Russian government promises £60k bounty to Tor hackers

The Russian Ministry of Internal Affairs (MVD) is offering a 3.9 million ruble (approximately £64,600) reward to anyone who can find a way of identifying and tracking users of the anonymous Tor network.

Microsoft expert: Tor security compromised by NSA
Microsoft expert: Tor security compromised by NSA

The tender was posted on the government's website on July 11 and asks researchers to “study the possibility of obtaining technical information about users and users' equipment on the Tor anonymous network”.

Entrants are required to pay a 195,000 ruble (£3,235) application fee but must be either a Russian citizen or Russian company. The competition is open until August 13 and the winner will be announced on August 20. Successful bidders will have to submit their work by 30 November.

Tor – officially known as The Onion Router – has been a constant target of intelligence agencies in recent times, not least in Russia where the network has been used by bloggers, journalists and activists to get around the Kremlin's on-going internet censorship campaign.

The MVD has previously sought to ban using any anonymising software but dropped that proposal late last year in favour of a new “blogger law”, due to be passed next month, which requires all bloggers with an audience of more than 3,000 readers to register their identity with the government.

The US' own National Security Agency (NSA) has apparently repeatedly tried to break the code, according to the leaks from former CIA contractor Edward Snowden. Citing official sources, German public broadcaster ARD also reported earlier this month that two Tor servers in the country were being ‘actively watched' by the US surveillance agency.

More recently, Carnegie Mellon researchers Alexander Volynkin and Michael McCord planned to deliver a presentation entitled “You Don't Have to be the NSA to Break Tor: Deanonymising Users on a Budget” at the upcoming Black Hat security conference, but were forced to cancel after not receiving permission to publish the materials developed by the government-funded Software engineering Institute (SEI).

The irony in all of this is that the Tor Project was originally sponsored by the US Naval Research Laboratory and has since become a popular free encrypted network used by activists, dissidents and journalists to conceal their identity, location and general internet activity from prying eyes.

Tor operates on donations from private contributors and organisations like Google and DARPA and has been heavily-promoted by NSA whistle-blower Snowden as a secure way to surf online. Tor hasn't been the only anonymised internet service to face security incidents recently, as researchers at Exodus Intelligence found on July 23 that there was a vulnerability in a component of Tails, the privacy-focused operating system that can be downloaded onto USB.

Dr Gareth Owen, a senior lecturer at Portsmouth University who specialises in cyber security, told SCMagazineUK.com that the news isn't much surprise with Tor also often being used by organised criminal gangs.

“It's not much of a surprise that any government is targeting Tor,” said Owen, who delivered a talk on Tor attacks and countermeasures at the BSides London conference in April. “Tor is used by organised criminal gangs (notably paedophiles) to avoid being traced and these people are legitimate targets. Of course, Tor is also used legitimately by activists and others too."

Citing the ability for attacks to come via an add-on application, such as Firefox, he added: "Attacks against the fundamental way Tor works are often difficult or expensive to deploy but not impossible. Targeting Firefox or other side attacks are often easier and extremely effective.  The FBI did this last year after the Silk Road take-down. Firefox sadly has a long history of zero days and currently uses a less than ideal security model.”

Matt Hillman, head of security research at UK-based consultancy MWR InfoSecurity, told SC that it was 'interesting' that a government was openly offering a bounty for Tor, and what this could mean about their intentions, but said that the Tor community is well-equipped to deal with such investigations.

"The Tor project actively research and publish advice on how to avoid bad user habits that can compromise the anonymity provided by Tor. There have also been attacks against the Tor network in the past but the project is usually quick to respond and update. Any attack is less likely to relate to Tor's encryption and more likely to relate to its architecture or exploiting incorrect user setup or activity when using Tor," said Hillman.

"Alternatively, user machines could be infected with malware that bypasses the Tor connection, but this would not be a flaw in Tor itself. 

"Users should follow the warnings on the Tor website and follow general security best practice when using the software."