Startup That Sells Zero-Days to Governments Is Offering $1 Million For Tor Hacks

Image: g0d4ather/Shutterstock
A startup that sells exploits to governments says it wants hacks for the browser used by activists, protesters, journalists, and criminals.

By Lorenzo Franceschi-Bicchierai | MOTHERBOARD

A notorious startup is offering up to $1 million in rewards to security researchers who can find bugs and develop techniques to exploit the anonymous web surfing tool the Tor Browser.

On Wednesday, Zerodium, a US-based company that buys exploits from researchers and sells them exclusively to government customers, announced the new bounty. The highest bounty is $250,000 for an exploit that allows the attacker to hack a target who’s using the Tor Browser with high security settings on Linux Tails and Windows, giving the attacker the highest kind of privileges on the target’s computer. Other bounties range between $75,000 (for exploits that only work for either Windows or Tails, and work only with Javascript allowed, for example, making them easier to develop) and $200,000.

„We need many exploits as we have many customers with many ongoing operations against illegal activities undertaken on Tor,“ Chaouki Bekrar, the CEO and founder of Zerodium, told Motherboard in an online chat. „We have a higher demand for Tor exploits from our government customers as they are facing higher illegal activities on Tor and they must take action.“

read more