Russian Government issued a Tender to crack Tor

The Russian government has launched a public competition, reserved to Russian entities, offering $111,000 to break Tor encryption.

As anticipated in my previous post, law enforcement agencies and intelligence all over the world are investing to de-anonymize users in the deepweb, and in particular on Tor networks. Hacking Tor is a goal for many Intelligence agencies as demonstrated also by the collection of documents leaked by Edward Snowden, that explicitly refers to a project named ‘Tor Stinks’ which has the scope to track Tor users.

Russia’s Interior Ministry (MVD) has posted a tender to recruit companies and organization which are interested to “study the possibility of obtaining technical information about users (user equipment) TOR anonymous network”. The Russian Government is offering almost 4 million rubles, approximately $111,000, for the development of technology to decrypt data sent over the Tor and identify Tor users.

The tender, titled “Perform research, code ‘TOR’ (Navy),” was posted on July 11th on the official procurement website.

The competition is arranged by the Russian Government “in order to ensure the country’s defense and security.”

I asked a colleague to help me to translate the original tender, the spelling of “TOP” comes from that original document (all-caps, Russian transliteration). The tender is about the Tor indeed. The term “Scientific Production Association” (Научно -производственное Объединение) is a Soviet/Russian cover word for a military or a KGB/FSB R&D outlet. The one in question belongs to the Interior Ministry which is in charge of police and penitentiary.

The tender requires active security clearance specifically in the LI (though I wonder if “legal” is applicable to Russia at all) and a general high level security clearance.

The tender reports that companies that intend to take part in the competition have to pay a 195,000 ruble (about $5,555) application fee. The Russian Government wants to break the encryption used to anonymize the users’ web experience in Tor Network, Russian Government is aware that foreign Intelligence agencies are working to similar projects and ordinarily use the popular network.

The Tor network is widely used by digital activists and individuals in critical areas of the planet to avoid censorship operated by governments like Iran and China, today the project is managed by a nonprofit group, that is also financed by the US Government, and counts 2,5M users worldwide as reported in the graph below.

The Tor is perceived by the Russian Government as a serious threat, its use, like the adoption of any other anonymizing tool, is “discouraged” by the Kremlin.

Although, the Russian Government isn’t unique one that is trying to de-anonymize Tor, the FBI for example exploited a zero-day flaw in the Firefox browser to identify Tor users for its investigation on child-pornography, the code used is considered the first sample captured in the wild of the FBI’s “computer and internet protocol address verifier,” aka CIPAV, the law enforcement spyware first reported by WIRED in 2007.

Recently German broadcaster ARD reported that NSA experts were monitoring two Tor directory servers in Germany to de-anonymize IP addressed of Tor users using them.

Lets’ close this post with another curious case, early this year researchers Philipp Winter and Stefan Lindskog of Karlstad University in Sweden, identified 25 nodes of Tor network that tampered with web traffic, decrypted it and censored websites.

The experts discovered that a not specified Russian entity was eavesdropping exit nodes at the edge of the Tor network, the attackers appeared to be particularly interested in users’ Facebook traffic. On the overall nodes compromised, 19 were tampered using a man-in-the-middle attacks on users, decrypting and re-encrypting traffic on the fly.

Who is spying on Tor network exit nodes from Russia?

Is it another attempt of the Russian Government to compromise the Tor anonymity?

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Tor network, Russia Government)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.