Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Saturday July 26 2014, @12:58PM   Printer-friendly
from the how-long-will-TOR-resist? dept.

International Business News reports that Russia is offering $111,000 to any citizen who can crack the popular encrypted Tor network.

FTFA:

The Russian federal government is concerned about the number of people using Tor to anonymously surf the web in the country and has set up a competition to find a technological solution to solve the problem.

The Russian Ministry of Internal Affairs (MIA) is offering 3.9 million roubles ($111,000, £65,370) to researchers who will "study the possibility of obtaining technical information about users and users equipment on the Tor anonymous network," according to a translated version of the proposal. In order to apply, entrants must pay 195,000 roubles, and foreigners are not allowed to enter the competition, in order to ensure the "defence and security" of the Russian Federation.

I imagine a lot of Russian crackers will be right on this.

Related Stories

Tor Says Feds Paid Carnegie Mellon $1M to Help Unmask Users 28 comments

Wired and others are reporting on a Tor blog post claiming that Carnegie Mellon University researchers were paid by the Federal Bureau of Investigation to help attack Tor hidden services:

"Apparently these researchers were paid by the FBI to attack hidden services users in a broad sweep, and then sift through their data to find people whom they could accuse of crimes," Dingledine writes. "Such action is a violation of our trust and basic guidelines for ethical research. We strongly support independent research on our software and network, but this attack crosses the crucial line between research and endangering innocent users."

Tor's statement all but confirms that Carnegie Mellon's attack was used in the late 2014 law enforcement operation known as Operation Onymous, carried out by the FBI and Europol. That dark web purge took down dozens of Tor hidden services, including several of the most popular Tor-based black markets for drugs including the Silk Road 2, and led to at least 17 arrests. Tor, for its part, has made efforts to subsequently block the attack, which it says it first detected in July of 2014.

When WIRED contacted Carnegie Mellon, it didn't deny the Tor Project's accusations, but pointed to a lack of evidence. "I'd like to see the substantiation for their claim," said Ed Desautels, a staffer in the public relations department of the university's Software Engineering Institute. "I'm not aware of any payment," he added, declining to comment further.

Tor's Dingledine responded to that call for evidence by telling WIRED that it identified Carnegie Mellon as the origin of the attack by pinpointing servers running on Tor's network that were used in the de-anonymization technique. When it asked Carnegie Mellon if the servers were being run by its researchers—a suspicion based on the canceled Black Hat conference presentation—the anomalous servers disappeared from the network and the university offered no response. The $1 million payment, Dingledine says, was revealed to Tor by "friends in the security community."

Previously:

July 26, 2014: Russia Offers $111,000 to Break TOR Anonymity Network
September 30, 2014: Tor Executive Hints at Firefox Integration
November 8, 2014: Huge Raid to Shut Down 400-plus DarkNet Sites
November 10, 2014: Tor Project Mulls How Feds Took Down Hidden Websites
November 17, 2014: Is Tor a Honeypot?
December 22, 2014: Servers Seized After Tor Developers Warn of Potential Government Attempt To Take Down Network


Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Insightful) by No.Limit on Saturday July 26 2014, @01:19PM

    by No.Limit (1965) on Saturday July 26 2014, @01:19PM (#74166)

    If the information about how to attack TOR gets released/leaked this could be actually good for the TOR project.

    Every security system should get extensively reviewed and exposed to strong attacks.

    If they fail, we get more confidence in its security. If they succeed and we find out how, we find the weakness and can possibly design a better more secure system.

    Anything else would go into the direciton of security through obscurity.

    • (Score: 3, Insightful) by present_arms on Saturday July 26 2014, @01:26PM

      by present_arms (4392) on Saturday July 26 2014, @01:26PM (#74168) Homepage Journal

      If they do succeed but fail to release/leak how and what, then that can't be good. That could lead to a false sense of security with people using the network and being spied upon. I really hope if it is cracked they do release for the reasons you have already mentioned.

      --
      http://trinity.mypclinuxos.com/
      • (Score: 3, Interesting) by No.Limit on Saturday July 26 2014, @01:53PM

        by No.Limit (1965) on Saturday July 26 2014, @01:53PM (#74174)

        That's true, but considering that the competition is for researchers and probably crackers, I think there is a high chance that the information will be released or leaked soon.
        Both groups probably wouldn't like if the government could use the information exclusively.

        • (Score: 4, Insightful) by present_arms on Saturday July 26 2014, @01:58PM

          by present_arms (4392) on Saturday July 26 2014, @01:58PM (#74175) Homepage Journal

          Totally agree with you, But the Gov could without recourse use the information exclusively, I find that scary.

          --
          http://trinity.mypclinuxos.com/
          • (Score: 5, Insightful) by janrinok on Saturday July 26 2014, @02:42PM

            by janrinok (52) Subscriber Badge on Saturday July 26 2014, @02:42PM (#74181) Journal

            Its funded by the Russian Government, and non-Russians are not eligible to take part. I strongly suspect that the results will not be released. Then you will never know if 'they' can crack the system that 'we' believe cannot yet be broken. The Russian Government could always say that they have paid the prize to "made-up-name", a cracker who wishes to remain anonymous. As TOR is used by lots of legal users who have legitimate reasons for wanting to stay untraceable, would your Government rely on a system that another Government claims to have defeated?

            • (Score: 5, Insightful) by Anonymous Coward on Saturday July 26 2014, @03:12PM

              by Anonymous Coward on Saturday July 26 2014, @03:12PM (#74185)

              Or the government can lie and claim that it 'cracked' the system or found weaknesses simply to deter others from using it when all of the 'weaknesses' found are either inconsequential or already well known. In fact maybe that's what Russia is planning all along.

    • (Score: 5, Interesting) by Horse With Stripes on Saturday July 26 2014, @04:43PM

      by Horse With Stripes (577) on Saturday July 26 2014, @04:43PM (#74197)

      If they succeed they will announce that it failed so they have an upper hand. This is a trap for whomever breaks Tor. I bet one of the reasons they only have it open to Russian citizens is so when that person disappears there isn't another government inquiring into the disappearance.

    • (Score: 2, Informative) by Adamsjas on Saturday July 26 2014, @05:57PM

      by Adamsjas (4507) on Saturday July 26 2014, @05:57PM (#74221)

      I thought the NSA (and friends) already cracked this, its just more work for them, but I understood they already controlled large numbers of exit nodes anyway.
      http://www.counterpunch.org/2014/07/18/the-nsa-wants-you-to-trust-tor-should-you/ [counterpunch.org]

      Did I get it wrong?

      • (Score: 2) by elf on Sunday July 27 2014, @09:31AM

        by elf (64) on Sunday July 27 2014, @09:31AM (#74351)

        I'm not sure they have "cracked" TOR, the bit inside is still quite secure. But I get your point that the security agencies have probably compromised a chunk of the exit nodes to monitor traffic. The good news is the number of exit nodes is steadily increasing (doubled in last 2 years), assuming these aren't all compromised nodes it will be hard and hard to analyse the traffic.

  • (Score: 3, Funny) by LoRdTAW on Saturday July 26 2014, @05:11PM

    by LoRdTAW (3755) on Saturday July 26 2014, @05:11PM (#74204) Journal

    Comrade Snowden has asked Putin if the Russian government is spying on its citizens and Putin said no! So I doubt any vulnerabilities found will be used for anything nefarious. This is a good thing for the TOR project and the citizens of the world. Nothing to worry about. Nope... nothing at all.

  • (Score: 2, Interesting) by be4verch33se on Saturday July 26 2014, @05:42PM

    by be4verch33se (1994) on Saturday July 26 2014, @05:42PM (#74216)

    So you have to pay roughly 5 grand for the potential of one person winning 110? Doesn't sound like a very good deal to me even if it was a straight up lottery let alone a competition.

  • (Score: 3, Interesting) by Grishnakh on Sunday July 27 2014, @02:04AM

    by Grishnakh (2831) on Sunday July 27 2014, @02:04AM (#74299)

    ... for the Russian government. I wouldn't be surprised to see Obama do the same thing: "we need computer security experts to solve xyz problem! It only costs $10,000 to enter the competition, but you could win $20 million!!"