X

NSA sought to unmask users of Net-privacy tool Tor, says report

Latest secret documents provided by Edward Snowden and published by Guardian show that National Security Agency has been trying to break through online anonymity provided by popular tool.

Edward Moyer Senior Editor
Edward Moyer is a senior editor at CNET and a many-year veteran of the writing and editing world. He enjoys taking sentences apart and putting them back together. He also likes making them from scratch. ¶ For nearly a quarter of a century, he's edited and written stories about various aspects of the technology world, from the US National Security Agency's controversial spying techniques to historic NASA space missions to 3D-printed works of fine art. Before that, he wrote about movies, musicians, artists and subcultures.
Credentials
  • Ed was a member of the CNET crew that won a National Magazine Award from the American Society of Magazine Editors for general excellence online. He's also edited pieces that've nabbed prizes from the Society of Professional Journalists and others.
Edward Moyer
4 min read
Part of a page from a secret NSA document titled "Tor Stinks" Screenshot by CNET

The National Security Agency has been trying to crack the online anonymity provided by Tor, a US-funded Internet tool designed to keep Net activity private and said to be widely used by dissidents in oppressive countries, as well as by terrorists. That's according to the latest secret intelligence documents drawn from the cache leaked by Edward Snowden and published by the UK's Guardian newspaper.

The NSA hasn't been able to crack Tor outright, but through various means it's been able to "de-anonymize a very small fraction of Tor users," says an internal NSA document quoted by the Guardian.

The news of the agency's interest in Tor follows a report last month on the NSA's efforts to circumvent privacy-ensuring encryption of all kinds. The New York Times said the agency has sidestepped common Net encryption methods in a number of ways, including hacking into the servers of private companies to steal encryption keys, collaborating with tech companies to build in back doors, and covertly introducing weaknesses into encryption standards. The revelations are all part of the outcry over surveillance that's been kicked up by the Snowden leaks.

Tor -- originally TOR, or "The Onion Router" -- was first developed by the US Naval Research Laboratory and is currently funded in part by the US State Department and Department of Defense.

To put it simply, Tor facilitates anonymous Web surfing, forum posting, instant messaging, and other Internet communication by wrapping signals in layers of encryption and then sending them on an unpredictable path through a network of routers. Each router peels off one "skin" of encryption to send the signal along, but no one router has access to all the details -- thus the signal can't be traced back to its sender.

US government funding is based, in part, on the desire to help Internet users in a country like China, say, access restricted sites or communicate about prohibited subjects without fear of reprisal. But Tor might also be used by journalists (in the US and elsewhere; Americans use Tor as well) -- who are looking to protect communications. It might even be used, the Tor Project site says, "for socially sensitive communication: chat rooms and Web forums for rape and abuse survivors, or people with illnesses." Law enforcement agencies say Tor is also used by terrorists, drug dealers, and child pornographers.

The newly published NSA documents say the agency will "never be able to de-anonymize all Tor users all the time" and that it's also had "no success de-anonymizing a user in response" to a specific request. But the Guardian reports that the agency secretly tries to "direct traffic toward NSA-operated servers," that it measures "the timings of messages going in and out of the [Tor] network to try to identify users," that it "attempts to degrade or disrupt" Tor so people will stop using it, and that it has implanted "malicious code on the computers of Tor users who visit particular Web sites."

One NSA technique, code-named EgotisticalGiraffe, took advantage of a flaw in a version of the Firefox browser that was packaged by the Tor Project with other software designed to let people easily get up and running with the service. If people using that software bundle visited particular Web sites, the NSA placed malware on their machines that let the agency access their files and monitor their keystrokes and Web activity. That flaw has since been fixed in more recent versions of Firefox.

The NSA justified its actions, in general terms, in a statement sent to the Guardian:

In carrying out its signals intelligence mission, NSA collects only those communications that it is authorized by law to collect for valid foreign intelligence and counter-intelligence purposes, regardless of the technical means used by those targets or the means by which they may attempt to conceal their communications. NSA has unmatched technical capabilities to accomplish its lawful mission.

As such, it should hardly be surprising that our intelligence agencies seek ways to counteract targets' use of technologies to hide their communications. Throughout history, nations have used various methods to protect their secrets, and today terrorists, cybercriminals, human traffickers and others use technology to hide their activities. Our intelligence community would not be doing its job if we did not try to counter that.

But a representative for the Electronic Frontier Foundation, a past Tor Project funder and a self-described defender of free speech and privacy in the realm of technology, was troubled by the revelations. Citing the example of a battered woman who might use Tor to hide her visits to an online help service from her attacker, as well as uses by dissidents, EFF Legal Director Cindy Cohn told CNET, "Of course the government should get to go after bad guys, but they shouldn't be able to break the security and trust promises of the Internet to do that."

You can read the Guardian's package of stories about the NSA and Tor here.

Update, 1:21 p.m. PT: The Director of National Intelligence has responded to the Tor news. In a post on the "IC on the Record" blog James Clapper says, in part, "the articles fail to make clear that the Intelligence Community's interest in online anonymity services and other online communication and networking tools is based on the undeniable fact that these are the tools our adversaries use to communicate and coordinate attacks against the United States and our allies." You can read Clapper's statement in full here.