Cyber-arms dealer offers $1m for zero-day Tor hacks

Zerodium is a cyber-arms dealer that produces hacking tools for governments by buying up newly discovered defects in widely used systems, weaponizing them and then selling them to be used against criminals, activists, journalists and other targets of state surveillance.

In 2015, the company offered $1m in bounties for Iphone breaks. Now, it's offering $1m more for attacks against the Tor network, widely used to enhance privacy and anonymity online.

On Wednesday, Zerodium, a US-based company that buys exploits from researchers and sells them exclusively to government customers, announced the new bounty. The highest bounty is $250,000 for an exploit that allows the attacker to hack a target who's using the Tor Browser with high security settings on Linux Tails and Windows, giving the attacker the highest kind of privileges on the target's computer. Other bounties range between $75,000 (for exploits that only work for either Windows or Tails, and work only with Javascript allowed, for example, making them easier to develop) and $200,000.

Startup That Sells Zero-Days to Governments Is Offering $1 Million For Tor Hacks [Lorenzo Franceschi-Bicchierai/Motherboard]