Back   OpEd News
Font
PageWidth
Original Content at
https://www.opednews.com/articles/NSA-and-GCHQ-target-Tor-ne-by-Glenn-Greenwald-Anonymity_Anonymous_Computers_Internet-131004-577.html
(Note: You can view every article as one long page if you sign up as an Advocate Member, or higher).

October 4, 2013

NSA and GCHQ target Tor network that protects anonymity of web users

By Glenn Greenwald

Tor -- which stands for The Onion Router -- is an open-source public project that bounces its users' internet traffic through several other computers, which it calls "relays" or "nodes," to keep it anonymous and avoid online censorship tools.

::::::::

... Top-secret documents detail repeated efforts to crack Tor
... Tool funded by US government and relied on by dissidents and activists
... Core security of network remains intact but NSA has some success attacking users' computers


(Image by Unknown Owner)   Details   DMCA
One technique developed by the agency targeted the Firefox web browser used with Tor, giving the agency full control over targets' computers. Photograph: Felix Clay

*This article co-written by  and     

The National Security Agency has made repeated attempts to develop attacks against people using Tor, a popular tool designed to protect online anonymity, despite the fact the software is primarily funded and promoted by the US government itself.

Top-secret NSA documents, disclosed by whistleblower Edward Snowden, reveal that the agency's current successes against Tor rely on identifying users and then attacking vulnerable software on their computers. One technique developed by the agency targeted the Firefox web browser used with Tor, giving the agency full control over targets' computers, including access to files, all keystrokes and all online activity.

But the documents suggest that the fundamental security of the Tor service remains intact. One top-secret presentation, titled "Tor Stinks," states: "We will never be able to de-anonymize all Tor users all the time." It continues: "With manual analysis we can de-anonymize a very small fraction of Tor users," and says the agency has had "no success de-anonymizing a user in response" to a specific request.

Another top-secret presentation calls Tor "the king of high-secure, low-latency internet anonymity."

Tor -- which stands for The Onion Router -- is an open-source public project that bounces its users' internet traffic through several other computers, which it calls "relays" or "nodes," to keep it anonymous and avoid online censorship tools.

It is relied upon by journalists, activists and campaigners in the US and Europe as well as in China, Iran and Syria, to maintain the privacy of their communications and avoid reprisals from government. To this end, it receives around 60% of its funding from the US government, primarily the State Department and the Department of Defense -- which houses the NSA.

Despite Tor's importance to dissidents and human rights organizations, however, the NSA and its UK counterpart  GCHQ  have devoted considerable efforts to attacking the service, which law enforcement agencies say is also used by people engaged in terrorism, the trade of child abuse images, and online drug dealing.

Privacy and human rights groups have been concerned about the security of Tor following revelations in the Guardian, New York Times and ProPublica about widespread NSA efforts to undermine privacy and security software. A report by Brazilian newspaper Globo also contained hints that the agencies had capabilities against the network.

While it seems that the NSA has not compromised the core security of the Tor software or network, the documents detail proof-of-concept attacks, including several relying on the large-scale online surveillance systems maintained by the NSA and GCHQ through internet cable taps.

One such technique is based on trying to spot patterns in the signals entering and leaving the Tor network, to try to de-anonymise its users. The effort was based on a long-discussed theoretical weakness of the network: that if one agency controlled a large number of the "exits" from the Tor network, they could identify a large amount of the traffic passing through it.

The proof-of-concept attack demonstrated in the documents would rely on the NSA's cable-tapping operation, and the agency secretly operating computers, or "nodes," in the Tor system. However, one presentation stated that the success of this technique was "negligible" because the NSA has "access to very few nodes" and that it is "difficult to combine meaningfully with passive Sigint."

While the documents confirm the NSA does indeed operate and collect traffic from some nodes in the Tor network, they contain no detail as to how many, and there are no indications that the proposed de-anonymization technique was ever implemented.

Other efforts mounted by the agencies include attempting to direct traffic toward NSA-operated servers, or attacking other software used by Tor users. One presentation, titled "Tor: Overview of Existing Techniques," also refers to making efforts to "shape," or influence, the future development of Tor, in conjunction with GCHQ.

Another effort involves measuring the timings of messages going in and out of the network to try to identify users. A third attempts to degrade or disrupt the Tor service, forcing users to abandon the anonymity protection.

Such efforts to target or undermine Tor are likely to raise legal and policy concerns for the intelligence agencies.

Foremost among those concerns is whether the NSA has acted, deliberately or inadvertently, against internet users in the US when attacking Tor. One of the functions of the anonymity service is to hide the country of all of its users, meaning any attack could be hitting members of Tor's substantial US user base.

Several attacks result in implanting malicious code on the computers of Tor users who visit particular websites. The agencies say they are targeting terrorists or organized criminals visiting particular discussion boards, but these attacks could also hit journalists, researchers, or those who accidentally stumble upon a targeted site.

The efforts could also raise concerns in the State Department and other US government agencies that provide funding to increase Tor's security -- as part of the Obama administration's internet freedom agenda to help citizens of repressive regimes -- circumvent online restrictions.

Material published online for a discussion event held by the State Department, for example, described the importance of tools such as Tor.

"[T]he technologies of internet repression, monitoring and control continue to advance and spread as the tools that oppressive governments use to restrict internet access and to track citizen online activities grow more sophisticated. Sophisticated, secure, and scalable technologies are needed to continue to advance internet freedom."

The Broadcasting Board of Governors, a federal agency whose mission is to "inform, engage, and connect people around the world in support of freedom and democracy" through networks such as Voice of America, also supports Tor's development, and uses it to ensure its broadcasts reach people in countries such as Iran and China.

The governments of both these countries have attempted to curtail Tor's use: China has tried on multiple occasions to block Tor entirely, while one of the motives behind Iranian efforts to create a "national internet" entirely under government control was to prevent circumvention of those controls.

The NSA's own documents acknowledge the service's wide use in countries where the internet is routinely surveilled or censored. One presentation notes that among uses of Tor for "general privacy" and "non-attribution," it can be used for "circumvention of nation state internet policies" -- and is used by "dissidents" in "Iran, China, etc."

Yet GCHQ documents show a disparaging attitude towards Tor users. One presentation acknowledges Tor was "created by the US government" and is "now maintained by the Electronic Frontier Foundation (EFF)," a US freedom of expression group. In reality, Tor is maintained by an independent foundation, though has in the past received funding from the EFF.

The presentation continues by noting that "EFF will tell you there are many pseudo-legitimate uses for Tor," but says "we're interested as bad people use Tor." Another presentation remarks: "Very naughty people use Tor."

The technique developed by the NSA to attack Tor users through vulnerable software on their computers has the codename EgotisticalGiraffe, the documents show. It involves exploiting the Tor browser bundle, a collection of programs, designed to make it easy for people to install and use the software. Among these is a version of the Firefox web browser.

Please go to The Guardian to read the rest of this article.



Authors Bio:

[Subscribe to Glenn Greenwald] Glenn Greenwald is a journalist,former constitutional lawyer, and author of four New York Times bestselling books on politics and law. His most recent book, "No Place to Hide," is about the U.S. surveillance state and his experiences reporting on the Snowden documents around the world. His forthcoming book, to be published in April, 2021, is about Brazilian history and current politics, with a focus on his experience in reporting a series of expose's in 2019 and 2020 which exposed high-level corruption by powerful officials in the government of President Jair Bolsonaro, which subsequently attempted to prosecute him for that reporting.


Foreign Policy magazine named Greenwald one of the top 100 Global Thinkers for 2013. He was the debut winner, along with "Democracy Now's" Amy Goodman, of the Park Center I.F. Stone Award for Independent Journalism in 2008, and also received the 2010 Online Journalism Award for his investigative work breaking the story of the abusive detention conditions of Chelsea Manning.


For his 2013 NSA reporting, working with his source Edward Snowden, he received the George Polk Award for National Security Reporting; the Gannett Foundation Award for investigative journalism and the Gannett Foundation Watchdog Journalism Award; the Esso Premio for Excellence in Investigative Reporting in Brazil (he was the first non-Brazilian to win); and the Electronic Frontier Foundation's Pioneer Award. The NSA reporting he led for The Guardian was also awarded the 2014 Pulitzer Prize for Public Service. A film about the work Greenwald and filmmaker Laura Poitras did with Snowden to report the NSA archive, "CitizenFour," directed by Poitras, was awarded the 2015 Academy Award for Best Documentary.


In 2019, he received the Special Prize from the Vladimir Herzog Institute for his reporting on the Bolsonaro government and pervasive corruption inside the prosecutorial task force that led to the imprisonment of former Brazilian President Lula da Silva. The award is named after the Jewish immigrant journalist who was murdered during an interrogation by the Brazilian military dictatorship in 1977. Several months after the reporting began, Lula was ordered released by the Brazilian Supreme Court, and the former President credited the expose's for his liberty. In early 2020, Brazilian prosecutors sought to prosecute Greenwald in connection with the reporting, but the charges were dismissed due to a Supreme Court ruling, based on the Constitutional right of a free press, that barred the Bolsonaro government from making good on its threats to retaliate against Greenwald.


After working as a journalist at Salon and The Guardian, Greenwald co-founded The Intercept in 2013 along with Poitras and journalist Jeremy Scahill, and co-founded The Intercept Brasil in 2016. He resigned fromThe Intercept in October, 2020, to return to independent journalism.


Greenwald lives in Rio de Janeiro, Brazil with his husband, Congressman David Miranda, their two children, and 26 rescue dogs. In 2017, Greenwald and Miranda created an animal shelter in Brazil supported in part through public donations designed to employ and help exit the streets homeless people who live on the streets with their pets.


Back