The National Security Agency has spent time and resources to develop ways to attack and undermine Tor, software designed to protect the anonymity of online users.
A presentation, classified top secret and obtained by The Guardian from former NSA contractor and whistleblower Edward Snowden, contains technical details on how the Mozilla Firefox browser used with Tor can be targeted.
As James Ball, Bruce Schneier and Glenn Greenwald report, targeting Firefox can give the “agency full control over targets’ computers, including access to files, all keystrokes and all online activity.”
By using a technique that goes by the codename “EgotisticalGiraffe,” the NSA “does not attack the Tor system” but rather identifies “targets” as “Tor users and then the NSA attacks their browsers.” The vulnerabilities, however, were fixed in Firefox 17, which was released in November 2012. The NSA, as of January 2013, had not been able to get around the inadvertent change by Mozilla.
Other documents on efforts to to defeat Tor strike an adolescent tone. One top secret presentation is titled “Tor Stinks!” It admits, “We will never be able to de-anonymize all Tor users all the time.”
They show the NSA and GCHQ have used “proof-of-concept attacks, including several relying on the large scale online surveillance systems maintained by the NSA and GCHQ through internet cable taps.” The “EgotisticalGiraffe” presentation says “hundreds of thousands” use Tor, including dissidents in Iran and China. And, also, “Terrorists!” and “Other targets too!” use Tor. ["Terrorists!" is in bright red.]
One part of a GCHQ presentation, which highlights the Electronic Frontier Foundation’s past role in helping the development of Tor, reads, “EFF will tell you there are many pseudo-legitimate uses for Tor”, but, “We’re interested as bad people use Tor.” Another presentation remarks: “Very naughty people use Tor.”
What is this graphic of a Terrorist that looks like a cross between the Lone Ranger and a lumberjack?
Schneier describes in another article how the NSA goes about targeting users. The NSA finds Tor users. This is done by monitoring the Internet. “Fingerprints” are created and “loaded into NSA database systems like XKeyscore,” which the NSA claims allows the NSA to “see ‘almost everything’ a target does on the internet.” Internet traffic is sifted through in search of Tor connections.
Following the completion of that process, Schenier explains:
After identifying an individual Tor user on the internet, the NSA uses its network of secret internet servers to redirect those users to another set of secret internet servers, with the codename FoxAcid, to infect the user’s computer. FoxAcid is an NSA system designed to act as a matchmaker between potential targets and attacks developed by the NSA, giving the agency opportunity to launch prepared attacks against their systems.
Once the computer is successfully attacked, it secretly calls back to a FoxAcid server, which then performs additional attacks on the target computer to ensure that it remains compromised long-term, and continues to provide eavesdropping information back to the NSA.
As The Guardian story explicitly points out, the US government has encouraged the development and even praised the value of using Tor because it can afford protection to journalists and activists conducting work under repressive regimes.
In 2011, it was reported that the State Department, Defense Department and Broadcasting Board of Governors were funding projects like Tor to help “democracy activists” in the Middle East. Sixty percent of Tor’s funding has come from the US government, according to Tor’s 2012 budget.
On the US State Department’s own website, in its technology section, biographies for a panel on next generation anti-censorship tools that was apparently held on March 6, 2013, can be found. A paragraph at the top of the posting reads:
Anti-censorship tools have become increasingly popular and, as a result, are being overwhelmed by demand. Online bottlenecks slow the tools and often make them inaccessible. At the same time, the technologies of internet repression, monitoring and control continue to advance and spread as the tools that oppressive governments use to restrict internet access and to track citizen online activities grow more sophisticated. Sophisticated, secure, and scalable technologies are needed to continue to advance Internet Freedom…
According to Schneier, a security technologist, “The anonymity provided by Tor makes it impossible for the NSA to know who the user is, or whether or not the user is in the US.”
The larger story is that the NSA is actively targeting individuals, whom the State Department has worked to empower through supporting the development of anti-censorship tools.