Tag Archives: tor

Tor is getting a major security upgrade

tor-upgrade-head-640x353

To hackers, spies, and cyber-criminals these days, calling Tor “secure” is a bit laughable. There are so many exploits and workarounds, along with unavoidable weaknesses to side-channel attacks performed in the physical world, that in some cases the false sense of cyber-security can end up making relaxed use of Tor less secure than paranoid use of the regular internet. If you’re someone looking to buy some weed on the internet (or communicate securely with your mistress), Tor is probably alright for you. If you’re looking to sell some weed on the internet, get in contact with a government informant, or share sensitive information between foreign activists, it probably isn’t. Tor is looking to change that.

This is coming specifically in the wake of recent revelations of wide-ranging vulnerabilities in Tor’s anonymity protocols. A high-profile expose accused researchers at Carnegie Mellon of accepting a government bounty (reportedly a cool million dollars) to de-anonymize certain Tor users (those specifically mentioned in the expose include a child porn suspect and a Dark Market seller). Their attack vector and others are just what cynical hacker-forum users have been prophesying for years, things like malicious Tor nodes and directory servers that exist solely to suck up the personal info of those Tor users they serve.

TorOne major initiative involves the algorithm governing the selection and use of “guard nodes,” which are the first anonymizing nodes used by a Tor hidden service, and thus the only nodes interacting with the legitimate IP, directly. Right now, a Tor connection might use multiple guard nodes and as a result open itself up to more vulnerability than necessary — now, the developers want to make sure that Tor connections use the minimum possible number of guard nodes, and preferably just one.

Another push hopes to reinforce the wall between dark web domains, the crawlers used by search engines, and specialized server-finders. One of the strengths of a hidden service is that it’s hidden — not just the physical location of the server hosting the service, but the digital address of the service itself, unless you’re specifically handed the randomly generated onion address. Keeping hidden services off of search engine results means that a private service can remain private, used only by those people specifically handed the address. Should an attacker find that address, Tor’s anonymity protocols should protect it. But attackers can’t even try to access services they have no idea exist.

silk road head

If you’re up to delving a bit deeper into the Dark Web, and you don’t mind looking at 99 useless sites for every interesting one, boot up the Tor Browser and take a look at this ingenious hidden service indexing tool for an idea of the level of crawling that can currently be done on the Deep Web.

The Tor Project exists to provide anonymity — that is its main function, and all other functions are in service to that. So, to attack the security of a Tor user (even a legitimately horrible criminal) is to attack Tor itself. It’s a tough principle to stand behind, at the end of the day — to get mad about police efforts to catch child pornographers. Yet, the security world is united; security researcher Bruce Schneider has called Carnegie Mellon’s alleged collaboration “reprehensible,” as did numerous other academic security researchers.

silk road 2Their reasoning is sound. There is simply no way to attack the availability of anonymity to bad people without also undermining the availability of anonymity to good ones. We also need to have a class of disinterested researchers who can interface with the criminal/quasi-legal cyber underground and have meaningful, honest conversations — we need this for social understanding, the maintenance of free speech, and effective law enforcement.

That’s not a perspective that seems to exist in the government, to any extent. The recent terrorist attacks in Paris have led to sustained attacks on encryption and anonymity, even before the investigation produced any evidence that the attackers had used encryption, and certainly in absence of any evidence that if they had not used encryption that they would have been detected reliably by French or international security agencies. The New York Times, which broke the story of an alleged encryption aspect to the attacks, has since pulled the story from their website.

Of course, the hacker/security community will take some time to win back, and may never return to the fold. There’s a significant number of people who still believe that Tor is an elaborate government honeypot with zero real security from government spying. That’s unlikely, but ultimately it’s the perception that counts. Can the Tor Project win back the hardcores? Perhaps not. But with its continuing, aggressive updates, it could keep us normies safer as we browse drug-lists without buying, stare uncomprehendingly at ISIS statements posted in Arabic, and just generally indulge the extremes of our intellectual curiosity.

In other words, it could keep the basic tenets of liberty alive just a little bit longer.

Advertisements
Tagged , , , , ,

Tor launches anti-censorship Messenger service

A new chat tool has been launched in an effort to improve the security of online messaging.

Tor Messenger allows users to chat over the Tor (The Onion Router) network in a way which hides the location of participants.

It means that the contents of messages will only be visible to the participants.

The service will also work with platforms like Facebook even in countries where they are banned.

The tool is currently in beta and will undergo security tests.

Users wishing to remain anonymous or access chat clients blocked in their own country could use Tor Messenger to chat via services like Facebook Chat, Google Talk, Twitter, Yahoo and Internet Relay Chat.

The program does not communicate via what’s often called the “dark web”, a collection of hidden websites and services, but rather by sending messages across a series of internet relays (or routers) so that their origin cannot be tracked.

These relays are called “bridges”.

Bypassing blocks

“They’re computers run by volunteers and in a censored area your computer will connect to these,” explained Steven Murdoch, a security researcher at University College London who has worked on Tor projects.

“Those services are not publicly listed anywhere – they should not be blocked even if access to the Tor network is blocked.”

In addition, messages may be encrypted to provide additional security. This feature is enabled by default, though both parties in a one-to-one chat would have to have off-the-record encryption (OTR) set up.

This requires the two parties to exchange a secret key which is needed to decode the messages they send to each other.

Interest in privacy

“At the end of the day some people really do need privacy and security so this would be important to them,” commented Jim Killock, executive director of the Open Rights Group.

He also told the BBC that he imagined the tool, once audited, could be used by whistleblowers, individuals wanting to complain about corruption or sources desiring to speak to journalists anonymously about a story.

“I think it shows the worries people have that chats and other clients are being snooped on,” he added.

Dr Murdoch also made the point that while the service was still being tested, it shouldn’t be used by those who have serious security concerns.

“It’s good for people to experiment with but not if you’ve got serious security requirements yet,” he told the BBC.

Tagged , , , , ,

MIT researchers figure out how to break Tor anonymity without cracking encryption

The Tor network has millions of daily users who rely on it for anonymous access to resources on the open internet and within Tor itself. There have been various attacks on the anonymous aspect of Tor over the years, but a new proof of concept from researchers at MIT demonstrates what may be the simplest way yet to find out what people are accessing through Tor. Luckily, there’s also a fix Tor’s operators can implement.

Tor was originally an acronym for “the onion router,” which is an accurate description of how it’s structured. It offers anonymous access to online resources by passing user requests through multiple layers of encrypted connections. It all starts at the entry node, sometimes called the guard. That’s the only system that knows your real IP address, but the next node in the chain only knows the IP of the entry node, the next only knows the previous node’s address, and so on until you reach the destination.

This scheme prevents anyone from knowing who is accessing what websites via Tor, and security is even stronger when it comes to hidden services that are hosted entirely within Tor. The now-defunct Silk Road and similar sites are examples of Tor hidden services. Breaking the encryption to unmask users of Tor is complicated and can’t be done reliably right now, but the MIT technique doesn’t require compromising encryption. Instead, it’s a very clever form of traffic fingerprinting.

tor-onion

The attack targets the previously mentioned entry nodes, as have several attacks in the past. Basically, the attacker sets up a computer on the Tor network as an entry node and waits for people to send requests through it. When a connection is established over Tor, a lot of data is sent back and forth. MIT researchers used machine learning algorithms to monitor that data and count the packets. Using only this metric, the system can determine with 99% accuracy what kind of resource the user is accessing (i.e. the open web, a hidden service, and so on).

Simply knowing what sort of connection a user is making isn’t particularly useful, but the algorithms can do a lot more with the traffic data. Traffic fingerprinting can be used to determine which hidden services a user is accessing with 88% accuracy based solely on the pattern of packets sent. Keep in mind, the encryption is still uncompromised in this scenario.

This is only possible because the attacker is running the entry node the victim is connected to. However, the entry node is selected randomly for each session. The attacker would need to run a lot of guard nodes to identify a significant number of connections and it would be very hard to target a specific user.

The fix for this attack is actually pretty simple. The Tor network needs to start sending dummy packets that make all requests look the same. If there’s no discernible pattern to the data, the destination can’t be determined. Tor developers have acknowledged the issue and are considering ways to implement a fix.

Tagged , , , , , , , ,

High-speed anonymising network proposed

A high-speed anonymous way to browse the web has been developed by security researchers.

The team, based in Zurich and London, say they have found a way to mask data that does little to slow it down.

Many anonymising systems are slow because data is encrypted many times as it travels.

But the new high-speed encryption system, Hornet, could theoretically move data around at speeds up to 93GBps, its creators say.

Review required

Hornet is conceptually similar to The Onion Router (Tor) network that many people currently use to disguise from where they are browsing the web.

Tor encrypts data as it hops randomly between the servers or relays that make up the network.

However, encrypting and decrypting data many times adds a processing overhead, which means browsing the web via Tor can be slow and frustrating.

Tor’s design “suffers from performance and scalability issues: as more clients use Tor, more relays must be added to the network”, said the researchers in a paperdescribing their work.

Hornet avoids some of the problems that limit how many users a Tor-like system can handle by changing the way it handles information about where data is going.

By removing some of this administrative overhead, it is possible to speed up the passage of data through the network’s anonymising core.

In addition, they wrote, these changes made Hornet less susceptible to some of the attacks that have been used to unmask people who use Tor.

Writing on tech news site the Daily Dot, Patrick O’Neill noted that the paper describing Hornet had not yet been peer-reviewed.

“Peer review is critical to the development of research like this, and Hornet can’t be considered even close to fully formed until review comes,” he wrote.

“Still, research that endeavours to rethink the design of anonymity networks can lay the groundwork for the next stages of the technology.”

Tagged , , , , , , , , , ,

Tor Stands Tall Against the NSA

Tor Stands Tall Against the NSA

It seems fairly clear that the U.S. security agency has been trying to hack into Tor for some time. “The real question here concerns who the exploit was targeting,” suggested Ken Westin, founder of mobileprivacy.org. “Was is it people law enforcement had probable cause to monitor, or was it a blanket exploit that targeted all users of Tor?” It’s pretty reasonable to assume the latter, Westin opined.

The National Security Agency tried to crack the encryption protecting the Tor network — known as a bulletproof vehicle for anonymous communication — but was unable to do so, according to news reports based on revelations provided by former NSA systems administrator Edward Snowden.

Undaunted, the agency and its British counterpart, GCHQ, then reportedly used a flaw in older versions of Firefox to circumvent Tor and gain access to a small number of communications.

Overall, though, the majority of communications sent via Tor appear to be safe from government eyes, according to documents disclosed Friday by The Guardian.

“We will never be able to de-anonymize all Tor users all the time,” states one top-secret presentation, titled “Tor Stinks.” “With manual analysis we can de-anonymize a very small fraction of Tor users.”

An Inevitable Clash

It was almost inevitable that the NSA would try to penetrate Tor — at least based on what has been revealed about the NSA’s online spy activities by Snowden over the past several months.

Tor, short for “the Onion Router,” is an open-source public project devoted to keeping communications anonymous and safe from government eyes. It achieves this by bouncing its Internet traffic through several other computers.

NSA, according to the documents released by Snowden, has been avidly scouring Internet communications by both U.S. citizens and people around the world on behalf of U.S. national security. Tor would have been a natural target in its mission.

Tor was the browser of choice for users of Silk Road, the illicit website recently shut down by the FBI.

Tor Wins

That Tor was able to keep its users’ identities secret, at least for the most part, is a testament to the technology’s strength, Craig Young, security researcher at Tripwire, told TechNewsWorld.

“The fact that the NSA and GCHQ are using browser vulnerabilities to expose users, in spite of having control of many ISPs and many Tor exit nodes, indicates that attempts to exploit Tor at a network level have failed,” he said.

Still, users have to be on top of all aspects of security if they expect Tor to protect their communications, he continued.

Experienced Tor users understand that in spite of the software’s “onion routing,” their identities can still be compromised by client side content running within a browser, Young said. Experienced users also certainly know enough to disable browser plug-ins and JavaScript processing to protect themselves.

Not everyone using Tor has advanced security and privacy knowledge, he noted, but even in such scenarios the network tries to protect users.

The NSA’s attempts to leverage Firefox against Tor was not a first — earlier this year, according to Young, the FBI used a Firefox exploit to expose users and shut down a hidden Tor service called Freedom Hosting.

“The TOR project responded by reminding users how to use the service securely as well as by updating the Firefox Tor bundle to disable JavaScript by default,” Young said.

Who Are They Targeting?

Tor’s success in thwarting the NSA and FBI should not be overemphasized to the point where the original point — that the government was trying to hack Tor — is lost, said Ken Westin, founder of mobileprivacy.org.

“Governments are behaving like hackers and essentially weaponizing software vulnerabilities,” Westin told TechNewsWorld.

“The real question here concerns who the exploit was targeting,” he explained. “Was is it people law enforcement had probable cause to monitor, or was it a blanket exploit that targeted all users of Tor?”

It’s pretty reasonable to assume the latter, Westin opined.

“That raises some thorny legal and ethical questions about the reach and the use of exploits and other tools used by hackers with malicious intent, against a country’s people by its government,” he said.

A Common Phenomenon

Such tactics are actually quite common in governments around the world, Philip Lieberman, president of Lieberman Software, told TechNewsWorld.

“I can say that this and other undisclosed weaknesses in technology are regularly used by both sides in cyberwarfare,” Lieberman explained. “Nation state inventories of exploits vary by country, and their usage is generally unknown to the general public.”

Tagged , , , , ,

Tor Stands Tall Against the NSA

 

Tor Stands Tall Against the NSA

It seems fairly clear that the U.S. security agency has been trying to hack into Tor for some time. “The real question here concerns who the exploit was targeting,” suggested Ken Westin, founder of mobileprivacy.org. “Was is it people law enforcement had probable cause to monitor, or was it a blanket exploit that targeted all users of Tor?” It’s pretty reasonable to assume the latter, Westin opined. 

The National Security Agency tried to crack the encryption protecting the Tor network — known as a bulletproof vehicle for anonymous communication — but was unable to do so, according to news reports based on revelations provided by former NSA systems administrator Edward Snowden.

Undaunted, the agency and its British counterpart, GCHQ, then reportedly used a flaw in older versions of Firefox to circumvent Tor and gain access to a small number of communications.

Overall, though, the majority of communications sent via Tor appear to be safe from government eyes, according to documents disclosed Friday by The Guardian.

“We will never be able to de-anonymize all Tor users all the time,” states one top-secret presentation, titled “Tor Stinks.” “With manual analysis we can de-anonymize a very small fraction of Tor users.”

An Inevitable Clash

It was almost inevitable that the NSA would try to penetrate Tor — at least based on what has been revealed about the NSA’s online spy activities by Snowden over the past several months.

Tor, short for “the Onion Router,” is an open-source public project devoted to keeping communications anonymous and safe from government eyes. It achieves this by bouncing its Internet traffic through several other computers.

NSA, according to the documents released by Snowden, has been avidly scouring Internet communications by both U.S. citizens and people around the world on behalf of U.S. national security. Tor would have been a natural target in its mission.

Tor was the browser of choice for users of Silk Road, the illicit website recently shut down by the FBI.

Tor Wins

That Tor was able to keep its users’ identities secret, at least for the most part, is a testament to the technology’s strength, Craig Young, security researcher at Tripwire, told TechNewsWorld.

“The fact that the NSA and GCHQ are using browser vulnerabilities to expose users, in spite of having control of many ISPs and many Tor exit nodes, indicates that attempts to exploit Tor at a network level have failed,” he said.

Still, users have to be on top of all aspects of security if they expect Tor to protect their communications, he continued.

Experienced Tor users understand that in spite of the software’s “onion routing,” their identities can still be compromised by client side content running within a browser, Young said. Experienced users also certainly know enough to disable browser plug-ins and JavaScript processing to protect themselves.

Not everyone using Tor has advanced security and privacy knowledge, he noted, but even in such scenarios the network tries to protect users.

The NSA’s attempts to leverage Firefox against Tor was not a first — earlier this year, according to Young, the FBI used a Firefox exploit to expose users and shut down a hidden Tor service called Freedom Hosting.

“The TOR project responded by reminding users how to use the service securely as well as by updating the Firefox Tor bundle to disable JavaScript by default,” Young said.

Who Are They Targeting?

Tor’s success in thwarting the NSA and FBI should not be overemphasized to the point where the original point — that the government was trying to hack Tor — is lost, said Ken Westin, founder of mobileprivacy.org.

“Governments are behaving like hackers and essentially weaponizing software vulnerabilities,” Westin told TechNewsWorld.

“The real question here concerns who the exploit was targeting,” he explained. “Was is it people law enforcement had probable cause to monitor, or was it a blanket exploit that targeted all users of Tor?”

It’s pretty reasonable to assume the latter, Westin opined.

“That raises some thorny legal and ethical questions about the reach and the use of exploits and other tools used by hackers with malicious intent, against a country’s people by its government,” he said.

A Common Phenomenon

Such tactics are actually quite common in governments around the world, Philip Lieberman, president of Lieberman Software, told TechNewsWorld.

“I can say that this and other undisclosed weaknesses in technology are regularly used by both sides in cyberwarfare,” Lieberman explained. “Nation state inventories of exploits vary by country, and their usage is generally unknown to the general public.”

Tagged , , ,

NSA tracks Google ads to find Tor users

The National Security Agency uses a bit of jiu-jitsu to turn the structure of Web ad networks against people who run Tor to remain anonymous.

Just because the National Security Agency hasn’t cracked the anonymizing service Tordoesn’t mean that people who use the service are free from surveillance.

The NSA has been able to use ad networks like Google’s, and The Onion Router’s own entry and exit nodes on the Internet, to follow some Tor users, according to a new report based on documents leaked by whistleblower Edward Snowden and obtained by security researcher Bruce Schneier with the Guardian. Tor is primarily funded by the US State Department and the Department of Defense, home of the NSA.

Tor promotes itself as helping people “defend against traffic analysis, a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security.”

Robert Hansen, a browser specialist at the security firm White Hat Security, said that Tor access node tracking is not new.

“A couple of years ago a hacking group published exactly 100 embassy passwords from Tor exit nodes. One hundred is too round of a number,” he said. “Just logically there must be more. If you get enough exit nodes and entrance nodes, they can be correlated together.”

Director of National Intelligence James Clapper criticized reporters and denied that his office was doing anything illegal, citing the threat of “adversaries.”

 The articles fail to mention that the Intelligence Community is only interested in communication related to valid foreign intelligence and counterintelligence purposes and that we operate within a strict legal framework that prohibits accessing information related to the innocent online activities of US citizens.

 

The system that the NSA uses to locate and identify Tor users begins, at least sometimes, with the buying of ads on networks like Google’s AdSense.

“Just because you’re using Tor doesn’t mean that your browser isn’t storing cookies,” said Jeremiah Grossman, a colleague of Hansen’s who also specializes in browser vulnerabilities.

As Grossman described the procedure to CNET, the NSA is aware of Tor’s entry and exit nodes because of its Internet-wide surveillance.

“The very feature that makes Tor a powerful anonymity service, and the fact that all Tor users look alike on the Internet, makes it easy to differentiate Tor users from other Web users,” he wrote.

The NSA buys ads from ad display companies like Google and seeds them around Tor’s access points.

“The NSA then cookies that ad, so that every time you go to a site, the cookie identifies you. Even though your IP address changed [because of Tor], the cookies gave you away,” he said.

This is not some complicated or even an unusual trick, Grossman said. It’s how tracking ads were intended to function.

“That’s the Web by design, not a hack,” he said.

The NSA, he said, is not spending much money on it since Internet ads are so cheap. Grossman speculated that an ad campaign would only cost around $1,000 to seed ads with the NSA’s cookies around the Web.

“$50,000 would be overkill,” he said.

Because the NSA is essentially using how the Web functions to spy on its users, tools like Tortilla that take the burden of Tor usage away from Firefox wouldn’t prevent the NSA’s tracking ads from finding people.

It wouldn’t be feasible for Google to block ad buys from the NSA, and if the company did, he said, “they could just buy through a proxy.”

Google did not respond to a request for comment.

Both Tor itself and Schneier noted that the NSA has not been able to track every Tor user this way. “They are hard for any organization other than the NSA to reliably execute, because they require the attacker to have a privileged position on the Internet backbone,” Schneier said.

Grossman speculated that the NSA could be using spam e-mail campaigns as it’s been using display ads, though he cautioned that he didn’t have evidence that this was actually happening.

“On the off chance that [the spam recipient] renders the HTML or clicks a link, [the NSA] can connect your e-mail address to your browser,” he explained, which the NSA would have already connected to an IP address. “Using Tor or any proxy wouldn’t prevent it.”

Not all Tor installations are created equal, added Hansen, who has an unusual pedigree in the browser vulnerability field because he’s also a veteran of the ValueClick ad network, which was later bought by DoubleClick, which subsequently was purchased by Google.

“It depends on whether you’re using Tor Button or Tor Browser,” he said. “The Tor Button tends to be more secure because as you jump in and out of the Tor Browser, it tracks cache and cookies.”

However, since the Tor Project now includes a patched version of Firefox, it recommends not using the Tor Button and only using the standard Tor Browser Bundle instead.

More secure than either, Hansen said, was to run Tor on a virtual machine so that cookies and cache are dumped when the machine is closed, and the kind of man-in-the-middle and man-on-the-side attacks described by Schneier are avoided.

“If you don’t take the critical steps to protect your privacy, you will be de-cloaked if you’re doing something interesting,” Hansen said.

Tagged , , , , , ,

NSA and GCHQ target Tor network that protects anonymity of web users

It looks like NSA and GCHQ wants to know everything about anyone who has access on the internet…

 Top-secret documents detail repeated efforts to crack Tor
• US-funded tool relied upon by dissidents and activists
• Core security of network remains intact but NSA has some success attacking users’ computers
• Bruce Schneier: the NSA’s attacks must be made public
• Attacking Tor: the technical details
• ‘Peeling back the layers with Egotistical Giraffe’ – document
• ‘Tor Stinks’ presentation – full document
• Tor: ‘The king of high-secure, low-latency anonymity’

NSA laptop

The National Security Agency has made repeated attempts to develop attacks against people using Tor, a popular tool designed to protect online anonymity, despite the fact the software is primarily funded and promoted by the US government itself.

Top-secret NSA documents, disclosed by whistleblower Edward Snowden, reveal that the agency’s current successes against Tor rely on identifying users and then attacking vulnerable software on their computers. One technique developed by the agency targeted the Firefox web browser used with Tor, giving the agency full control over targets’ computers, including access to files, all keystrokes and all online activity.

But the documents suggest that the fundamental security of the Tor service remains intact. One top-secret presentation, titled ‘Tor Stinks’, states: “We will never be able to de-anonymize all Tor users all the time.” It continues: “With manual analysis we can de-anonymize a very small fraction of Tor users,” and says the agency has had “no success de-anonymizing a user in response” to a specific request.

Another top-secret presentation calls Tor “the king of high-secure, low-latency internet anonymity”.

Tor – which stands for The Onion Router – is an open-source public project that bounces its users’ internet traffic through several other computers, which it calls “relays” or “nodes”, to keep it anonymous and avoid online censorship tools.

It is relied upon by journalists, activists and campaigners in the US and Europe as well as in China, Iran and Syria, to maintain the privacy of their communications and avoid reprisals from government. To this end, it receives around 60% of its funding from the US government, primarily the State Department and the Department of Defense – which houses the NSA.

Despite Tor’s importance to dissidents and human rights organizations, however, the NSA and its UK counterpart GCHQ have devoted considerable efforts to attacking the service, which law enforcement agencies say is also used by people engaged in terrorism, the trade of child abuse images, and online drug dealing.

Privacy and human rights groups have been concerned about the security of Tor following revelations in the Guardian, New York Times and ProPublica about widespread NSA efforts to undermine privacy and security software. A report by Brazilian newspaper Globo also contained hints that the agencies had capabilities against the network.

While it seems that the NSA has not compromised the core security of the Tor software or network, the documents detail proof-of-concept attacks, including several relying on the large-scale online surveillancesystems maintained by the NSA and GCHQ through internet cable taps.

One such technique is based on trying to spot patterns in the signals entering and leaving the Tor network, to try to de-anonymise its users. The effort was based on a long-discussed theoretical weakness of the network: that if one agency controlled a large number of the “exits” from the Tor network, they could identify a large amount of the traffic passing through it.

The proof-of-concept attack demonstrated in the documents would rely on the NSA’s cable-tapping operation, and the agency secretly operating computers, or ‘nodes’, in the Tor system. However, one presentation stated that the success of this technique was “negligible” because the NSA has “access to very few nodes” and that it is “difficult to combine meaningfully with passive Sigint”.

While the documents confirm the NSA does indeed operate and collect traffic from some nodes in the Tor network, they contain no detail as to how many, and there are no indications that the proposed de-anonymization technique was ever implemented.

Other efforts mounted by the agencies include attempting to direct traffic toward NSA-operated servers, or attacking other software used by Tor users. One presentation, titled ‘Tor: Overview of Existing Techniques’, also refers to making efforts to “shape”, or influence, the future development of Tor, in conjunction with GCHQ.

Another effort involves measuring the timings of messages going in and out of the network to try to identify users. A third attempts to degrade or disrupt the Tor service, forcing users to abandon the anonymity protection.

Such efforts to target or undermine Tor are likely to raise legal and policy concerns for the intelligence agencies.

Foremost among those concerns is whether the NSA has acted, deliberately or inadvertently, against internet users in the US when attacking Tor. One of the functions of the anonymity service is to hide the country of all of its users, meaning any attack could be hitting members of Tor’s substantial US user base.

Several attacks result in implanting malicious code on the computer of Tor users who visit particular websites. The agencies say they are targeting terrorists or organized criminals visiting particular discussion boards, but these attacks could also hit journalists, researchers, or those who accidentally stumble upon a targeted site.

The efforts could also raise concerns in the State Department and other US government agencies that provide funding to increase Tor’s security – as part of the Obama administration’s internet freedom agenda to help citizens of repressive regimes – circumvent online restrictions.

Material published online for a discussion event held by the State Department, for example, described the importance of tools such as Tor.

“[T]he technologies of internet repression, monitoring and control continue to advance and spread as the tools that oppressive governments use to restrict internet access and to track citizen online activities grow more sophisticated. Sophisticated, secure, and scalable technologies are needed to continue to advance internet freedom.”

The Broadcasting Board of Governors, a federal agency whose mission is to “inform, engage, and connect people around the world in support of freedom and democracy” through networks such as Voice of America, also supported Tor’s development until October 2012 to ensure that people in countries such as Iran and China could access BBG content. Tor continues to receive federal funds through Radio Free Asia, which is funded by a federal grant from BBG.

The governments of both these countries have attempted to curtail Tor’s use: China has tried on multiple occasions to block Tor entirely, while one of the motives behind Iranian efforts to create a “national internet” entirely under government control was to prevent circumvention of those controls.

The NSA’s own documents acknowledge the service’s wide use in countries where the internet is routinely surveilled or censored. One presentation notes that among uses of Tor for “general privacy” and “non-attribution”, it can be used for “circumvention of nation state internet policies” – and is used by “dissidents” in “Iran, China, etc”.

Yet GCHQ documents show a disparaging attitude towards Tor users. One presentation acknowledges Tor was “created by the US government” and is “now maintained by the Electronic Frontier Foundation (EFF)”, a US freedom of expression group. In reality, Tor is maintained by an independent foundation, though has in the past received funding from the EFF.

The presentation continues by noting that “EFF will tell you there are many pseudo-legitimate uses for Tor”, but says “we’re interested as bad people use Tor”. Another presentation remarks: “Very naughty people use Tor”.

The technique developed by the NSA to attack Tor users through vulnerable software on their computers has the codename EgotisticalGiraffe, the documents show. It involves exploiting the Tor browser bundle, a collection of programs, designed to make it easy for people to install and use the software. Among these is a version of the Firefox web browser.

The trick, detailed in a top-secret presentation titled ‘Peeling back the layers of Tor with EgotisticalGiraffe’, identified website visitors who were using the protective software and only executed its attack – which took advantage of vulnerabilities in an older version of Firefox – against those people. Under this approach, the NSA does not attack the Tor system directly. Rather, targets are identified as Tor users and then the NSA attacks their browsers.

According to the documents provided by Snowden, the particular vulnerabilities used in this type of attack were inadvertently fixed by Mozilla Corporation in Firefox 17, released in November 2012 – a fix theNSA had not circumvented by January 2013 when the documents were written.

The older exploits would, however, still be usable against many Tor users who had not kept their software up to date.

A similar but less complex exploit against the Tor network was revealed by security researchers in July this year. Details of the exploit, including its purpose and which servers it passed on victims’ details to, led to speculation it had been built by the FBI or another US agency.

At the time, the FBI refused to comment on whether it was behind the attack, but subsequently admitted in a hearing in an Irish court that it had operated the malware to target an alleged host of images of child abuse – though the attack did also hit numerous unconnected services on the Tor network.

Roger Dingledine, the president of the Tor project, said the NSA’s efforts serve as a reminder that using Tor on its own is not sufficient to guarantee anonymity against intelligence agencies – but showed it was also a great aid in combating mass surveillance.

“The good news is that they went for a browser exploit, meaning there’s no indication they can break the Tor protocol or do traffic analysis on the Tor network,” Dingledine said. “Infecting the laptop, phone, or desktop is still the easiest way to learn about the human behind the keyboard.

“Tor still helps here: you can target individuals with browser exploits, but if you attack too many users, somebody’s going to notice. So even if theNSA aims to surveil everyone, everywhere, they have to be a lot more selective about which Tor users they spy on.”

But he added: “Just using Tor isn’t enough to keep you safe in all cases. Browser exploits, large-scale surveillance, and general user security are all challenging topics for the average internet user. These attacks make it clear that we, the broader internet community, need to keep working on better security for browsers and other internet-facing applications.”

The Guardian asked the NSA how it justified attacking a service funded by the US government, how it ensured that its attacks did not interfere with the secure browsing of law-abiding US users such as activists and journalists, and whether the agency was involved in the decision to fund Tor or efforts to “shape” its development.

The agency did not directly address those questions, instead providing a statement.

It read: “In carrying out its signals intelligence mission, NSA collects only those communications that it is authorized by law to collect for valid foreign intelligence and counter-intelligence purposes, regardless of the technical means used by those targets or the means by which they may attempt to conceal their communications. NSA has unmatched technical capabilities to accomplish its lawful mission.
 
“As such, it should hardly be surprising that our intelligence agencies seek ways to counteract targets’ use of technologies to hide their communications. Throughout history, nations have used various methods to protect their secrets, and today terrorists, cybercriminals, human traffickers and others use technology to hide their activities. Our intelligence community would not be doing its job if we did not try to counter that.”

• This article was amended on 4 October after the Broadcasting Board of Governors pointed out that its support of Tor ended in October 2012.

• Bruce Schneier is an unpaid member of the Electronic Frontier Foundation’s board of directors. He has not been involved in any discussions on funding.

Tagged , , , , , ,