Your Source for Leaks Around the World!

NSA & GCHQ Target Tor Network (TOP SECRET Docs)

In Archive, GCHQ, NSA, NSA Files, Surveillance, Tor on October 4, 2013 at 6:53 PM

NSA-Tor

10/04/2013

James Ball/Bruce Schneier/Glenn Greenwald/Guardian:

The National Security Agency has made repeated attempts to develop attacks against people using Tor, a popular tool designed to protect online anonymity, despite the fact the software is primarily funded and promoted by the US government itself.

Top-secret NSA documents, disclosed by whistleblower Edward Snowden, reveal that the agency’s current successes against Tor rely on identifying users and then attacking vulnerable software on their computers. One technique developed by the agency targeted the Firefox web browser used with Tor, giving the agency full control over targets’ computers, including access to files, all keystrokes and all online activity.

But the documents suggest that the fundamental security of the Tor service remains intact. One top-secret presentation, titled ‘Tor Stinks’, states: “We will never be able to de-anonymize all Tor users all the time.” It continues: “With manual analysis we can de-anonymize a very small fraction of Tor users,” and says the agency has had “no success de-anonymizing a user in response” to a specific request.

Another top-secret presentation calls Tor “the king of high-secure, low-latency internet anonymity”.

More…

Attacking Tor: How the NSA Targets Users’ Online Anonymity

Why the NSA’s Attacks on the Internet Must Be Made Public

10/04/2013

Barton Gellman/Craig Timberg/Steven Rich/WashingtonPost:

In some cases, the NSA has succeeded in blocking access to the anonymous network, diverting Tor users to insecure channels. With a tool called MJOLNIR — the name of the hammer used by Thor, the Norse god of thunder — it has been able to monitor and control the paths of communications that are supposed to be chosen randomly as they pass through Tor. Another operation, called MULLENIZE, can “stain” anonymous traffic as it enters the Tor network, enabling the NSA to identify users as it exits.

More…

Everything You Need to Know About the NSA and Tor in One FAQ

Talk by Roger Dingledine of TorProject.org at the NSA (2007)

The following document is a 2006 research paper produced for the NSA’s “Cryptanalysis and Exploitation Services” office. It lays out the technical features of Tor and proposes a number of theoretical and practical attacks, some of which the NSA developed and used in subsequent years. Among other things, the paper describes an NSA-written adaptation of Tor, “indistinguishable from an original Tor client,” which enables the NSA to gather intelligence inside the network. It also describes two kinds of “denial of service” attacks against Tor, code-named Coil and Flower, which are used to divert would-be anonymous communications into open channels.

Selected extracts show how NSA uses a technique with codename EgotisticalGiraffe to attack Tor users through vulnerable software on their computers

This 2012 report from the NSA’s British counterpart, the General Communications Headquarters, describes a method of “staining” electronic traffic to distinguish otherwise anonymous users. It is used to unmask Tor users and devices on networks in which many computers share the same Internet address. The method relies on planting code in a web browser to change the “user agent,” which is the way the browser identifies itself on the web. In a two month period, the report says, GCHQ managed to implant about 200 computers with uniquely identifying stains.

Top-secret presentation says ‘We will never be able to de-anonymize all Tor users all the time’ but ‘with manual analysis we can de-anonymize a very small fraction of Tor users’

Extracts from top-secret NSA document acknowledge the fundamental security of the Tor protection tool and say ‘there are no contenders to the throne in waiting’

Related Link: NSA’s XKeyscore Source Code Targets Tor and Tails Users

  1. I laughed like a drain when I read this.
    After telling people for years that nothing is hack proof and being told how stupid I was, I can now happily say “I told you so”.

  2. […] to identify targets to hack. A presentation released in October by the Guardian called “Tor Stinks” indicates that the agency was using cookies for DoubleClick.net, Google’s third-party […]

  3. […] major high profile users breaking news about the network itself, discussions about funding, FBI/NSA exploitation of Tor Browser users, botnet related load on the Tor network and other important […]

  4. […] and to “quietly redirect web-browsers” to NSA malware servers called FOXACID. In October, details about the FOXACID system were reported by the Guardian, which revealed its links to attacks against users of the Internet […]

  5. […] according to other NSA documents. The same author wrote secret presentations related to the NSA’s controversial program to identify users of the Tor browser – a privacy-enhancing tool that allows people to browse the Internet […]

  6. […] and to “quietly redirect web-browsers” to NSA malware servers called FOXACID. In October, details about the FOXACID system were reported by the Guardian, which revealed its links to attacks against users of the Internet […]

  7. […] Related Link: NSA & GCHQ Target Tor Network (TOP SECRET Docs) […]

  8. […] US and UK cyberspies are deliberately undermining their workmates’ “dark web” surveillance efforts, according to the leading developer of software used to access hidden parts of the […]

  9. […] Sometimes they borrow from Mother Nature, with monikers such as “EVILOLIVE” and “EGOTISTICALGIRAFFE.” Other times, they would seem to take their guidance from Hollywood. A program called […]

  10. […] to the NSA files leaked by Edward Snowden in June 2013, encrypted email is still a major thorn in the side of government security […]

  11. […] attempts to decrypt messages sent through heavily encrypted email service providers like Zoho or in monitoring users of the Tor […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: