Top-secret documents disclosed to The Guardian, have revealed that both American and British intelligence agencies have been desperately trying to crack the online anonymity network, Tor.
Edward Snowden released today several top-secret documents to the The Guardian which reveal that the Tor online anonymizer network is currently and has long been a top-priority target for both the NSA and GCHQ intelligence agencies.
The Tor network is, by its own description, “an open network that helps you defend against … network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security,” and is widely-used by people around the world to circumvent governmental monitoring and censorship. By nature of the anonymity services that the network provides, though, it has become an increasingly popular outlet for criminal activity in recent years, which has likely lead to the interest in the network by British and American intelligence agencies.
“Tor protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, and it prevents the sites you visit from learning your physical location.”
According to the presentation released by Snowden, the NSA and GCHQ have long been working to crack the Tor network, but with very little success. Bruce Schneier of The Guardian was first to break the news.
The very feature that makes Tor a powerful anonymity service, and the fact that all Tor users look alike on the internet, makes it easy to differentiate Tor users from other web users. On the other hand, the anonymity provided by Tor makes it impossible for the NSA to know who the user is, or whether or not the user is in the US.
After identifying an individual Tor user on the internet, the NSA uses its network of secret internet servers to redirect those users to another set of secret internet servers, with the codename FoxAcid, to infect the user’s computer. FoxAcid is an NSA system designed to act as a matchmaker between potential targets and attacks developed by the NSA, giving the agency opportunity to launch prepared attacks against their systems.
Once the computer is successfully attacked, it secretly calls back to a FoxAcid server, which then performs additional attacks on the target computer to ensure that it remains compromised long-term, and continues to provide eavesdropping information back to the NSA.
From the information released, it does seem that the Tor network remains safe as a whole as not even the world’s most well-funded, government-backed hackers can break into it, but as explained in the documents released by Snowden, individual users can be identified.
Tor usage has skyrocketed since Snowden first started publishing secret documents; the number of Americans using Tor jumped 75 percent after the first several leaks. The leaks reveal that the intelligence agencies rely on methods that consist of first “identifying users and then attacking vulnerable software on their computer.”
The Guardian’s James Ball, Bruce Schneier and Glen Greenwald continued: “while it seems that the NSA has not compromised the core security of the Tor software or network, the documents detail proof-of-concept attacks including several relying on the large-scale online surveillance systems maintained by the NSA and GCHQ through internet cable taps.”
Like other leaks, the news today has caused a social media uproar.
Do hope Tor has a way of tracking # new users they get as a result of today’s scoop.
Which will, of course, make it still harder to crack.
– emptywheel (@emptywheel) October 04, 2013
These most recent Snowden leaks come just after the FBI shut down the online Silk Road marketplace, and at a time where the public is most conscious of their online activity and who might be tracking them. It is clearer now than ever that the arms of the NSA and GCHQ are reaching further than ever thought.
Sources: Tor Project, The Guardian