Wednesday01 February 2023

Russia Offers a $111k Reward to De-Anonymize Tor

Reading time is around minutes.

On Friday we wrote about a talk that was canceled at Black Hat 2014. This talk was to discuss a flaw in the Tor anonymizing network that would allow almost anyone to identify users on the network. This morning we find out that the Russian government is actually offering a reward (around $111,000) to anyone that can come up with a reliable method to do this very thing.

The Tor Project was actually created by U.S. Naval researchers, but eventually drifted away and is now independently run. It has been used by many people looking to hide their activities on the internet (including foreign agents and covert operatives). Although the network has slipped out of favor with the “spy” crowd it is till often used in areas where government censorship and control are high. Through the use of Tor individuals can many times get around the limits put in place.

Sadly the Tor network is also used by people with less noble intentions. Because of this group many law enforcement agencies want to be able to peek inside and identify anyone using the network. There are methods of finding people on the network, but most of these currently involve corrupting sites that exist outside the normal internet. Some have called this the dark web and it is typically where criminals conduct their business. According to most accounts these anonymous sites use unregistered IP addresses and specific “private” DNS servers in order to be found.

Another well-known method for tracking people through the Tor network is to setup honey pot entry and exit servers. These are effective in seeing where someone comes from and is going, but they are random so you never know who is going to pass through your window. If you have a known suspect you could technically push their Tor traffic to a server you control, but that can become much more complicated if you have an unknown.

Personally, I do not agree with the efforts to decrypt or de-anonymize Tor or any other privacy protecting network. If such a tool is created then it is sure to be abused. It might start off looking for the bad guys, but it will quickly be used to look at everything that is going on.

Tell us what you think about all this in our Forum

Last modified on Monday, 28 July 2014 10:48

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.