Is Russia Trying to Deanonymize Tor Traffic?

A contractor for Russia’s intelligence agency suffered a breach, revealing projects they were pursuing — including one to deanonymize Tor traffic. An anonymous reader shared this report from ZDNet: The breach took place last weekend, on July 13, when a group of hackers going by the name of 0v1ru$ hacked into SyTech’s Active Directory server from where they gained access to the company’s entire IT network, including a JIRA instance. Hackers stole 7.5TB of data from the contractor’s network, and they defaced the company’s website with a “yoba face,” an emoji popular with Russian users that stands for “trolling…” Per the different reports in Russian media, the files indicate that SyTech had worked since 2009 on a multitude of projects. In February ZDNet reported that Russia disconnected itself from the rest of the internet in a test — and suggests today that it was a real-world test of one of these leaked “secret projects” from the Russian intelligence agency. But the other projects include: Nautilus-S – a project for deanonymizing Tor traffic with the help of rogue Tor servers. Nautilus – a project for collecting data about social media users (such as Facebook, MySpace, and LinkedIn). Reward – a project to covertly penetrate P2P networks, like the one used for torrents. Mentor – a project to monitor and search email communications on the servers of Russian companies. Tax-3 – a project for the creation of a closed intranet to store the information of highly-sensitive state figures, judges, and local administration officials, separate from the rest of the state’s IT networks. ZDNet also reports that the Tor-deanonymizing project, started in 2012, “appears to have been tested in the real world,” citing a 2014 paper which found 18 malicious Tor exit nodes located in Russia. Each of those hostile Russian exit nodes used version 0.2.2.37 of Tor — the same one described in these leaked files.