NSA launches repeated attacks on Tor – but core system remains secure

Douglas Crawford

Douglas Crawford

October 7, 2013

Despite being largely funded and promoted by the US government in order to ‘inform, engage, and connect people around the world in support of freedom and democracy’, the NSA has made repeated attempts to infiltrate the anonymity Tor network, and to uncover the identity of its users.

As revealed in new series of documents disclosed by Edward Snowden and published by the Guardian newspaper (see ‘Tor Stinks’, ‘Peeling back the layers of Tor with EgotisticalGiraffe’ and ‘The king of high-secure, low-latency anonymity’), these revelations are particularity shocking in light of the fact that Obama has advanced a ‘freedom agenda’, and where the State Department itself has said of tools such as Tor,

‘[T]he technologies of internet repression, monitoring and control continue to advance and spread as the tools that oppressive governments use to restrict internet access and to track citizen online activities grow more sophisticated. Sophisticated, secure, and scalable technologies are needed to continue to advance internet freedom.’

The good news is that, as the ‘Tor Stinks’ presentation reveals, the NSA (in collaboration with the UK’s GHCQ) will ‘never be able to de-anonymize all Tor users all the time’.

Some success has nevertheless been achieved, particularly in the form of various proof of concept attacks which rely on the NSA and GHCQ’s massive data surveillance systems, and include:

  • Trying to spot patterns in where the signal enters and leaves the Tor network to identify users, a technique that involved a large number of Tor exit nodes so traffic through them could be monitored (for a look at how the Tor network works, see our article here). Success here has however been noted as ‘negligible’, since the NSA could only ‘access to very few nodes’ and it is ‘difficult to combine meaningfully with passive Sigint
  • Attempts to direct Tor traffic towards NSA controlled nodes
  • Efforts to ‘shape’ the development of Tor
  • Measuring and timing the ins and outs of Tor traffic in an effort to identify users identities
  • Once Tor users are identified, to implant malicious code into their computers
  • Targeting a vulnerably in the Firefox browser (which is included in the Tor Bundle). This vulnerably in Firefox was accidentally fixed in Firefox 17 in November 2012, and as of January this year had not been circumvented by the NSA (although many people still use the older unpatched version)
  • Implanting malicious code into certain websites deemed used by organized criminals and terrorists in order to infect visitors bowsers

As we noted however, despite the scale of these attacks, success has been limited, and president of the Tor project Roger Dingledine has confirmed to The Guardian that while it cannot guarantee absolute privacy,

‘The good news is that they went for a browser exploit, meaning there’s no indication they can break the Tor protocol or do traffic analysis on the Tor network. Infecting the laptop, phone, or desktop is still the easiest way to learn about the human behind the keyboard.

‘Tor still helps here: you can target individuals with browser exploits, but if you attack too many users, somebody’s going to notice. So even if the NSA aims to surveil everyone, everywhere, they have to be a lot more selective about which Tor users they spy on.

‘Just using Tor isn’t enough to keep you safe in all cases. Browser exploits, large-scale surveillance, and general user security are all challenging topics for the average internet user. These attacks make it clear that we, the broader internet community, need to keep working on better security for browsers and other internet-facing applications.’

Additional headaches to the NSA may be caused by the fact that it is impossible to distinguish Tor traffic belonging United States citizens from the traffic of international users, which likely contravenes the US constitution’s Forth Amendment (requiring probable cause before any searches or seizures can be performed).

Exclusive Offer
Get NordVPN for only