The Russian Ministry of Internal Affairs (MVD) has offered a 3.9 million ruble (approximately $111,000) contract for technology that can identify the users of Tor, the encrypted anonymizing network used by Internet users seeking to hide their activities from monitoring by law enforcement, government censors, and others.
In a notice on the Russian government’s procurement portal under the title “Perform research, code ‘TOR’ (Navy),” originally posted on July 11, the MVD announced it was seeking proposals for researchers to ”study the possibility of obtaining technical information about users and users equipment on the Tor anonymous network.” The competition, which is open only to Russian citizens and companies, requires entrants to pay a 195,000 ruble (approximately $5,555) application fee. Proposals are due by August 13, and a winner of the contract will be chosen by August 20.
The MVD had previously sought to ban the use of any anonymizing software. That proposal was dropped last year. However, a new “blogger law” passed in April, which goes into effect in August, requires all bloggers with an audience of over 3,000 readers to register their identity with the government—and enforcement of the law could be made difficult if bloggers use the Tor network to retain their anonymity.
Tor has been the constant target of intelligence agencies and other entities seeking to unmask anonymous Internet users. Documents leaked by former NSA contractor Edward Snowden showed that the NSA and GCHQ made multiple attempts to break Tor users’ anonymity. Malware exploiting a Firefox vulnerability was used to unmask users of “hidden services” on Tor last year and may have been part of an effort by the FBI to crack down on Freedom Host, a Tor server provider, as part of a child pornography case.
Earlier this week, researchers from Carnegie Mellon University abruptly cancelled a scheduled talk at the upcoming Black Hat security conference entitled “You Don’t Have to be the NSA to Break Tor: Deanonymizing Users on a Budget.” The session was apparently cancelled due to legal issues. On July 23, Exodus Intelligence reported in a blog entry that its researchers had found a vulnerability in a component of TAILS, an operating system designed to be booted from a CD or USB stick that uses Tor and other services to anonymize users and leave no trace of their activities on their PC. Developers with the Tor Project said that they are working to fix the weakness discovered by the Carnegie Mellon team.
Update: The MVD updated the listing earlier today to remove the public description of the project. It still is labelled as "шифр «ТОР (Флот)»" (which translates as "cipher 'TOR' (Navy)").
reader comments
87