As anticipated in my previous post, law enforcement agencies and intelligence all over the world are investing to de-anonymize users in the deepweb, and in particular on Tor networks. Hacking Tor is a goal for many Intelligence agencies as demonstrated also by the collection of documents leaked by Edward Snowden, that explicitly refers to a project named ‘Tor Stinks’ which has the scope to track Tor users.
Russia’s Interior Ministry (MVD) has posted a tender to recruit companies and organization which are interested to “study the possibility of obtaining technical information about users (user equipment) TOR anonymous network”. The Russian Government is offering almost 4 million rubles, approximately $111,000, for the development of technology to decrypt data sent over the Tor and identify Tor users.
The tender, titled “Perform research, code ‘TOR’ (Navy),” was posted on July 11th on the official procurement website.
The competition is arranged by the Russian Government “in order to ensure the country’s defense and security.”
I asked a colleague to help me to translate the original tender, the spelling of “TOP” comes from that original document (all-caps, Russian transliteration). The tender is about the Tor indeed. The term “Scientific Production Association” (Научно -производственное Объединение) is a Soviet/Russian cover word for a military or a KGB/FSB R&D outlet. The one in question belongs to the Interior Ministry which is in charge of police and penitentiary.
The tender requires active security clearance specifically in the LI (though I wonder if “legal” is applicable to Russia at all) and a general high level security clearance.
The tender reports that companies that intend to take part in the competition have to pay a 195,000 ruble (about $5,555) application fee. The Russian Government wants to break the encryption used to anonymize the users’ web experience in Tor Network, Russian Government is aware that foreign Intelligence agencies are working to similar projects and ordinarily use the popular network.
The Tor network is widely used by digital activists and individuals in critical areas of the planet to avoid censorship operated by governments like Iran and China, today the project is managed by a nonprofit group, that is also financed by the US Government, and counts 2,5M users worldwide as reported in the graph below.
The Tor is perceived by the Russian Government as a serious threat, its use, like the adoption of any other anonymizing tool, is “discouraged” by the Kremlin.
Although, the Russian Government isn’t unique one that is trying to de-anonymize Tor, the FBI for example exploited a zero-day flaw in the Firefox browser to identify Tor users for its investigation on child-pornography, the code used is considered the first sample captured in the wild of the FBI’s “computer and internet protocol address verifier,” aka CIPAV, the law enforcement spyware first reported by WIRED in 2007.
Recently German broadcaster ARD reported that NSA experts were monitoring two Tor directory servers in Germany to de-anonymize IP addressed of Tor users using them.
Lets’ close this post with another curious case, early this year researchers Philipp Winter and Stefan Lindskog of Karlstad University in Sweden, identified 25 nodes of Tor network that tampered with web traffic, decrypted it and censored websites.
The experts discovered that a not specified Russian entity was eavesdropping exit nodes at the edge of the Tor network, the attackers appeared to be particularly interested in users’ Facebook traffic. On the overall nodes compromised, 19 were tampered using a man-in-the-middle attacks on users, decrypting and re-encrypting traffic on the fly.
Who is spying on Tor network exit nodes from Russia?
Is it another attempt of the Russian Government to compromise the Tor anonymity?
(Security Affairs – Tor network, Russia Government)