Slashdot Mirror

← Back to Stories (view on slashdot.org)

Russia Posts $110,000 Bounty For Cracking Tor's Privacy

Posted by Soulskill on from the what-happens-in-siberia-stays-in-siberia dept.

hypnosec writes: The government of Russia has announced a ~$110,000 bounty to anyone who develops technology to identify users of Tor, an anonymising network capable of encrypting user data and hiding the identity of its users. The public description (in Russian) of the project has been removed now and it only reads "cipher 'TOR' (Navy)." The ministry said it is looking for experts and researchers to "study the possibility of obtaining technical information about users and users' equipment on the Tor anonymous network."

14 of 98 comments (clear)

  1. Transparency FTW! by xfizik · · Score: 5, Insightful

    And they say Russia is too secretive. This is the pinnacle of transparency!

    1. Re:Transparency FTW! by EvilSS · · Score: 4, Insightful

      And they say Russia is too secretive. This is the pinnacle of transparency!

      It frightens me that this is both funny and insightful at the same time.

      --
      I browse on +1 so AC's need not respond, I won't see it.
    2. Re:Transparency FTW! by Tailhook · · Score: 5, Interesting

      Transparency? Oh Ye of Little Cynicism.

      They've already cracked TOR. This is the FSB attempting to convince Russia's dissidents that TOR is secure.

      Yay interwebs.

      --
      Maw! Fire up the karma burner!
    3. Re:Transparency FTW! by currently_awake · · Score: 2

      Given the pathetically low level of security at the NSA (Snowden was just a sub-contractor!) it's likely that everything they get is forwarded to the Russians, and given what we know of the NSA it's likely they have compromised TOR. So this probably is misdirection to fool the dissidents.

  2. TOR is a US-backed project by Anonymous Coward · · Score: 5, Informative

    Remember, TOR was made by the US Navy specifically to anonymize the traffic of government spies. The public release of the project and transfer to EFF and later parties was specifically to provide cover for said spies. The current developers even consult with the NSA regarding it's security, and the NSA itself has tools to deanonymize it to a certain extent. (It probably relies on the fact that they run a large amount of exit nodes.)

    Russia doesn't want to decrypt your packets. They want to decrypt the CIA/NSA/FBI traffic you're relaying around.

    1. Re:TOR is a US-backed project by Anonymous Coward · · Score: 5, Informative

      No, TOR was a project about creating the ability for people in repressive countries to be able to access the Internet in ways that their government was either blocking, or whose access could endanger the user since it was not in line with the government's decrees and/or filters.

      No, you're wrong and OP is right:

      http://cryptome.org/0003/tor-spy.htm

      Creators of TOR:
      David M. Goldschlag
      Michael G. Reed
      Paul F. Syverson
      Naval Research Laboratory

      More:

      http://www.onion-router.net/Publications/IH-1996.pdf
      http://www.isoc.org/inet97/proceedings/F7/F7_1.HTM
      http://www.onion-router.net/

      TOR Made for USG Open Source Spying Says Maker

      Date: Tue, 22 Mar 2011 16:57:39 -0400
      From: Michael Reed
      To: tor-talk[at]lists.torproject.org
      Subject: Re: [tor-talk] Iran cracks down on web dissident technology

      On 03/22/2011 12:08 PM, Watson Ladd wrote:
      > On Tue, Mar 22, 2011 at 11:23 AM, Joe Btfsplk wrote:
      >> Why would any govt create something their enemies can easily use against
      >> them, then continue funding it once they know it helps the enemy, if a govt
      >> has absolutely no control over it? It's that simple. It would seem a very
      >> bad idea. Stop looking at it from a conspiracy standpoint& consider it as
      >> a common sense question.
      > Because it helps the government as well. An anonymity network that
      > only the US government uses is fairly useless. One that everyone uses
      > is much more useful, and if your enemies use it as well that's very
      > good, because then they can't cut off access without undoing their own
      > work.

      BINGO, we have a winner! The original *QUESTION* posed that led to the
      invention of Onion Routing was, "Can we build a system that allows for
      bi-directional communications over the Internet where the source and
      destination cannot be determined by a mid-point?" The *PURPOSE* was for
      DoD / Intelligence usage (open source intelligence gathering, covering
      of forward deployed assets, whatever). Not helping dissidents in
      repressive countries. Not assisting criminals in covering their
      electronic tracks. Not helping bit-torrent users avoid MPAA/RIAA
      prosecution. Not giving a 10 year old a way to bypass an anti-porn
      filter. Of course, we knew those would be other unavoidable uses for
      the technology, but that was immaterial to the problem at hand we were
      trying to solve       (and if those uses were going to give us more cover
      traffic to better hide what we wanted to use the network for, all the
      better...I once told a flag officer that much to his chagrin). I should
      know, I was the recipient of that question from David, and Paul was
      brought into the mix a few days later after I had sketched out a basic
      (flawed) design for the original Onion Routing.

      The short answer to your question of "Why would the government do this?"
      is because it is in the best interests of some parts of the government
      to have this capability... Now enough of the conspiracy theories...

      -Michael

  3. Soooo .. by OzPeter · · Score: 5, Insightful

    I'm supposed to give an oppressive government details on how to crack a piece of software, and they'll give me (pinky to mouth) $100,000?

    This is the same government that plays around with nuclear tipped umbrellas isn't it? That likes to shoot down civilian planes? If so what guarantees do I have that 1) I'll get the money, or 2) that I'll live to tell the tale?

    --
    I am Slashdot. Are you Slashdot as well?
    1. Re:Soooo .. by hguorbray · · Score: 4, Insightful

      So who is the capitalist now?

      the Russians who are opening up this request for a solution to the marketplace

      or the Americans, who have a State agency (albeit staffed by contractors) which builds tools like this behind closed doors

      I must have overlooked the fact that this is opposite century or something....

      -I'm just sayin'

    2. Re:Soooo .. by houghi · · Score: 2

      No, you give the makers of TOR a reason to make it better. The fact that you might get money for this bug-reporting is a bonus.
      The same reason you should be telling the people that there are security leaks in any other software.

      --
      Don't fight for your country, if your country does not fight for you.
    3. Re:Soooo .. by John.Banister · · Score: 2

      You might want to check with these guys about promises to pay. I talked to a talented Russian once who told me that you get promises of money before you produce results and promises to let you live if you go away quietly after you produce results. Of course, if you're sufficiently talented at interpersonal politics, you may convince someone that they will see more benefit in the long run by cultivating a relationship with you now, but this money doesn't relate so much to their initial promise as to your negotiating skill.

    4. Re:Soooo .. by currently_awake · · Score: 2

      For the people this is targeted at 100,000 dollars is a very large amount of money. Imagine the hacker computer rig you could build with that! And imagine the street cred in finding holes in TOR (and patching them).

    5. Re:Soooo .. by billstewart · · Score: 2

      The Russians didn't shoot down that plane. Ukrainian separatists did, using missiles they got from the Russians.

      And it's not like the US hasn't accidentally shot down civilian aircraft before, if you remember that Iranian plane the USS Vincennes shot down.

      --

      Bill Stewart
      New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
  4. Re:Where's Snowden the second? by Shoten · · Score: 2

    Just get a low level tech to release some NSA docs to the Russians, instant $110k!

    Actually, the NSA attempted this, and didn't have consistent success. At least, not according to what Snowden revealed.

    --

    For your security, this post has been encrypted with ROT-13, twice.
  5. Catch up at the back by Anonymice · · Score: 2

    TOR's already broken!

    This, from last week:

    Black Hat anti-Tor talk smashed by lawyers' wrecking ball
    Boring Carnegie-Mellon University lawyers have scuppered one of the most hotly anticipated talks at the Black Hat conference – which would have explained how $3,000 of kit could unmask Tor hidden services and user IP addresses.