Saturday, 26 July 2014

HACKING COMPETITION: Russian Government Offers $111,000 For Cracking Tor Anonymity Network

HACKING COMPETITION:

Russian Government Offers $111,000 For Cracking Tor Anonymity Network

Sunday, July 27, 2014

anonymity , bug bounty , Cracking Tor Network , encrypted communication , NSA , Russian hackers , tor , Vulnerability

The Russian government is offering almost 4 million ruble which is approximately equal to $111,000 to the one who can devise a reliable technology to decrypt data sent over the Tor, an encrypted anonymizing network used by online users in order to hide their activities from law enforcement, government censors, and others.

The Russian Ministry of Internal Affairs (MVD) issued a notice on its official procurement website, originally posted on July 11, under the title “Perform research, code ‘TOR’ (Navy),” an open call for Tor-cracking proposals whose winner will be chosen by August 20.

The MIA specifically wants researchers to “study the possibility of obtaining technical information about users and users' equipment on the Tor anonymous network,” according to a translated version of the Russian government’s proposal.

Only Russian nationals and companies are allowed to take part in the competition "in order to ensure the country's defense and security." The participants require to pay a 195,000 ruble (about $5,555) application fee in order to participate in the competition.

Tor, which was actually invented at the U.S. Navy, anonymizes the identity of an online user by encrypting their data and sending it through a unique configuration of nodes known as an onion routing system – making it difficult to trace.

Now in the hands of a nonprofit group, the project continues to receive millions of dollars in funding from the U.S. government every year, but boasts approximately 4 million users worldwide, among them many tech-savvy digital activists in countries where technical censorship and surveillance are prevalent.

Tor has encountered problems in Russia before. Nonetheless, the MVD had previously sought to ban the use of any anonymizing software, though the proposal was dropped last year.

SERIOUS THREAT FOR ACTIVISTS AND WHISTLEBLOWERS
Anonymity, which is of everybody’s interest, specially of activists, journalists, researchers, whistleblowers, who uses Tor anonymity service to hide their activities, are now under great threat from both sides.

In my opinion, announcing a million dollar competition doesn’t provide any government full authority to hack the widely used anonymity network. Such move has put both, Russian and U.S Governments in the same category of "Enemy of the Internet Freedom".

Tor has been the constant target of government intelligence agencies and other entities seeking to unveil the identities of anonymous Internet users. Even the U.S. government intelligence agency NSA and U.K. intelligence GCHQ made multiple attempts and spend significant resources to target users of Tor and to break Tor program’s anonymity as revealed by Global surveillance whistleblower Edward Snowden last year.

Last year, it was revealed that a zero-day vulnerability in Firefox was used to unmask users of the privacy-protecting “hidden services” Tor, which was estimated to be an effort of the FBI in order to crack down on Freedom Host, a Tor server provider, as part of a child pornography case.

A talk at the upcoming Black Hat security conference in August entitled 'You don't have to be the NSA to Break Tor: De-Anonymizing Users on a Budget,' by the researchers from Carnegie Mellon University was abruptly pulled earlier this week, because the materials they would discuss have not been approved for public release by the university or the Software Engineering Institute (SEI).

Just few days ago, Exodus Intelligence reported that its researchers had found a critical zero-day security vulnerability in the privacy and security dedicated Linux-based TAILS, an operating system designed to be booted from a CD or USB stick that uses Tor and other services to hide the identity of the users and leave no trace of their activities on their computer machines. While, the developers with the Tor Project said that they are working on the issues to fix the weakness as soon as possible.