INFRA
INFRA
INFRA
Zerodium offers up to $1M for new Tor browser bug bounty program
Washington D.C.-based exploit prevention company Zerodium Inc. Wednesday announced a new bug bounty program that will pay up to $1 million to security researchers and white hat hackers who identify new exploits in the Tor browser on security-focused Tails Linux and Windows.
Tor is the anonymous network perhaps best known as being the gateway to the dark web of often shady sites. But it’s also used to access the Internet by those who are seeking to not be identified, from the security-conscious to those in totalitarian countries with Internet monitoring or censorship.
The highest bounty in the new program is $250,000 for an exploit that could allow an attacker or government to hack a person using the Tor browser with Javascript turned off, the highest security default setting. Other bounties include $75,000 for exploits that work with Javascript turned on.
“While Tor network and Tor Browser are fantastic projects that allow legitimate users to improve their privacy and security on the internet, the Tor network and browser are, in many cases, used by ugly people to conduct activities such as drug trafficking or child abuse,” Zerodium said in a statement. It also added that “we have launched this special bounty for Tor Browser zero-days to help our government customers fight crime and make the world a better and safer place for all.”
That emphasis is ours, but it’s an interesting twist on the Tor platform. On one hand, Tor was initially developed by the United States Naval Research Laboratory with support from the Defense Advanced Research Projects Agency for protecting U.S. intelligence communications online, and it’s still supported by both organizations today. However, given its use by drug traffickers, child pornographers and other nefarious users, Tor is also hated by some governments, including parts of the U.S. government.
The list of countries that either hate Tor or have attempted to ban it include the usual suspects such as China and Russia. But western governments have also spoken out against it. The U.K. has called for it to be banned multiple times, most recently in 2015. In the U.S., the Federal Bureau of Investigation has gone as far as labeling people who run Tor users as being criminal and threatening to arrest them for doing so.
Zerodium’s bounty program runs until Nov. 30, though the company notes that it reserves the right to close the bounty program earlier if the amount paid out exceeds $1 million.
Image: Privacy Canada
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
