Thoth July 28, 2014 6:18 AM

Since the American agencies (NSA and other 3 letter agencies) have figured out their ways around Tor, they could somehow figure their way in obtaining the information from the Americans and their allied agencies. Under the table deals or via shell companies, third parties or via espionage are many options the Russians could lay their hands on what the Americans know.

Indeed the price of $114,000 is too cheap for something of that high value (Tor). The exploits for Tor are worth at least in the range of more than 50 million USD.

readerrrrr July 28, 2014 6:26 AM

I don’t think they can do it. The reward requires a high entry fee, which is probably made to limit the number of applicants. That implies they will actually study the received proposals. If they already knew how to do it, they wouldn’t have to restrict the potential applicants to only those who are serious.

Anton Nesterov July 28, 2014 6:28 AM

It’s not “let’s break Tor” tender, it’s tender for report on current weaknesses. Something like “let’s translate threat model to Russian and see what we can do after that”. That why it’s cheap.

mik July 28, 2014 6:41 AM

I don’t know if you could infer that all of the Russian government doesn’t know how to break Tor – just that some part is interested.

A US analog would be if California police put out a tender to help them break Tor – that wouldn’t imply that the FBI and NSA can’t figure it out.

gazunga July 28, 2014 7:00 AM

Is it coincidental that the Soviets are offering to pay for information that was just recently cancelled, as a presentation, at BlackHat ?

Ampy July 28, 2014 7:24 AM

That is really contest in which the victor is practically known beforehand between U.S.A and Russia isn’t that ?

Clive Robinson July 28, 2014 7:36 AM

My guess is it is rather more for the political message than any hope of getting anywhere. Afterall the sum of money won’t buy you much even in Russia.

However if the story of it gets widely known nd “scares” Russian users off of Tor then I suspect there will be smiling around Putin and friends.

Also I would not rule out the fact it might be in retaliation of events relating to the goings on in the Ukrain. Putin is known to be up to his neck in Internet Intimidation tactics both on a national and international level. And it’s known that what Russia regards as the Wests low level assets (ie NGOs etc) use etc Tor.

Then there was the recent UN ITU telecomms meet in Dubia where various nations including Russia tried to wrest some measure of Internet control away from the US…

So many political reasons, few technical reasons.

Dave Howe July 28, 2014 7:38 AM

Perhaps they know a solution exists, but not the details – hence, while not enough to tempt an exclusive holder of that info to divulge it, it could well be more than enough to tempt a member of a hacker group or intelligence agency to gain a little extra cash being the first to sell on the info.

Alternatively, given the entry fee, its a scheme to make money from entry fees? 🙂

gordo July 28, 2014 8:17 AM

From a post by Pierluigi Paganini on his “Security Affairs” blog:

The tender, titled “Perform research, code ‘TOR’ (Navy),” was posted on July 11th on the official procurement website.

The competition is arranged by the Russian Government “in order to ensure the country’s defense and security.”

I asked a collegue to help me to translate the original tender, the spelling of “TOP” comes from that original document (all-caps, Russian transliteration). The tender is about the Tor indeed. The term “Scientific Production Association” (Научно -производственное Объединение) is a Soviet/Russian cover word for a military or a KGB/FSB R&D outlet. The one in question belongs to the Interior Ministry which is in charge of police and penitentiary.

The tender requires active security clearance specifically in the LI (though I wonder if “legal” is applicable to Russia at all) and a general high level security clearance.

uh, Mike July 28, 2014 9:05 AM

Someone who says they’re Russian say they want to buy script kiddie toys for Tor.

Nothing to see here, move along.

BTW, they say the best first line of a novel includes sex, royalty, humor, and religion: “Dear God, get your hand off of my knee, giggled the queen.”

Just substitute modern day hot buttons, and the instant website pops out.

G July 28, 2014 9:14 AM

If we’re into pointless debates we could also debate
3). The aliens infiltrated the Russian government and are using some ruse to provoke a world war
4) Schneier is lately a secret agent of NSA etc.

It’s 1)

Joe July 28, 2014 9:16 AM

TOR is a bit like a shell game where a mere mortal can’t observe the motion fast enough to follow what’s under the shell — but it’s only a matter of time before analysis of exit nodes makes that possible. The encryption used between nodes is also not particularly secure. Those who use it are being watched, so that’s a strike against using it discreetly. Finally, many of those who do use it are criminals, which more-or-less gives the world’s police states (that includes the US) permission to go after entire servers indiscriminately.

I am shocked anyone still thinks they can use TOR for private communications.

securitynewsfreak July 28, 2014 9:31 AM

Version 3.6.3 was released on Friday. Have you upgraded? It has various bug fixes.

xl0 July 28, 2014 10:32 AM

Not entirely correct. The original tender was about conducting research on the feasibility of TOR deanonimization, not the desnonimization itself.

Anura July 28, 2014 12:08 PM

@uh, Mike

That gives me an idea: Tor, but with every Tor node communicating over i2p.

There is a slight possibility that it would cause additional overhead. It also doesn’t solve timing attacks, or malware based attacks, and well, I’m not sure it actually provides a real advantage over Tor alone.

Salad July 28, 2014 2:56 PM

I doubt the Russians can break Tor. If they could, they’d just keep it a secret and quietly de-anonymise Tor users from the shadows.

albert July 28, 2014 3:20 PM

Yeah, life is getting tough what with all this security stuff on the internet. The fascists are having a hard time keeping a lid on/monitoring global information exchange. Even that old bogeyman, terrorism, is beginning to lose its value as an excuse for spying on everyone.

What’s a mother to do?

Kinda reminds me of the old 60s spy stories, where agents met by fountains and in bathrooms with the shower running, whispering in each others ears. That’s where we’re headed- again. Well, at least it’ll kill Capitalism for a while, and the Ruling Elite will have to recreate feudal states.

I gotta go…

3g3iuhi3ugh398hello July 28, 2014 4:24 PM

Given Russia has always had the best RE and big-number people, I’m assuming it’s a ‘ruse’ or TOR is actually secure.. Given it’s a protocol that basically randomly routes streams and has a new round of encryption per-node, I’m assuming not the ladder..

FYI the protocol supports self-re-ordering anywhere in session, although it DOES randomly place, and whole chain hierarchy data for each node so you can basically just keep re-ordering till your nodes are in the right places. You don’t actually need a exploit or cipher weakness,,,,,,, just flood the grid with nodes like the NSA does and use the built in bad design..

3g3iuhi3ugh398hello July 28, 2014 4:34 PM

By the way it’s not really surprising there are obvious insecurities that are only hidden by a poorly managed API. This is basically a DARPA project being channeled through some US gov. department that really have no reason to be funding or researching routing and security engineering projects.. Just in case you’re wondering why all those US defense grid nodes have been in TOR since early discovery..

There is one logical alternative: Russian activist keep all Russian nodes out of their chains, and the overhead of managing nodes at FSB foreign stations are too expensive..

Also I’m sure people are going to come out of the wood work to tell me how I’m wrong on all points.. Well.. Most of the ‘reality’ statements here are based on other’s security research around TOR, and I’m just making economical observations..

DaveK July 28, 2014 7:46 PM

@3g3iuhi3ugh398hello, I’m not going to bother telling you that you’re wrong; the stuff you’ve come out with doesn’t fall into the category of “wrong” but into Pauli’s category of “not even wrong”.

However I do commend your honesty in admitting that you are engaged in mere armchair speculation unencumbered by any knowledge of how Tor works. That’s brave of you. Many of the other comments in this thread would benefit from such a disclaimer.

DB July 28, 2014 8:17 PM

I really believe that there is some kind of government-sponsored FUD campaign (i.e. really psychological warfare against the general populace) going on sometimes, trying to simply discredit the things they can’t so easily hack, steal, and pillage directly…

For example… I strongly suspect that whole black hat talk about how easy it was to de-anonymize Tor that was pulled with no explanation, might be such a thing… i.e. there could easily be no such easy way to de-anonymize it, just some government lackey trying to scare people into thinking maybe there is, with such a proposed talk… then pulling it before they have to actually talk about a whole lot of nothing.

This Russian Tor thing in this post also smells suspiciously more like psych warfare than an actual thing.

On the other hand.. has anyone done any real research about exactly how many Tor nodes have to be compromised in order to really compromise anonymity?

Chris Abbott July 28, 2014 9:22 PM

My concern about TOR is that every IP address connecting to a known entry/exit node is going to fall under suspicion. They could randomly target (or target in bulk) any of those IPs. The NSA or whoever can then use things like QUANTUM, old-fashioned packet sniffing, or whatever else to get into your machine. Using it might actually be counterproductive, but I can’t say for sure. I guess it depends.

Chris Abbott July 28, 2014 9:24 PM

Well, the connection to the entry node is encrypted but not coming from the exit node, so maybe it’s ok for packet sniffing, but they could just monitor that IP address and find a way to get into your machine otherwise…

Nick P July 28, 2014 10:22 PM

@ Chris Abbott

That’s exactly what I said! Good thinking. The fact that they can hit endpoints easily means there’s no real assurance in using it against such an adversary. Endpoint security must always accompany security protocols. The stronger the adversary, the stronger the endpoint and protocol security required. Tor’s focus on usability, performance, and portability leads it to dangerous tradeoffs. Much like mainstream platforms and protocols in general.

Nick P July 28, 2014 10:48 PM

@ DB

It’s actually a moving target. The protocol designers do something hoping for anonymity. Researchers find a new way to defeat that. And so on. The problem is that anonymity of real-time, two-way communication is a little understood security problem. That’s on top of INFOSEC itself being only a few decades old, with practitioners barely able to secure a simple client-server setup with existing knowledge. Anonymity + security + untrustworthy networking protocols + performance = a hard problem.

Here’s a list of papers, though, that keeps getting updates on the results of the cat and mouse game:

AlexT July 29, 2014 5:54 AM

I’m a bit surprised by this recurring meme about TOR being broken.

Is there anyone with concrete evidence to substantiate this claim ? Yes timing attacks by a state level actor might work, I can buy that. Anything else ? Yes it is a DARPA initiated (and still mainly financed) project. It is also an open source project. Can anyone point out the back doors (or at the very least hint at them) ?

WD July 29, 2014 9:49 AM

So what if TOR can be hacked? If enough people installed a relay in their home, and used TOR whenever they access the internet – it would send a powerful message while scaring the crap out of those pissants trying to control everyone.

They can’t get all of us. So terrorizing the controlniks is still useful. Imagine trying to empty a beach with a spoon. That’s what these fools face if the mob starts using TOR.

Driving these people crazy is everyone’s business.

This POS: actually seems to work. Easy to use, but probably isn’t implemented as securely as it should. Doesn’t matter. It relays and it’s cheap.

If I were to venture a guess…it’s not selling well. Which is a tragedy.

Little pushbacks everywhere demoralize enemies. We should setup a fund for general Alexander’s neighbors. Even a trained dog crapping on his doorstep would help, though I’d prefer naked Congressman photos with Alexander’s home as the return address.

The United States needs to restore our native distrust and torment of grand pohbahs.

65535 July 29, 2014 10:22 AM

Nick P comes through again.

I looked at his list and it is quite long. I like “The Tor Sniper Attack” which seems to be a valid way of disrupting Tor via a DOS attack – but doesn’t really deaonymize users.

The Russian proposal looks authentic. One would have to call the phone numbers and place a deposit to check it out [I am confused by the Russian “security clearance” requirement].

It could be a financial scam given the high deposit compared to modest reward. But, the Russians have been using rewards for years to get projects done. It could be the real thing – which would indicate the Russian’s cannot deanonymize some portions of Tor [they don’t have the largest view of the backbone – yet].

nesih July 29, 2014 1:11 PM

@DB If you take into consideration the substantial combined intelligence budget of 5-Eyes and bear in mind that it is almost certain that there is collusion between — at least — those five members (plus probably other friendly faces like Germany, France, Netherlands, etc.) in the monitoring of entry & exit nodes, I would imagine (with no solid evidence to back it up) that a vast percentage of Tor traffic is being deanonymized. Having said that, it would be almost impossible to deanonymize the entire network all the time, and it brings a smile to my face every time I think of how many billions of dollars the suckers are spending on confirming whether I’m having peach or apple juice on my online shopping this week.

gordo July 29, 2014 2:31 PM

The first paper cited below is not listed on the “Selected Papers in Anonymity” page
( – from Nick P’s cite earlier in this thread):

Practical Vulnerabilities of the Tor Anonymity Network
Paul Syverson
Center for High Assurance Computer Systems
U.S. Naval Research Laboratory

Also of interest may be:

GitHub Page for the Tor Path Simulator
TorPS quickly simulates path selection in Tor.
TorPS was used to produce results for the paper:

Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries
Aaron Johnson, Chris Wacek, Rob Jansen, Micah Sherr, and Paul Syverson
[this paper is included on the above-referenced resource list]

Nick P July 29, 2014 3:03 PM

@ gordo

Nice addition. And from one of my favorite sources of good papers: Navy’s Center for High Assurance Computer Systems. A few of INFOSEC history’s top minds work there, with their researchers steadily producing interesting theoretical and practical work.

Nick P July 29, 2014 3:25 PM

@ 65535

Here was my last post on Tor and Java-based Freenet. I identified the reasons a very managed language like Java shouldn’t be used in a project like this. I also identified attack surface and subtle issues that can ruin something like Tor. I pointed out that the attackers are so powerful that only a high robustness approach can be trusted. And then I gave specific recommendations on what to use to achieve that.

Since then, I’ll add secure hardware, I/O, and firmware to that list. The OS and application layer stuff can still do fine, esp on something like CHERI processor with IOMMU and crypto engine added. That would all still be small enough to fit on an inexpensive FPGA.

The simplest method, though, is the old one I advocated for VPN’s and S-VOIP: use three to four dedicated devices. Two are the internal and external facing transport stacks running a minimal of hardened code. They do networking, firewalls, initial protocol translation, and maybe sanity checks. They pass this to the middle system whose hardware is picked for trustworthiness. It runs the core Tor functions on a separation kernel architecture. You can either use secure hardware here or a non-DMA’d form of I/O. Original designs used VIA ARTIGO’s that had onboard virtualization, TRNG, crypto, etc at 25W of power and $300 new. Today, one might use raspberry PI’s or Freescale’s cheap ARM/PPC boards. Some Freescale boards even have onboard crypto and IOMMU. Assume the board might be subverted by where ever its builder operates, though.

AW July 29, 2014 5:20 PM

Slightly OT: interesting that even in 2014 a commenter in this thread uses “Soviets” for “Russians”.

Chris Abbott July 29, 2014 7:34 PM


It’s not so much about TOR being broken, TOR in and of itself may not be. It’s what Nick said about endpoint security. For example, your IP connects to a known TOR node, or identifying information about you comes out the end, they can find ways to attack your systems specifically. Like the some of the NSA’s attacks, they can identify what browser you’re using for what and what OS you use, then use an exploit they know about for that particular system. Once they get in, they have the keys to the kingdom and that’s the end of any encryption or anonymity tools or whatever else you use. Without good endpoint security, everything is useless…

Thoth July 29, 2014 10:43 PM

What de-anonymizes Tails is the I2P’s Javascript attack..

What de-anonymizes Tor is usually the exit nodes..

What breaks your internet transactions over SSL/TLS is endpoint..

What breaks your end-to-end crypto is endpoint..

The problem we are now seeing is more of the endpoint security. You are doing crypto/trusted ops on an untrusted system. People are trying to create blackbox HSMs and who knows what’s inside them.

It’s very hard to define a silver bullet since we are pretty much surrounded by organisations bent on stamping out what remains of our rights and freedom.

The very last thread probably would lie in openness and transparency. Transpraent designs, transparent implementation, transparent testing, transparent deployment.

IACR is flooded with algos and protoocols that are interesting but the more specific algos and protocols we rarely see is the kind of algos and protocols that not just return some vague results but return results that proof their correctness. We should be heading this direction of provable computation. This would fall under transparent design.

HSMs should not be blackboxes and should be transparent in their design, implementation and testing which is same for softwares.

Using strong crypto on weak endpoints is a recipe for trouble.

3g3iuhi3ugh398hello July 29, 2014 11:51 PM

@DaveK: So you can’t request a chain order change as any node in a chain and get full meta data for every node including the index of your own node, all using API? Better tell the TOR team that so they can fix their docs and remove it from their libraries..

Your ‘wrong’ claim towards my FSB foreign station comments are also apically contradicted by about half a century worth of world events and data..

If you’re going to tell people they’re wrong at least know what you’re talking about.. You basically said I was wrong not even giving technical or even vague details as to why.. Which means you likely don’t even know much of the subject matter and are one of the soccer dad spooks these comments are becoming known for.. Stick to sports..

01 July 30, 2014 7:21 AM

So you can’t request a chain order change as any node in a chain and get full meta data for every node including the index of your own node, all using API?

Could you say that in English, please ?

Benni July 30, 2014 12:32 PM

Regarding tor, they have now the following security advisory:

“Tor security advisory: “relay early” traffic confirmation attack”

“On July 4 2014 we found a group of relays that we assume were trying to deanonymize users. They appear to have been targeting people who operate or access Tor hidden services. The attack involved modifying Tor protocol headers to do traffic confirmation attacks.”

Funny honeypot indeed….

The anonymity of tor is an offer that is likely to be broken if they put some effort into it.

So everything that goes over tor has to be very strongly encrypted. That means you have to communicate over tor only with people whose certificates you can check.

I would suggest, you use retroshare for that:

Jarda July 30, 2014 5:58 PM

There’s another possibility: 3) Russia ruled out the possibility to break TOR, so they make a tender where participants must pay a subscription fee (that’s how I read the store elsewhere), knowing that the idea of profit will attract many. With the probability of paying the reward rather low Russia might make some extra money to pay hookers and booze for the government guys. 😉

Dave Monroe August 1, 2014 5:03 PM

I am a newb this blog. I am not a newb to security. Break TOR? The tech behind TOR appears sound. I have tracked (as best I can) every single compromise that has happened to the TOR network for at least the past three years and an all cases have either found bad user practices to be at the center of the compromise or some three letter agency exploit like Foxacid or Quantum. With the current politics between the US gov’t this reward is a means of bloviating by the Russians.

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.