Russian intelligence ‘targets Tor anonymous browser’
MOSCOW-Hackers who breached a Russian intelligence contractor found that it had been trying to crack the Tor browser and been working on other secret projects, the BBC has learned.
Tor is an anonymous web browser, used by those wishing to access the dark web and avoid government surveillance.
The hackers stole some 7.5 terabytes of data from SyTech, a contractor for Russia’s Federal Security Service FSB, and included details of its projects.
It is not clear how successful the attempt to crack the anonymous browser was, as the method relied heavily on luck to match Tor users to their activity.
Hackers from a group known as 0v1ru$ gained access to the company on 13 July, and replaced its internet homepage with a smug smiley face often used by internet trolls. The information was shared with other hackers and journalists.
How did they plan to crack Tor?
To crack Tor, SyTech came up with Nautilus-S, which involved actively taking part in Tor and being part of the network.
When a user connects to Tor, internet service providers are able to see that Tor is being used. This data can be demanded by the FSB, and other state authorities in other countries.
However, the ISPs do not know what sites are being visited through the system – just that it is being used.
But the Tor network is run by volunteers and enthusiasts – and SyTech set up a “contribution” to the network known as an exit node – the last computer the signal passes through before reaching the website.
If a user, by chance, happens to exit the network through SyTech’s node, the contractor will know which website is being visited, but not who the visitor is.
There are two potential risks: combining the ISP data of who is using the network with which sites are visited at what times could, theoretically, help to identify someone – if they are lucky and the person randomly exits the network through their node.
But SyTech could also carry out a so-called “man in the middle” attack, and replace the webpage the user thought they were visiting with something else.
The system of attack is not unheard of – a 2014 research paper from Karlstad University academics highlighted the use of “malicious exit relays”. But a spokesperson for the Tor project disputed how viable SyTech’s attempt to crack Tor would be.