Slashdot Mirror
Russia's Plan To Crack Tor Crumbles
mspohr writes: It looks like Russia's effort to crack Tor was harder than they anticipated. The company that won the contract is now trying to get out of it. Bloomberg reports: "The Kremlin was willing to pay 3.9 million rubles ($59,000) to anyone able to crack Tor, a popular tool for communicating anonymously over the Internet. Now the company that won the government contract expects to spend more than twice that amount to abandon the project. The Central Research Institute of Economics, Informatics, and Control Systems—a Moscow arm of Rostec, a state-run maker of helicopters, weapons, and other military and industrial equipment—agreed to pay 10 million rubles ($150,000) to hire a law firm tasked with negotiating a way out of the deal, according to a database of state-purchase disclosures. Lawyers from Pleshakov, Ushkalov and Partners will work with Russian officials on putting an end to the Tor research project, along with several classified contracts, the government documents say."
In Soviet Russia, Tor cracks you!
Sounds more like the problem was related to Russia only offering 60k for the effort.
Why not pretend they cracked it? For an oppressive government (read for any government) FUD is easily as important as reality, so why not pretend they cracked the system?
As to the company in question, they could easily set up fake 'tests' to show that they have some positive result, that wouldn't be that difficult. Putin is losing his iron fisted grip on his dick.
You can't handle the truth.
The poor widdle tywanny can't cwack a widdle cipher. My heart bleeds.
Maybe they should ask the NSA? Tor is not secure, this is a fact. Tor is a great tool for idiots to think they are covering their tracks. Actual nefarious things on the internet are not done through TOR.
Onion routing has failed.
The cat and mouse game between black-hats and FOSS developers in the end usually just makes the code better. When I read the original article back in Feb, I kind of thought it would be cool if they found a few Tor vuln's to fix, even if they exploited them for a while before the public discovered them.
But now Putin and his cronies are probably just going to get more aggressive with their anti-encryption stances, if that's even possible. It's all gonna backfire on them one day.
Are we forgetting some zeroes in this article? If it was so easy to break Tor that $59,000 would get the job done, I imagine that it would already be widely known how to crack it. That's less than the price of hiring a single coder for a year.
Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
Large issue not just in Russia, but all Governments. "We want you to do X" becomes a contract to do exactly "X" without anyone questioning what A-W will be required to get to X. Also, is X required or can we get by with W?
If that seems convoluted, apology and I can try to think of better descriptions.
Obviously this company agreed to do X. Sounds to me like in Russia you have to actually meet your contractual obligations. Unlike the US which would allow overruns, partial plans, and decades of run around until the project was cancelled. (Nope, I would rather be in the US than the USSR but if we don't admit our own problems we look like idiots complaining about others).
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
So they already cracked it and now they are trying to stage very public fiasco in order to convince everybody it is still safe. *dons tinfoil hat*
Knowing the way Russia works, they probably actually cracked it but wants to appear like they didn't. Honestly, who is gonna follow up on that news to see that the negociation to get out of it truly happens? Exactly.
Maybe they cracked it and this is just a misdirection. Very doubtful though. Also, $59k seems like WAY too little to for such value as cracking TOR.
At first I thought "Good it wasn't broken", then I thought "If they were able to break it what would they do .... uh oh!". Its probably just because I saw "The Imitation Game" a few months ago but "Who Really Knows" (TM).
59'000$ for something that the NSA (acording to Snowden) could not crack... Really?? Is Putin watching too much russian TV?!
For a long time in my mind there's been no doubt that Tor is broken, at least with respect to the powers available to the United States and its allies. Think about it. There are no where near a million Tor nodes and even fewer exit nodes, and a million servers is a rounding error in the DoD black budget for a year.
Sure, non DoD Tor nodes exist, but what % of them are p0wned? I'll hazard a guess; just that % required to make it statistically implausible that, combined with traffic analysis, context gleaned from exit nodes a handful of zero-days etc. etc. no one can use Tor and expect sustained anonymity from the government.
I actually think that's a good thing. Hear me out. For the general Tor user who just wants their ISP , nosy Shark Wire aware neighbor, political opponents, large corporations, website owners land various databrokers to fuck off, they have what they want For dissidents in oppressive nations, those nations probably can't muster the resources to de-anonymize Tor users. For very bad people who want to do very bad things, we can get them, with some effort.
I know this is a minority opinion, but I think that the opposing opinion is regressive. Once, it wasn't possible for a small group of non-nation-state individuals to wreak mayhem on millions of people at once.
Once, the amount badness that could be achieved by Bad Guys was a trade-off between the number of people the Bad Guys wanted to effect, the number of people the Bad Guys could enlist to help them and the degree of severity of the Badness itself. Not any more. This changes everything.
We are living more and more in a world in which a few or even one really fucked up person can reach out and kill. This is nothing but the advancement of technology, and it's not going to stop. That means the power of small groups gets larger and broader even as the size of that group spiral down to one.
How are we going to counter this general phenomena? I agree, that giving any government unchecked, unobservable, unlimited powers is always a bad idea. (Ironcially, I believe this because of the actions members of administrations who profess to want to "get government off our backs" and told us "government isn't the solution, it's the problem"- Oliver North, James Secord, Dick Cheney, Alberto Gonzales etc etc. )
But in the face of this hypothetical and not-always hypothetical threat we still have the facts on the ground with respect to advancing technologies and the leverage it gives just anyone.
I don't think the answer is to limit the power of government. We need that power to exist. I think the answer lies in the people being able to hold the government accountable and their actions rendered transparent to a degree that would shock most people today, both in and out of government. We need to radically re-think the national security 3rd-rail issues like national security classifications, clearances, Presidential directives, etc. etc.
It will tear this country apart if the government continues to do what it knows it needs to do in order to avert terrorism and societal chaos and the people continue to feel like they have no faith in the integrity of the processes and powers of the government- that it could at any moment turn the death ray on them, and probably will. That whole dynamic, the whole world view needs to be addressed and not just addressed but actually resolved by some radical out of the box thinking no one had done yet.
We can have both security and freedom, but it's not going to just arise naturally by continuing on with the status quo conceptual categories we are using now.
What moron would take a government contract for $59,000? Tor is not safe, but it's not going to fall to an amateur team that takes a contract for $59,000 lol.
but the CIA actively funds it, it's the only reason the russians wanted to crack it it - to expose the cia ass arseholes
So either they successfully cracked it and are done and want to look they failed. Or they actually failed to crack it and they want out of the deal. Either way, we know nothing more. This article offers no useful information at all.
The reason we have cost overruns is because we're willing to take a risk and follow up on potential solutions.
Hey, think you could do this thing that looks impossible? ... if it's possible, it's going to take at least $$$$ manhours + materials, and might not work.
Well, we'll take a look for $price.
At this point, you can say, I'll give uyou $$ if you succeed, and your bidders will say "fuck you" and walk, Alternatively, you can say, I'll give you $$$ to work on it for a year. Then after a year, you pay them for that first year of work, and then decide whether or not they've made enough progress to continue funding it. Turns out that hard problems are generally hard problems, and that when you, the government, keep changing the fucking objective of the project, well, yeah, it's going to take more time and effort to get to whatever it is you think you want this week.
The problem is completely the government. Our profit is fixed by schedule, and for things wher eyou don't know what you want, well, we're going to take a percentage of profit because we don't believe you will ever decide what you want.
What are we going to do? The commies have clearly discovered a way to replicate our advanced 'unreliable an underperforming military contractor' technology and are now working on perfecting it! How can freedom survive this onslaught?
It think the best use of it is hiding your IP from every site, and adding another layer of encryption. If you need message security use a message security encryption, and if you need a file encryption use the right tool. Assuming anything on the Internet isn't clear text at all times is just being foolish -- even if the site you are on uses HTTPS it is possible that they are hacked, etc...
Sex Conker got some new material?
The first thing you would want to do is convince everyone else that you failed.
OMG It's Billy the Kid! Hey Billy!
Bartender: Hey everyone, Billy the Kid is here
Billy the Kid: Hee haw! Hee haw! Hee haw!
but apparently they have a lot of crack!
It's not really my thing, though. I don't want to smoke their crack and find myself wanting it again. If I were Russian I would keep my crumbles, thanks.
They got a call from the NSA saying "Don't fuck with our honeypot."
The solution is SAP, or course. If they'd just hired SAP for this project they could have wasted all that money up front without the need for a middleman.
Just cruising through this digital world at 33 1/3 rpm...
See subject:.. Via hosts & my program that imports data from 10 reputable security community sources for blocking a myriad of threats from online - what have YOU done better, Mr. "wannabe security guru" (that can't prove that much about himself either)?
You're a PROVEN hypocrite I utterly SPANKED today, using your own stupidity to do it -> http://tech.slashdot.org/comme...
APK
P.S.=> What's that about using admin priveleges again, Coren22? How many programs do you use that YOU HAD TO USE IT YOURSELF, stupid?? Unbelievable... little troll moron TROLLS ME 1st & is "upset" that I am doing it back now, finally?? Make me laugh some more, you little "ne'er-do-well" technically incompetent little bullshit artist do nothing fool... apk
The canary on Tor was Freedom Host, as long as Freedom Host was singing Tor worked well enough, when the silk road was closed (twice, two different versions from two different crooks, second closure looked routine like it was automated!), Tor was gone. If I was a Chinese dissident, or a North Korean one or under a dictator like Assad, I would assume Tor does not work and would not trust it.
I don't think smaller government has anything to do with it, it was funded by the US government so dissidents could communicate freely, and that was good.
And it was attacked by other agents of the US Government, and that was right too. That was their job.
But it turns out those attackers have gone beyond attacking, and actually *subverting* the technology to make their attacks easier, that's the problem right there. These back doors in US tech. Some of them appear deliberate, others a function of the NSA getting zero day notices before the patch arrives. Tor looks backdoored.
Russian [people] are not dumb. They saw how the election did a sudden turn and Putin snatched victory in impossible voting. The projection of all Russians loving Putin is really a Putin message.
That $59000 is sooo small, it wouldn't even cover a pre-quote in the West, and that reminds us, that Russia is a tiny bluff economy pumped up with oil money. The oil price is low and Putin is struggling to keep the populace distracted from the economy. Attacking neighbors and sending planes around Syria.
However that doesn't mean he is capable of much beyond his own country.
Really I think Europe at this point should re-take Georgia and Ukraine while Putin is pooting around Syria. His military is small and he bravado big.
There is a lot of Soviet films about the Nazis attempting to catch a Soviet agent by selectively powering down the city blocks.
The same method is fully applicable to TOR. You just make a connection to TOR node you try to find and then block/delay anything except well known ports for, say, 5 seconds. If your traffic is correspondingly delayed then you have blocked the part of the network which contains either intermediate or end node. And you can do it in parallel for all the known TOR hidden nodes.
You need a control of all the network but it's quite simple since all the main Internet providers are state monopolies. Also, the infrastructure for doing it is being built due to the internet filtering laws.
The cloud storage networks seem more promising in these circumstances since it's impossible to find post factum who inserted the info to the cloud.
$59k isn't very much for what they want. the value of cracking tor should be measured in the millions.
...
Technology is going to blow up the world and can not able to save at own. So be prepare for that. No data file will be secure from internet.