 2014-07-25 11:07 · Score: 1, Informative
  
  Russians are really cheap bastards. I suppose it is out of necessity.
  $110,000 is probably 1 night of gay hookers and blow for Putin.
4. Re:$110,000 by Anonymous Coward · 2014-07-25 11:51 · Score: 0
  
  you jealous? can't afford a night worth of gay hookers?
5. Re:$110,000 by Anonymous Coward · 2014-07-25 15:03 · Score: 0
  
  Not enough money :( Can only afford your mum, m8
my invention by Mister+Liberty · 2014-07-25 09:47 · Score: 1

The awesomeness of a Gestapo like state structure, and a zeal to ask all inhabitants
the following question: "Are you a tor user".
IS IT A TRAP?! by Anonymous Coward · 2014-07-25 09:56 · Score: 0

So have they not yet cracked it, or are they just making it look like they haven't.
USA beat them to it by jbmartin6 · 2014-07-25 10:04 · Score: 1

Well, the US government is already doing this so the Russkies are behind again.

--
This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
1. Re:USA beat them to it by Anonymous Coward · 2014-07-25 10:09 · Score: 0
  
  Well, the US government is already doing this so the Russkies are behind again.
  Well, then can you tell us how much US government pays for that, can't you?
2. Re:USA beat them to it by AHuxley · 2014-07-25 11:39 · Score: 1
  
  Re How the West could do it:
  You need trust that the exit nodes are fast, well funded and NGO like. You need national level mastery of all packet traffic in and out of every tame provider.
  Think of the cost of setting and funding per month a really good set of TOR servers/nodes.
  You would really want the commanding height of the fastest say top 5 exit relays, then a larger pool of a good few 10's of other relays.
  This would herd and make clear most traffic in a larger nation.
  To cover this project set up as many NGO, friendly "person" like fronts as you can to do the heavy lifting. You have to win the packet race with all other server products in the domestic and international interconnect locations every hour. No hard, just ensure your nations telco network has a lot of end points that peers all telco plans to say an east and west coast or big main city. Get the young intelligence community staff to hold "crypto parties" where other real NGO's can put a friendly face to the new big servers. This builds confidence that its a nice real person working with some of more big tor exits. Add in some work colleges of the young intelligence community staff to set up Tor nodes and a country will soon have real faces to a lot of the back end hardware.
  As for price? Think back to the GCHQ's 2006 programmes around the SIGMod (sigint modernisation) initiative and a nation can get Tempora http://www.wired.co.uk/news/ar... (24 June 2013)
  Once you have every packet moving in and out of a nation, just sort deep over time.
  After that you have the telco net down the the users and can get unique hardware/software layer information per user, no matter the ip or provider like with p2p and classic MAC addresses.
  The honeypot aspect was talked about in 1997.
  
  --
  Domestic spying is now "Benign Information Gathering"
False advertising by Anonymous Coward · 2014-07-25 11:53 · Score: 0

This strikes me as very suspicious, based on a couple things. First, the dollar amount is pretty low. Second, I thought the NSA had TOR licked already? Not 100% licked, but enough to figure out who's who if they really want to.
The first thing that came to mind when I read the summary and some of the comments is shill. Is Russia trying to convince us TOR is safe by requesting people to crack it, giving the illusion they haven't already?
I'd like to see EFF or Mozilla offer $500K by Anonymous Coward · 2014-07-25 12:23 · Score: 0

If TOR can be broken, it is best to know it sooner rather than later. The only real bad which could come from offering an reward for breaking the security would be if the security was broken but the breach was kept secret!
Here's who's using it. by Anonymous Coward · 2014-07-25 16:21 · Score: 0
- - Anonymous Coward
- - Anonymous Coward 2
- - Ivan Doe
- - Ivan Doe 2
- - Ivan Doe 3
- - Anonymous Coward 4
- ...
- PROFIT!1
Catch up at the back by Anonymice · 2014-07-25 16:59 · Score: 2

TOR's already broken!
This, from last week:

Black Hat anti-Tor talk smashed by lawyers' wrecking ball
Boring Carnegie-Mellon University lawyers have scuppered one of the most hotly anticipated talks at the Black Hat conference – which would have explained how $3,000 of kit could unmask Tor hidden services and user IP addresses.
cheapskates by ipstas · 2014-07-25 17:08 · Score: 1

cheapskates
In Soviet Russia... by l0n3s0m3phr34k · 2014-07-25 19:15 · Score: 1

TOR cracks YOU!
Or just run as many virtual exit nodes as you wish by Anonymous Coward · 2014-07-25 22:21 · Score: 0

What the hell do you need billions for? You could simply run as much exit nodes on a single smartphone as you could muster ip addresses such that the clients connecting can't classify them for being some virtual nodes made for purpose of traffic snooping.
Maybe tor has some protections in place for this but I doubt they're anything that a decent programmer can't bypass if given enough time.
Not buying it by Anonymous Coward · 2014-07-26 08:29 · Score: 0

Wasn't there an article about a year ago that US cyber experts managed to track TOR users with web site java script that made it so that users' browser left finger prints on visited web sites? These announcements of "awards" are common, they're trying to people a false impression that they're safe.
1. Re:Not buying it by Anonymous Coward · 2014-07-26 19:22 · Score: 0
  
  That worked for having a list of users visiting a *specific* site, already compromised. As someone said, the security given by Tor is an illusion, and you may be better off paying a private VPN in Asia or Western Europe. As for the comment about wanting to detect who is using Tor, it is enough to monitor netflows and/or traffic heuristics at the ISP side in Russia, no need to decrypt it at all.
"Triangle Boy" came BEFORE TOR by Anonymous Coward · 2014-07-26 21:54 · Score: 0

Additionally, "The software was developed using seed money from the CIA" -> http://en.wikipedia.org/wiki/T...
APK
P.S.=> Nobody on /. ever seems to have noted that (that I have seen @ least), so - "There you go": NOW, you know about it here... apk
Maybe it's me... by Anonymous Coward · 2014-07-27 13:59 · Score: 0

...but this is something I would honestly expect from the British.
Or maybe that's yet to come?
TOR DEVELOPERS READ by Anonymous Coward · 2014-07-31 02:08 · Score: 0

multipath tcp
http://threatpost.com/multipat...
http://labs.neohapsis.com/2014...