UPDATED 22:47 EDT / SEPTEMBER 13 2017

INFRA

Zerodium offers up to $1M for new Tor browser bug bounty program

Washington D.C.-based exploit prevention company Zerodium Inc. Wednesday announced a new bug bounty program that will pay up to $1 million to security researchers and white hat hackers who identify new exploits in the Tor browser on security-focused Tails Linux and Windows.

Tor is the anonymous network perhaps best known as being the gateway to the dark web of often shady sites. But it’s also used to access the Internet by those who are seeking to not be identified, from the security-conscious to those in totalitarian countries with Internet monitoring or censorship.

The highest bounty in the new program is $250,000 for an exploit that could allow an attacker or government to hack a person using the Tor browser with Javascript turned off, the highest security default setting. Other bounties include $75,000 for exploits that work with Javascript turned on.

“While Tor network and Tor Browser are fantastic projects that allow legitimate users to improve their privacy and security on the internet, the Tor network and browser are, in many cases, used by ugly people to conduct activities such as drug trafficking or child abuse,” Zerodium said in a statement. It also added that “we have launched this special bounty for Tor Browser zero-days to help our government customers fight crime and make the world a better and safer place for all.”

That emphasis is ours, but it’s an interesting twist on the Tor platform. On one hand, Tor was initially developed by the United States Naval Research Laboratory with support from the Defense Advanced Research Projects Agency for protecting U.S. intelligence communications online, and it’s still supported by both organizations today. However, given its use by drug traffickers, child pornographers and other nefarious users, Tor is also hated by some governments, including parts of the U.S. government.

The list of countries that either hate Tor or have attempted to ban it include the usual suspects such as China and Russia. But western governments have also spoken out against it. The U.K. has called for it to be banned multiple times, most recently in 2015. In the U.S., the Federal Bureau of Investigation has gone as far as labeling people who run Tor users as being criminal and threatening to arrest them for doing so.

Zerodium’s bounty program runs until Nov. 30, though the company notes that it reserves the right to close the bounty program earlier if the amount paid out exceeds $1 million.

Image: Privacy Canada

Since you’re here …

… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.

Cookies

We employ the use of cookies. Find out more.