Russia's Plan To Crack Tor Crumbles

mspohr writes: It looks like Russia's effort to crack Tor was harder than they anticipated. The company that won the contract is now trying to get out of it. Bloomberg reports: "The Kremlin was willing to pay 3.9 million rubles ($59,000) to anyone able to crack Tor, a popular tool for communicating anonymously over the Internet. Now the company that won the government contract expects to spend more than twice that amount to abandon the project. The Central Research Institute of Economics, Informatics, and Control Systems—a Moscow arm of Rostec, a state-run maker of helicopters, weapons, and other military and industrial equipment—agreed to pay 10 million rubles ($150,000) to hire a law firm tasked with negotiating a way out of the deal, according to a database of state-purchase disclosures. Lawyers from Pleshakov, Ushkalov and Partners will work with Russian officials on putting an end to the Tor research project, along with several classified contracts, the government documents say."

Obfreakingligatory

In Soviet Russia, Tor cracks you!

Re:Obfreakingligatory

I'm pretty sure the only reason the "editors" accepted this story was for the ISR joke.

too hard or too cheap?

Sounds more like the problem was related to Russia only offering 60k for the effort.

Re:too hard or too cheap?

[Bengie]

But some fool was stupid enough to take the contract and not be able to deliver.

Re:too hard or too cheap?

Maybe that's who gave them the 150k to hire lawyers to get out of the contract... :) (Organized Crime countered with more money to drop the project)

Reminds me of a joke:
Guy#1: Help! I lost my wallet with $300, all my credit cards and ID in it. I will give $100 to anyone who finds it and gives it to me.
Guy#2: I'll give $200! ...

Re:too hard or too cheap?

[gl4ss]

not being able to deliver and taking money is the norm in Russia's business post USSR, so there's nothing new there.

seriously... it's one of the reasons the economy over there is so small compared to population.. and why people are still growing potatoes in the backyards out of absolute 100% necessity.

it's also why finland has had to build their fucking water treatment plants for them to keep their (literal) shit out of the gulf of finland.

Re:too hard or too cheap?

[AHuxley]

Re Cheap or Easy?
The GCHQ showed the easy way with its Temproa system https://en.wikipedia.org/wiki/...
The UK also put a lot of funding into signals intelligence modernisation programme (SIGMOD) over the past years too.
That allows the UK to reconcile all types of data created in the UK and sent with in the UK and other interesting communications magic.
Onion routing is then just another data set to match origin to destination on a gov or mil database every day.
Does Russia face the same network issues? Russia faces constant pressure from NATO backed, created and funded NGO and many well funded Western backed color revolution groups. Rather easy to find using classical police methods given huge funding and low public support numbers.
US and UK spy networks may test any Russian walk in offer with "internet" contact then if viable offer very advanced sat or low power wireless technology that is not internet based. Safe houses, sites for low power re transmission of data.
Russia fully understands what it faces politically and from a Western spy perspective. How safe is Onion routing from any well funded gov? As safe as it is from US federal police efforts as seen in open US courts. Onion routing is now within the normal budgets of any well funded federal police support unit globally.

Re:too hard or too cheap?

[gl4ss]

They are growing potatoes to get absolute 100% vodka.

not really. proper vodka is made from grain. near the fall of the ussr and post that they learnt to get by when stores were empty and pensions would only get you a loaf of bread. so they grew whatever to get by.

however, northern european(Finnish) moonshine was/is made from potatoes quite often and one of the reasons potatoes spread fast at one point...

Re:too hard or too cheap?

[Nephrite]

Pretty please don't base your posts on BBC broadcasts, I nearly split my sides reading your bullshit.

why don't they just pretend they cracked it?

[roman_mir]

Why not pretend they cracked it? For an oppressive government (read for any government) FUD is easily as important as reality, so why not pretend they cracked the system?

As to the company in question, they could easily set up fake 'tests' to show that they have some positive result, that wouldn't be that difficult. Putin is losing his iron fisted grip on his dick.

Re:why don't they just pretend they cracked it?

[jenningsthecat]

Why not pretend they cracked it?

More to the point, why not pretend they didn't crack it, so they could snoop at will with none of the users knowing about the ongoing breach?

Re:why don't they just pretend they cracked it?

Dear Mr. AC,

Putin pays trolls like these to promote anti-western comments.

Source: http://www.theguardian.com/world/2015/apr/02/putin-kremlin-inside-russian-troll-house

Re:why don't they just pretend they cracked it?

[Impy+the+Impiuos+Imp]

Well, the US claimed they couldn't crack TOR 2 years ago. Another deception flagging the moment they actually could?

So many possibilities in this forked fishbone analysis!

Re:why don't they just pretend they cracked it?

[fisted]

government [...] provid[ing] service[s] that one doesn't pay for out of one's own pocket

Hahahahaha. Oh, wow.

Re:why don't they just pretend they cracked it?

[esonik]

Yes, bad news. That's an almost sure sign that they did actually crack it.

Probably by running a sufficient number of nodes themselves.

Re:why don't they just pretend they cracked it?

[Sir_Eptishous]

Russians are not dumb. In fact, a lot of major software advances are coming from here.

FTFY

Ask the NSA

Maybe they should ask the NSA? Tor is not secure, this is a fact. Tor is a great tool for idiots to think they are covering their tracks. Actual nefarious things on the internet are not done through TOR.

Onion routing has failed.

Re:Ask the NSA

[mlw4428]

It's only failed because the NSA has taken over many of the end-points. Onion routing itself is not "broken" nor has it "failed". There are plenty areas of it that are very secure and very difficult to break. Some of the high profile cases were because of stupid mistakes that the site owners did (mixing email accounts/user IDs/other identifying information with external sources).

Re:Ask the NSA

[jandrese]

Attacks on TOR invariably work through good old social engineering or browser hacks. I have yet to see an article where someone was successfully tracked through TOR itself instead of some out of band attack. TOR itself isn't the problem, it's the users.

TOR can't help you if you run some random executable that some random guy on the drug trading message board asked you to run. Believe it or not, this is apparently a very common way for the FBI to catch TOR users, simply asking them to run a Trojan.

TOR hasn't failed, but it is not a magic bullet either. It is but one piece of a security system.

Re:Ask the NSA

None of the stories about how the feds busted the silk road guy add up. It's already demonstrated that the whole "I connected to the server and it gave me a public ip" story was bullshit: the server configuration had been entered into evidence and people reconstructed the server and discovered that it did not, in fact, serve up a captcha with the real IP (in fact, due to a server misconfiguration, it would serve a mysql admin page.) Or the one about the guy having a box of fake IDs mailed to himself from Canada that just so happened to be opened by customs?

The fact is, TORs developers openly admit that it is not secure against PRISM-level attacks that observe every packet on the internet. They cannot see what is in your packet, but they absolutely can see that your packet is sent to tor node A and 0.5ms later, a packet of the same size is sent to tor node B, which sends a packet of the same size to tor node C, and so on until it gets to the silk road or kiddieporn-r-us, or whatever. Then they can see the packets coming back the same route. This is all metadata. And to figure out where the silk road server is? Easy: they connect to it themselves and track their own packets.

Re:Ask the NSA

[AmiMoJo]

If it were feasible for the NSA to take over enough exit nodes to own the network in a way that wouldn't be noticed, why didn't this company simply suggest the same thing. Tell the government that the crack is you spend some tens of millions on servers, spread them around the world and collate all the data.

Running a very large number of exit nodes is not a practical attack.

Re:Ask the NSA

[jp10558]

This is why you need something like the old Freenet, except of course it's almost unworkable for normal users because of the crap that ends up on such a system, and the fact that it is only internal, so not much use for obscuring you connecting to internet sites, oh and it's slow as hell.

That's a shame...

[TrimTabTim]

The cat and mouse game between black-hats and FOSS developers in the end usually just makes the code better. When I read the original article back in Feb, I kind of thought it would be cool if they found a few Tor vuln's to fix, even if they exploited them for a while before the public discovered them.

But now Putin and his cronies are probably just going to get more aggressive with their anti-encryption stances, if that's even possible. It's all gonna backfire on them one day.

Re:That's a shame...

[phantomfive]

When I read the original article back in Feb, I kind of thought it would be cool if they found a few Tor vuln's to fix,

Maybe they did.

Are we forgetting some zeroes in this article?

[CastrTroy]

Are we forgetting some zeroes in this article? If it was so easy to break Tor that $59,000 would get the job done, I imagine that it would already be widely known how to crack it. That's less than the price of hiring a single coder for a year.

Re:Are we forgetting some zeroes in this article?

[Nutria]

If it was so easy to break Tor that $59,000 would get the job done

That much money in Elbonia buys a lot more than $59,000 in the US...

Re:Are we forgetting some zeroes in this article?

It buys more coders. But, Elbonian coders. Does it really buy more than in the US?

Re:Are we forgetting some zeroes in this article?

[AmiMoJo]

I think they were trying to save some money by being smart. Offer $60k, if no-one takes it start upping the price to see what the lowest bid is.

Unfortunately for them some idiot decided to take the $60k before realizing that $60bn wouldn't be enough.

Scope?

[s.petry]

Large issue not just in Russia, but all Governments. "We want you to do X" becomes a contract to do exactly "X" without anyone questioning what A-W will be required to get to X. Also, is X required or can we get by with W?

If that seems convoluted, apology and I can try to think of better descriptions.

Obviously this company agreed to do X. Sounds to me like in Russia you have to actually meet your contractual obligations. Unlike the US which would allow overruns, partial plans, and decades of run around until the project was cancelled. (Nope, I would rather be in the US than the USSR but if we don't admit our own problems we look like idiots complaining about others).

Re:Scope?

Sounds to me like in Russia you have to actually meet your contractual obligations. Unlike the US which would allow overruns, partial plans, and decades of run around until the project was cancelled

This
I was just thinking "Where's the abandonment clause in the contract?"
I also note that it's 10M rubles just to hire the law firm, let alone paying back the 3.9M they got for the job, or any fines.

On the other hand - it sounds very much like the USA - bosses agree to do X without asking a tech-type if it's even possible.

Re:Scope?

[s.petry]

I'm old, you have to cut me some slack. It was the "USSR" for nearly 40 years of my life.

Smokescreen

[qbast]

So they already cracked it and now they are trying to stage very public fiasco in order to convince everybody it is still safe. *dons tinfoil hat*

Re:Smokescreen

Of course this is the case. It was cracked long before they offered the contract. $60000 is an absurd funding level for a project of national security significance. If it were $60 million, then it would be at least plausible.

On the other hand, it could also be a double bluff. In that, they were unable to crack it and tried to make it look like they had.

Ultimately, TOR is of limited use in any nation that monitors traffic. It is just a matter of identifying anyone making a TOR connection, then progressively examining each person. That process can be entirely automated, at least in the US and NATO. It wouldn't take long to have a culled list of probable targets and raise a flag when they were communicating.

TOR makes people stick out, not blend in.

Re:Smokescreen

[quantaman]

Couple with the comment that claimed $59,000 isn't enough to crack Tor.
The whole thing was a decoy play. Publicly spread doubt in the security of the Tor system, then make a public statement that Tor remains uncompromised.

If you trust the government, you trust Tor, but have few if any reasons to use it.
If you distrust the government, you distrust Tor, but have the most reason to need a secure channel to use.

End result, Putin wins.

Possibly, though if I was trying to dodge the US or Iranian government I'd be worried by the fact that Russia thought $60k was enough to crack it.

If I was Russian I might be more likely to use Tor since this whole thing makes Russia look really incompetent when it comes to trying to handle Tor.

knowing Russia...

[Kinwolf]

Knowing the way Russia works, they probably actually cracked it but wants to appear like they didn't. Honestly, who is gonna follow up on that news to see that the negociation to get out of it truly happens? Exactly.

Seriously?

59'000$ for something that the NSA (acording to Snowden) could not crack... Really?? Is Putin watching too much russian TV?!

Re:Awwww!

[bancho]

The American government pays better.

No doubt about it Tor is broken

[WOOFYGOOFY]

For a long time in my mind there's been no doubt that Tor is broken, at least with respect to the powers available to the United States and its allies. Think about it. There are no where near a million Tor nodes and even fewer exit nodes, and a million servers is a rounding error in the DoD black budget for a year.

Sure, non DoD Tor nodes exist, but what % of them are p0wned? I'll hazard a guess; just that % required to make it statistically implausible that, combined with traffic analysis, context gleaned from exit nodes a handful of zero-days etc. etc. no one can use Tor and expect sustained anonymity from the government.

I actually think that's a good thing. Hear me out. For the general Tor user who just wants their ISP , nosy Shark Wire aware neighbor, political opponents, large corporations, website owners land various databrokers to fuck off, they have what they want For dissidents in oppressive nations, those nations probably can't muster the resources to de-anonymize Tor users. For very bad people who want to do very bad things, we can get them, with some effort.

I know this is a minority opinion, but I think that the opposing opinion is regressive. Once, it wasn't possible for a small group of non-nation-state individuals to wreak mayhem on millions of people at once.

Once, the amount badness that could be achieved by Bad Guys was a trade-off between the number of people the Bad Guys wanted to effect, the number of people the Bad Guys could enlist to help them and the degree of severity of the Badness itself. Not any more. This changes everything.

We are living more and more in a world in which a few or even one really fucked up person can reach out and kill. This is nothing but the advancement of technology, and it's not going to stop. That means the power of small groups gets larger and broader even as the size of that group spiral down to one.

How are we going to counter this general phenomena? I agree, that giving any government unchecked, unobservable, unlimited powers is always a bad idea. (Ironcially, I believe this because of the actions members of administrations who profess to want to "get government off our backs" and told us "government isn't the solution, it's the problem"- Oliver North, James Secord, Dick Cheney, Alberto Gonzales etc etc. )

But in the face of this hypothetical and not-always hypothetical threat we still have the facts on the ground with respect to advancing technologies and the leverage it gives just anyone.

I don't think the answer is to limit the power of government. We need that power to exist. I think the answer lies in the people being able to hold the government accountable and their actions rendered transparent to a degree that would shock most people today, both in and out of government. We need to radically re-think the national security 3rd-rail issues like national security classifications, clearances, Presidential directives, etc. etc.

It will tear this country apart if the government continues to do what it knows it needs to do in order to avert terrorism and societal chaos and the people continue to feel like they have no faith in the integrity of the processes and powers of the government- that it could at any moment turn the death ray on them, and probably will. That whole dynamic, the whole world view needs to be addressed and not just addressed but actually resolved by some radical out of the box thinking no one had done yet.

We can have both security and freedom, but it's not going to just arise naturally by continuing on with the status quo conceptual categories we are using now.

Re:No doubt about it Tor is broken

[gatfirls]

Would you consider a nation that spies on it's entire population oppressive? Do you never think there will be a time in which our government overreach will land us in another McCarthy era and use this kind of monitoring to have witch hunts?

In my opinion the inability to securely communicate is as much of a suppression of free speech as direct suppression.

Re:No doubt about it Tor is broken

Most of the folks working on Tor are skilled, conscientious security software programmers.
Many of the folks who operate the major Tor exit node projects are skilled, conscientious security-focussed sysadmins.

Remember a few other things:

* Tor does not protect against an adversary that can snoop enough of the network between you and any of the possible exit nodes to perform traffic analysis. It *never* has, and has *always* made this limitation *very* clear.

* Someone who records traffic flowing from a Tor exit node learns no more than someone who records traffic flowing through any given part of the Internet. Indeed, if your ISP were to snoop on your regular Internet traffic, they would be able to derive *far* more information from their surveillance than someone snooping an exit node.

* The US is *not* the only state-level actor with the capability to wiretap large sections of the internet.
* If Tor's effectiveness is substantially weakened, both law enforcement and intelligence agencies lose a *very* powerful clandestine intelligence-gathering tool. It's counter-productive for the major powers to work to undermine Tor.

Re:No doubt about it Tor is broken

[Ravaldy]

Would you consider a nation that spies on it's entire population oppressive?

Yes and that's been covered so many times here and in the media. People have spoken out and things are changing for the better (we hope). They know we are watching them so they'll either more careful or will adjust in favor of the public. What people expect now is transparency at almost all levels of government. It will take time but expect things to change UNLESS people stop caring about these issues.

In my opinion the inability to securely communicate is as much of a suppression of free speech as direct suppression.

The first amendment doesn't cover this black and white so it's still left for interpretation in courts. There have been cases where encryption was simply considered FUNCTION and not EXPRESSION.

Re:No doubt about it Tor is broken

[WOOFYGOOFY]

Yes exactly. Basically this holds true:

Civil Liberties = number of people it takes to do it / (degree of harm * number of people effected)

All kinds of violence can be categorized using this

Examples:

normal person on person crime:
Large number of people to do small harm to small number of people (aka , normal life) Civil Liberties not effected (stays around 1)

war
large number of people to do large harm to large number of people (aka war) civil liberties might go down (as they do at war time)

humdrum terrorism
small number of people to do large harm to small (1000s at most) number of people. Civil liberties start to be noticeably effected. It starts to become structural.

supercharged terrorism
small number of people, tending towards one, render high degree of damage (death) to large numbers of people (tens of thousands, millions, everyone...). Civil Liberties severely curtailed , eliminated or redefined by public demand. It's structural and it's permanent.

We want to do everything we can to never reach the last one. This may involve redefining notions which in the face of scientific progress prove themselves to be outdated and archaic.

Re:No doubt about it Tor is broken

[WOOFYGOOFY]

OK there's a difference between ability to do something and the actual doing of it. No government organization can contemplate the exchanges between all people, much less all people all the time. But they have the ability to zero in people if they believe it's warranted. That's how it's always worked. That's how it is now. The ability to tap a phone was always there, but not all phones were tapped.

Now, in a sense, all phones ARE tapped, but they don't have the ability to listen to all that, so they're NOT tapped in the sense of they're listening in. Looked at in this way, the concept of "tapped" has been deconstructed into its constituent parts- recording the fact of the call, and human awareness of what was said , followed by action. "Tap" used to imply both of those things.

You have the right to not incriminate yourself, as ever. The right to remain silent (in the US, but not really in the UK, which is shocking to Americans). But the police had always had the power to subpoena witnesses, material, phone records etc.

I am not suggesting anyone take the expansion, ease and ubiquity of these police powers without trepidation. I would like to see more worry about them. In response to that worry I would like to see structural, inspectable safeguards, unassailable and possibly anonymous (to the police) overseers, and severe, crippling life-ruining punishment for anyone, at any position of government who abuses them to any degree or anyone who covers up the same, lies about the same to Congress ever for any reason (Clapper) without exception and anyone who knows about the same, but does not report it to a disconnected, legally unassailable watchdog.

But as time goes on, we will trend towards wanting greater and greater transparency of all individuals, at will, anywhere and everywhere and at any and all times, both in and out of government.

That's just where we're being forced by both constructive and destructive advances in technology.

Re:No doubt about it Tor is broken

[SuricouRaven]

I'd say about 1/3 run by the US government... another third by China, and the rest by Russia.

Re:No doubt about it Tor is broken

[WOOFYGOOFY]

>> Do you never think there will be a time in which our government overreach will land us in another McCarthy era and use this kind of monitoring to have witch hunts?

Yes absolutely. In my mind, there's no doubt that if Cheney at. al. had had the powers we have today when they first started their governmental careers we'd have disappeared political opposition, people framed and ruined, entire departments of government at the end of a short blackmail chain. All in the name of "national security", because their opponents' policies would have endangered us all. Even today, Cheney actually makes this claim in the media against Obama. What do you think he would have done to candidate Obama if he had had the chance? After all, national security.

One source of hope ()and that's all it is really) that this won't materialize is that the people who come of age with this technology won't abuse it just because they've grown up in a time in which fear of it's abuse was discussed in the larger culture, and they don't want to be The Bad Guy. that is, they've absorbed society's norms and values and won't contradict them.

If that sounds too optimistic to you, sociopaths like Gonzales, Cheney and Oliver North have a preternatural ability to rise to the top of organizations, then you like me are more interested in structural solutions to the McCarthy problem.

What are those solutions? We don't know, but they must be brought into existence.

Re:No doubt about it Tor is broken

[AmiMoJo]

There are some flaws in your theory. For example, if the US is willing to try to gain control of enough of the exit nodes to break Tor, then other countries will too. It will become an arms race to install the most exit nodes. I'm sure China would be in on that game for a start.

Running a lot of exit nodes would also come to the attention of people who work on Tor pretty quickly. It would require a massive effort to distribute them geographically, and to configure and administer them in a way that obfuscated their ownership. While possible, it's at the the fake-moon-landing level of massive conspiracy. What we have seen of the NSA and GCHQ leaks suggests that they do not have that capability, at least not on that scale.

In any case, say the NSA has cracked Tor. Okay, what does that mean for people using Tor? For most of them, not much. The NSA would never give away the fact that it can unmask Tor users just to go after some drug dealer, paedophile or mid ranking terrorist. Maybe even Bin Laden would have been considered too low value to use it on, when we know it is in use by governments and other spy agencies.

We are talking about a theoretical, improbable attack that would likely be detected, and only ever used against extremely high value targets in cases where the information can be explained in other ways or kept super top secret. We know from leaked NSA and GCHQ documents that at least a few years ago, when such an attack would still have been possible, they hadn't done it and were unable to crack Tor, instead relying on the user making mistakes.

Meaning nothing

[Bugler412]

So either they successfully cracked it and are done and want to look they failed. Or they actually failed to crack it and they want out of the deal. Either way, we know nothing more. This article offers no useful information at all.

Re:Meaning nothing

that haven't cracked shit. Tor works like it says it does. The problem is the end points and the fact that GO's are running enough them to de-anonymize traffic flowing over them.

Re:Meaning nothing

[KGIII]

I should have said this further up the thread but, oh well...

Stop using TOR as a proxy, assholes. (I do not mean you, specifically.) Stop downloading torrents through it, assholes. TOR is fine so long as you remain on the .onion domains - as soon as you go into the clear-net you are subject to monitoring. They can, and will, be able to use traffic shaping and timing to determine who you are and where you are going. It has been like this since the start and will remain like this forever.

It was not meant to use for browsing the regular web. It sure as shit wasn't meant so that you could go to Facebook. It sure as hell isn't meant for torrents. Use it for browsing .onion sites. That is all.

You can use it to bypass some filters. That's fine. You'll still be subject to tracking.

Shit, shit, shit...

[fuzzyfuzzyfungus]

What are we going to do? The commies have clearly discovered a way to replicate our advanced 'unreliable an underperforming military contractor' technology and are now working on perfecting it! How can freedom survive this onslaught?

Whether TOR is cracked or not..

[mindmaster064]

It think the best use of it is hiding your IP from every site, and adding another layer of encryption. If you need message security use a message security encryption, and if you need a file encryption use the right tool. Assuming anything on the Internet isn't clear text at all times is just being foolish -- even if the site you are on uses HTTPS it is possible that they are hacked, etc...

Re:*faaart*

Sex Conker got some new material?

Of course if you crack an encryption system

[nedlohs]

The first thing you would want to do is convince everyone else that you failed.

Re:Of course if you crack an encryption system

[erapert]

We'll know which depending on what happens to the underpaid crackers.
If the underpaid crackers are arrested and disappeared then we know they failed.
If the underpaid crackers are able to finagle their legal way to getting out of the contract yet continue to bring in more government contracts then we know they succeeded and that their "failure" was a lie.

Russia out of crumbles

[Blaskowicz]

but apparently they have a lot of crack!
It's not really my thing, though. I don't want to smoke their crack and find myself wanting it again. If I were Russian I would keep my crumbles, thanks.

Re:No, Jackass

[s.petry]

The reason we have cost overruns is because we're willing to take a risk and follow up on potential solutions.

Ha ha ha, OMFG! oh.. wait.. wait... you haf tah .. HAHAHA!!

Okay, now that I can breath. You go tell it to an ignorant person who has not worked in the defense arena or served in or near a government office. You have a chance at bullshitting the ignorant.

As for myself, I'm a veteran of the US Army and worked in the Defense area for a very long time (just not within the last few years). I know the games played on both sides of that fence.

Re:Awwww!

[Coren22]

http://www.networkworld.com/ar...
http://arstechnica.com/securit...

Who says TOR wasn't cracked long ago?

The solution is SAP

[JustAnotherOldGuy]

The solution is SAP, or course. If they'd just hired SAP for this project they could have wasted all that money up front without the need for a middleman.

Freedom Host Canary died

The canary on Tor was Freedom Host, as long as Freedom Host was singing Tor worked well enough, when the silk road was closed (twice, two different versions from two different crooks, second closure looked routine like it was automated!), Tor was gone. If I was a Chinese dissident, or a North Korean one or under a dictator like Assad, I would assume Tor does not work and would not trust it.

I don't think smaller government has anything to do with it, it was funded by the US government so dissidents could communicate freely, and that was good.

And it was attacked by other agents of the US Government, and that was right too. That was their job.

But it turns out those attackers have gone beyond attacking, and actually *subverting* the technology to make their attacks easier, that's the problem right there. These back doors in US tech. Some of them appear deliberate, others a function of the NSA getting zero day notices before the patch arrives. Tor looks backdoored.

In Fascist Germany, TOR is broken!

[Thor+Ablestar]

There is a lot of Soviet films about the Nazis attempting to catch a Soviet agent by selectively powering down the city blocks.

The same method is fully applicable to TOR. You just make a connection to TOR node you try to find and then block/delay anything except well known ports for, say, 5 seconds. If your traffic is correspondingly delayed then you have blocked the part of the network which contains either intermediate or end node. And you can do it in parallel for all the known TOR hidden nodes.

You need a control of all the network but it's quite simple since all the main Internet providers are state monopolies. Also, the infrastructure for doing it is being built due to the internet filtering laws.

The cloud storage networks seem more promising in these circumstances since it's impossible to find post factum who inserted the info to the cloud.

Re:In Fascist Germany, TOR is broken!

[AHuxley]

Very good point, just drop connections, suspected users accounts are logged and see if the traffic stops per user :)

Re:Awwww!

[KGIII]

I suspect you mean, where do they go? Where they come from, normally, is a fine higher learning institution. I, myself, attended such an institute and was exposed to many brilliant people. A number of mathematicians remain in academia, some go into the private sector, and some of the best work in the government (which is what I expect you were looking for). However, I've no numbers for this, but I can assure you that there are a great many remaining in the other sectors - many of whom are quite capable.

Seeing as you asked, or insinuated that one should, I figure you may as well get an answer from someone who is actually a mathematician. I suspect you're attempting to claim that the best mathematicians go to work in the government. This is not entirely true. I, personally, ended up modeling traffic and working for the government (contractually) much of the time. My company, however, was privately owned and did not work exclusively with a single government and also expanded into pedestrian traffic models.

Also, I am nearly done with my vacation/wanderlust. Not that is important but I felt it was something worth adding.

low ball much?

[sixsixtysix]

$59k isn't very much for what they want. the value of cracking tor should be measured in the millions.

Re: What a latest technology to crack easily

[axlworldstore]

Technology is going to blow up the world and can not able to save at own. So be prepare for that. No data file will be secure from internet.