The National Security Agency has made repeated attempts to develop attacks against people using Tor, a popular tool designed to protect online anonymity, despite the fact the software is primarily funded and promoted by the US government itself.
Top-secret NSA documents, disclosed by whistleblower Edward Snowden, reveal that the agency’s current successes against Tor rely on identifying users and then attacking vulnerable software on their computers. One technique developed by the agency targeted the Firefox web browser used with Tor, giving the agency full control over targets’ computers, including access to files, all keystrokes and all online activity.
But the documents suggest that the fundamental security of the Tor service remains intact. One top-secret presentation, titled ‘Tor Stinks’, states: “We will never be able to de-anonymize all Tor users all the time.” It continues: “With manual analysis we can de-anonymize a very small fraction of Tor users,” and says the agency has had “no success de-anonymizing a user in response” to a specific request.
Another top-secret presentation calls Tor “the king of high-secure, low-latency internet anonymity”.
In some cases, the NSA has succeeded in blocking access to the anonymous network, diverting Tor users to insecure channels. With a tool called MJOLNIR — the name of the hammer used by Thor, the Norse god of thunder — it has been able to monitor and control the paths of communications that are supposed to be chosen randomly as they pass through Tor. Another operation, called MULLENIZE, can “stain” anonymous traffic as it enters the Tor network, enabling the NSA to identify users as it exits.
The following document is a 2006 research paper produced for the NSA’s “Cryptanalysis and Exploitation Services” office. It lays out the technical features of Tor and proposes a number of theoretical and practical attacks, some of which the NSA developed and used in subsequent years. Among other things, the paper describes an NSA-written adaptation of Tor, “indistinguishable from an original Tor client,” which enables the NSA to gather intelligence inside the network. It also describes two kinds of “denial of service” attacks against Tor, code-named Coil and Flower, which are used to divert would-be anonymous communications into open channels.
Selected extracts show how NSA uses a technique with codename EgotisticalGiraffe to attack Tor users through vulnerable software on their computers
This 2012 report from the NSA’s British counterpart, the General Communications Headquarters, describes a method of “staining” electronic traffic to distinguish otherwise anonymous users. It is used to unmask Tor users and devices on networks in which many computers share the same Internet address. The method relies on planting code in a web browser to change the “user agent,” which is the way the browser identifies itself on the web. In a two month period, the report says, GCHQ managed to implant about 200 computers with uniquely identifying stains.
Top-secret presentation says ‘We will never be able to de-anonymize all Tor users all the time’ but ‘with manual analysis we can de-anonymize a very small fraction of Tor users’
Extracts from top-secret NSA document acknowledge the fundamental security of the Tor protection tool and say ‘there are no contenders to the throne in waiting’
Related Link: NSA’s XKeyscore Source Code Targets Tor and Tails Users