The Russian Ministry of Internal Affairs (MVD) clearly does not care about even pretending to respect privacy, and has offered (in Russian) a 3.9 million ruble (approx.US$110,000) prize for cracking the Tor anonymity network.
The offer was made on July 11 and is open until August 13, with the ‘winner’ being announced by August 20. Competitors must be a Russian organization with a security clearance to work on sensitive projects for the Russian government, and must pay an entrance fee of 195,000 rubles (approx. US$5,500).
Following publicity from privacy advocates, the original tender description has been removed from the website, but the project is still listed as ‘шифр «ТОР (Флот)»’ (which translates as ‘cipher “TOR” (Navy)’).
Tor is an anonymity network that routes users’ internet traffic through three or more random servers operated by volunteers around the world. Check out our article for a more detailed explanation how it works.
Although Tor usage has more than doubled in Russia since Edward Snowden’s NSA revelations last year (from 80,000 users to 210,000 thousand users), pushed by Putin’s harsh new ‘Bloggers Law’, one of its main weaknesses is that the small size of its user base, especially those volunteers who allow their computers to be used as Tor exit nodes, allows powerful adversaries (such as the NSA) to launch effective de-anonymising attacks.
The core technology, however, is considered by most security experts to be secure, and it seems unlikely that the Russian government will be able to change this, especially not in the limited amount of time given, or the rather paltry size of the 3.9 million ruble prize. However, this may not in fact be the government’s true aim, as surveillance and security expert Andrei Soldatov explained,
‘It’s not important if the Russian government is able to block Tor or not. The importance is that they’re sending signals that they are watching this. People will start to be more cautious.’
Tor has elsewhere been in the news of late after a Black Hat 2014 conference talk entitled ‘You Don’t Have to be the NSA to Break Tor: Deanonymizing Users on a Budget’ by Michael McCord and Alexander Volynkin (both of whom work for Carnegie-Mellon University and CERT) was suddenly cancelled on the advice of lawyers (rather than, as has been widely reported on the internet, at the request/demand of the Tor team).
It seems likely that whatever the hack is, it is based on the way in which Tor is used rather than with Tor itself, but in an email to users, Tor project leader Roger Dingledine said that a fix was being worked on,
‘Based on our current plans, we’ll be putting out a fix that relays can apply that should close the particular bug they found. The bug is a nice bug, but it isn’t the end of the world. And of course these things are never as simple as ‘close that one bug and you’re 100% safe.‘