Interior Ministry contractor abandons attempts to hack Tor
The Central Scientific-Research Institute of Economics, Informatics and Control Systems (TsNII EISU) is going to unilaterally terminate 4 state contracts with the establishment of Special Equipment and Communications (NPO STiS) of the Ministry of the Interior of Russia, the Kommersant newspaper reported . The data on the contracts are closed, but according to the documentation, in 2013 the Central Research Institute of EISU agreed with STiS on the work with the names Uglarka (Fleet) and Sakhalinka-13 (Flexura), and in 2014 - Chameleon-2 (Fleet) "And" TOP (Fleet). " The latest work - this is the study of the possibilities of deanonymizing Tor users, which received the attention of the media and technical experts in the summer of 2014.
In public procurement informationTo carry out this work, the initial name was: “R&D“ Investigation of the possibility of obtaining technical information about users (user equipment) of the anonymous TOR network ”, code“ TOR (Fleet) ”. After receiving publicity in the media, the description was reduced to “Performing research work, code“ TOP (Fleet) ”. The original version can still be found in the screenshot in a post on Habrahabr. The maximum cost of work was estimated at 3.9 million rubles. The description of the Chameleon-2 tender with a maximum cost of 20 million rubles stated that it was “the creation of a hardware-software complex for conducting covert and hidden remote access to operatively significant information on a target electronic computer”. In this case, the description was also later edited.
At the moment, CRI EISU has not refused work, according to the newspaper Kommersant, citing a representative of the United Instrument-Making Corporation. The Central Research Institute in late May held a tender for the provision of legal services for termination. As a result, a contract for 10 million rubles was signed with the law firm “Pleshakov, Ushkalov and Partners”. Lawyers will help in the "preparation of a legal position regarding the termination procedure" of the four state contracts and will represent the Central Research Institute in court in several lawsuits of the Ministry of Defense. Vladimir Pleshakov did not comment on the situation, he only indicated that it was not yet clear whether the agreement would be terminated.
Tor is an anonymous cryptographic network based on onion routing. Packets in Tor are encrypted in several layers. When transmitting data, each of the nodes in the network decrypts the “onion” layer to obtain data on where the portion of the data should be transferred. The onion packet is then passed to the next node. Some network nodes make it possible to exit via their channel to the external Internet. Due to this, users can circumvent regional restrictions and blockages. The protocol of "meeting points" allows you to implement a hidden network of resources on .onion-domains. It is impossible to establish the identity of visitors to such .onion sites, as well as the real IP address and server location.
Regardless of the goals that were pursued in creating Tor, the network is often used to anonymize traffic, bypass resource blocking on the real Internet and access the dark web with forbidden information (some types of pornography, drug trafficking). In this regard, the possibilities of hacking the network and deanonymizing its users are of great importance.
If government agencies or any other attackers control more than one node on the data path, they can try to perform an attack on the recognition of traffic. This will require analysis of timing and traffic paths, packet labels, and other methods that some studies have shown work against Tor. It is possible to listen to unencrypted output node traffic. You can also establish the fact of using Tor, select a narrow group of users (users of the same city, neighborhood or network segment) and look for suspects from them already.
To implement attacks, you often need to listen to many nodes in the path of the target, which is not always possible. Less costly ways to break into the network receive close attention from technical publications.
Deputy CEO of Zecurion notes that there are no open data on Tor hacking methods in the world. On the other hand, security researchers are unlikely to publish such information. Instead, they would rather sell it to the secret services. There is a possibility that the protocol is already successfully listening, but we will find out much later or not at all. Partner at Sirota & Partners Law Firm, Artyom Sirota, said that the mere fact of organizing a tender to study the vulnerabilities of Tor is not a violation of the law. Problems may arise when the Ministry of Internal Affairs officers monitor onion network nodes in order to identify IP addresses that can be considered personal data.
In Russia, Tor and other anonymizers proposed to ban Leonid Levin. In February of this year, he called for pre-trial blocking of anonymizers, and the proposal of the deputy was supported by Roskomnadzor. The newspaper "Kommersant" Levin said that there is no ready-made bill on this issue. Issues of blocking anonymizers were raised back in 2012.
Tor is popular in Russia. By the number of users, the Russian Federation ranks third in the world after the United States and Germany. The Tor Metrics website claims that there are an estimated 173,000 Tor users in Russia. Graph of the number of Tor users in Russia. Blue highlights events that Torproject views as censorship.

Over the past two years, the number of Tor users in Russia has increased dramatically. The jumps in the graph above can be associated with the blocking of sites by Roskomnadzor under the law on child protection and in accordance with federal law No. 187-FZ to combat unlicensed content.