Sign in with
Sign up | Sign in

NSA Has Trouble with Tor, Snowden Documents Show

By - Source: Tom's Guide US | B 20 comments

A detail of an NSA presentation slide showing how Tor anonymizes Internet traffic.A detail of an NSA presentation slide showing how Tor anonymizes Internet traffic.

UPDATED 9:45 am ET Monday (Oct. 7) with comments from Director of National Intelligence James Clapper.

The National Security Agency can't crack Tor.

That's the upshot of new PowerPoint slides provided by NSA leaker Edward Snowden and released by the British newspaper The Guardian today (Oct. 4). The documents show that the NSA and its British counterpart, GCHQ, have had little success breaking into the Tor Internet anonymizing protocol.

"We will never be able to de-anonymize all Tor users all the time," reads a PowerPoint presentation entitled "Tor Stinks" and meant to be shown to NSA and GCHQ personnel. "With manual analysis, we can de-anonymize a very small fraction of Tor users."

MORE: 13 Security and Privacy Tips for the Truly Paranoid

Cryptography expert Bruce Schneier, who is assisting The Guardian with examination of the Snowden files, wrote in a piece on the newspaper's website that NSA and GCHQ have fallen back to attacking flaws in the software and computers running Tor.

"The NSA attacks we found individually target Tor users by exploiting vulnerabilities in their Firefox browsers," Schneier wrote, "and not the Tor application directly."

Tor, originally an acronym for "The Onion Router," was initially developed by the U.S. Navy. It is now an open-source project maintained by volunteers, but U.S. government agencies still provide much of its funding.

Tor users install special software that strips identifying information from Internet data packets and sends email, Web pages and other Internet traffic through a hidden network of servers.

DOWNLOAD: Tor Browser Bundle for Windows

Tor has "hundreds of thousands of users," states another purported NSA presentation, classifying those users into "dissidents," "terrorists" and "other targets." (The U.S. State Department advises dissidents in other countries to use Tor to communicate secretly.)

Earlier this week, the U.S. Justice Department took down the Silk Road, a drug-dealing website accessible only through Tor, and arrested a man alleged to be its owner and operator.

The "Tor Stinks" presentation dates from June 2012 and was apparently intended for a two-week "joint NSA/GCHQ counter-Tor workshop."

"Week one at MHS focus on analytics," reads one slide, possibly referring to the GCHQ/NSA radio listening post at Menwith Hill in northern England.

"Week two at GCHQ focus on exploitation," the slide continues, presumably referring to GCHQ's main facility outside Cheltenham in southwestern England.

The slides detail various failed attempts to identify Tor users through wayward browser "cookies," timing of sent messages and other methods.

For a time, another PowerPoint presentation details, it seemed the NSA was able to spy on Tor users who were using a specific build of the Firefox Web browser, but the flaw that permitted the spying was fixed in later versions of Firefox. (The flaw was different from one that the FBI used to catch child-pornography suspects who used Tor.)

The NSA programs that spied on Firefox were called "ERRONEOUSINGENUITY," "EGOTISTICALGOAT" and "EGOTISTICALGIRAFFE."

Other programs, some perhaps not real, mentioned in the documents included "ONIONBREATH," "QUANTUMCOOKIE," "RONIN," "QUICKANT," "GREAT EXPECTATIONS" and "EPICFAIL." 

Ultimately, according to one presentation, the best way to target possible Tor users may be to simply infect their computers with traditional spyware, such as keyloggers or Web-traffic diverters.

"Tor stinks ... but it could be worse," concludes one presentation. "Will never get 100 percent, but we don't need to provide true IPs [Internet Protocol addresses] for every target every time they use Tor."

UPDATE: On his office's Tumblr blog Friday evening, U.S. Director of National Intelligence James R. Clapper posted a statement addressing the revelations in the Guardian story, which were mirrored in a separate Washington Post story.

"The articles fail to make clear that the Intelligence Community's interest in online anonymity services and other online communication and networking tools is based on the undeniable fact that these are the tools our adversaries use to communicate and coordinate attacks against the United States and our allies," Clapper wrote.

"The articles fail to mention that the Intelligence Community is only interested in communication related to valid foreign intelligence and counterintelligence purposes, and that we operate within a strict legal framework that prohibits accessing information related to the innocent online activities of U.S. citizens," he said.

"In the modern telecommunications era, our adversaries have the ability to hide their messages and discussions among those of innocent people around the world," the director of national intelligence stated. "They use the very same social networking sites, encryption tools and other security features that protect our daily online activities."

Follow Paul Wagenseil at @snd_wagenseil. Follow Tom's Guide at @tomsguide, on Facebook and on Google+.

Discuss
Ask a Category Expert

Create a new thread in the Streaming Video & TVs forum about this subject

Example: Notebook, Android, SSD hard drive

This thread is closed for comments
Top Comments
  • 15 Hide
    Larry Bob , October 4, 2013 2:43 PM
    So the NSA has a right to install spyware on users' computers without their discretion if they use a program to prevent the NSA (in theory) from spying on them?

    Seems legit.
  • 13 Hide
    MajinCry , October 4, 2013 2:38 PM
    BWAHAHAHA!

    Oh god. That diagram. Looks like something right out of a satirical comic.

    Shame that it's real.

    I wonder if people will start recognizing propaganda now.
  • 11 Hide
    house70 , October 4, 2013 2:49 PM
    "NSA Has Trouble with Tor"

    Good, good...
Other Comments
    Display all 20 comments.
  • 13 Hide
    MajinCry , October 4, 2013 2:38 PM
    BWAHAHAHA!

    Oh god. That diagram. Looks like something right out of a satirical comic.

    Shame that it's real.

    I wonder if people will start recognizing propaganda now.
  • 15 Hide
    Larry Bob , October 4, 2013 2:43 PM
    So the NSA has a right to install spyware on users' computers without their discretion if they use a program to prevent the NSA (in theory) from spying on them?

    Seems legit.
  • 11 Hide
    house70 , October 4, 2013 2:49 PM
    "NSA Has Trouble with Tor"

    Good, good...
  • 5 Hide
    Rahbot , October 4, 2013 3:01 PM
    "So the NSA has a right to install spyware on users' computers without their discretion if they use a program to prevent the NSA (in theory) from spying on them?

    Seems legit."

    So if you found such software on your PC could you Sue the NSA for millions for stepping on your rights... I know I would sue them for like 100 Trillion dollars, if it happened to me.. serves the NSA... they don't need to spy on everyone they think are against them and this Nazi Government in place by other Muti-Millionaires, doing their bidding.
  • 0 Hide
    michael908 , October 4, 2013 3:04 PM
    This is a document from over a year ago. I'm sure the NSA has made great strides in cracking it.
  • 0 Hide
    jhansonxi , October 4, 2013 4:48 PM
    There are others: http://en.wikipedia.org/wiki/Anonymous_P2P
  • 1 Hide
    DREGstudios , October 4, 2013 5:41 PM
    The dystopian fantasies of yesteryear are now a reality. We’ve allowed the coming of an age where the civil liberties our forefathers fought so hard for are being eroded by the day. Freedom of Press, Freedom of Speech and Freedom of Assembly are mere ghostly images of their original intent. We’ve woken up to an Orwellian Society of Fear where anyone is at the mercy of being labeled a terrorist for standing up for rights we took for granted just over a decade ago. Read about how we’re waging war against ourselves at http://dregstudiosart.blogspot.com/2011/09/living-in-society-of-fear-ten-years.html
  • 4 Hide
    bustapr , October 4, 2013 5:47 PM
    @rahbot, of only it were that easy. sadly te NSA is protected by the almighty broken Patriot Act which they seem to mention every time they are accused of something.

    I think they could even sue you back for "getting in the way of justice".
  • 0 Hide
    HEXiT , October 4, 2013 11:23 PM
    you know if the nsa and gchq had bothered to be transparent about the fact that they were monitoring emails i would have considered not being to bothered about them looking at my porn surfing habits. but the fact that there doing it with so little regard to peoples privacy is really starting to irk me...

  • 0 Hide
    HEXiT , October 4, 2013 11:30 PM
    i dunno why you have thumbed down DREGstudios he is rite in a way... less than 10 years go this would have been a story of pure fantasy, but today it is the real reality. our own governments now live in fear of there own populace. not because we have done anything to deserve it but because they have betrayed us and they know, we now know it.
    every day houses are being raided and people are being shot to death in the u.s.a by swat teams only to find out they have killed innocent people. but you dont hear much about it on the news because it is being buried...
  • 2 Hide
    jalek , October 5, 2013 2:31 AM
    All users are one of those three, dissidents, terrorists, or other targets?
    So internally they acknowledge that every person is their target.

    Is TOR still ridiculously slow to use as an anonymizer for normal websites?
  • 0 Hide
    coolitic , October 5, 2013 8:45 AM
    I think it's good that the NSA can only track down specific people in TOR. This way almost all of them ACTUALLY turn out to be terrorists/criminals (contrary to what they usually track).

    The words NSA use atm are making themselves look childish and Obama needs to focus on the NSA right after he deals with the arrogant and childish republicans (I dont necessarily mean that in general)
  • 0 Hide
    SuckRaven , October 5, 2013 1:48 PM
    The terrorists are winning. Oh wait....They have already won. And they are all right here in D.C. In other words, while our government is supposedly busy fighting a concept "terrorism", which is ludicrous, the undermining of the ideologies of American nationalism and patriotism has already occurred. We don't need terrorists anymore waging physical attacks and causing physical destruction. The warmongering of U.S. foreign policy has brought this upon itself. The paranoia in this country is insanely out of control, but not without merit or cause. This is what happens when Americans are taught to distrust everything and everyone. We become paranoid fanatics ourselves, afraid of our own shadows. It's really pretty pathetic. And yes, our rights have basically been violated for years and years, it's just that it's a lot more visible now, and more present in the public eye, thanks to people like Snowden. Funny how the people that knew or suspected all along were labeled paranoid nutcases. Not so paranoid now were they? Anyways, since we essentially have no PERSONAL rights anymore, and since the vast majority of the American public is so ignorant, lazy, uninformed, and downright apathetic, they will just continue to take it in the a**. The few that feel like they could do something and are willing, they cannot, because their numbers are too few, and any attempt at even speaking out against the status quo will result in their being silenced, eliminated, or otherwise defamed or ruined. The federal govt, is way to big of a behemoth to bring down now. A good ol' fashioned town assembly with torches and pitchforks ain't gonna work no more folks. They have the spies, they have the army, and they have the guns. Votes mean nothing, words mean nothing, protests and assembly mean nothing. The media is in their hands, serving their interests, and pumping soft heads full of more warmongering and paranoia. I for one personally believe, that we've essentially reached a point of no return, because the American people have been asleep at the wheel for too long, and now we're driving off that cliff, but we're doing it nicely together. Welcome to the future. IT SUCKS !!!

    This guy said it nicely too, a LONG time ago:

    http://www.youtube.com/watch?v=R3nXvScRazg
  • -3 Hide
    gajeeni , October 6, 2013 12:04 PM

    I just want to add my story. I get paid over $87 per hour working online with Google! I work two shifts 2 hours in the day and 2 in the evening. And whats awesome is Im working from home so I get more time with my kids. Its by-far the best job I’ve had. I follow this great link >>>> http://cuttr.it/ukvczrq
  • 0 Hide
    seinfeld , October 6, 2013 3:11 PM
    so a program the US government created. is having trouble cracking it! Seems /Legit!
    you all do realize this is seriously flawed. all these news pieces about how the NSA is having trouble. is just a way to restore faith back in a broken system? This is just like facebook. all the ppl that go on it subject themselves to the security flaw. Its perfect! pose as open source and uncrackable, now all the ppl that want to ide things jump on the network! and bam instant suppository /you've been duped
  • 0 Hide
    Someone Somewhere , October 6, 2013 7:57 PM
    People who care about privacy are "dissidents". Great. Just what we needed.

    Also, the 'other targets' bit implies that both terrorists and dissidents are already targets - i.e. dissidents (those who dislike authority) are automatically targets.
  • 0 Hide
    The_Trutherizer , October 7, 2013 1:23 AM
    You mean the bad guys have privacy and we do not? Well that went well...
  • 0 Hide
    dalethepcman , October 7, 2013 11:38 AM
    Obviously half the posters here have never seen how government work operates... If you think they give a crap about you doing legal activities online, or even buying some mary jane from sites like "the silk road" you are sorely mistaken.

    This is the NSA, not the local sheriff. They don't have time to worry about your petty crimes, because they actually are busy doing the job they were tasked to do.

    They have the ability to spy on your every move online, but so does google, apple, microsoft, etc...

    I don't give a crap about privacy on the internet, because it doesn't exist.

    Key point in the above article was the words "Real time." Any packet can be decrypted, any ip data can be traced, they just cant do all of them 100% of the time in real time.

    tl:D r - if you aren't a terrorist or one of their associates, or calling/email/im'ing a terrorists or one of their associates, no one at the NSA gives a crap what you do.
  • 0 Hide
    James_Smith , October 7, 2013 12:56 PM

    It isn't as if any rational person still believes the USA is a free country. Think about it. No-warrant wire taps, indefinite detention of citizens without charges, approval of rendition of prisoners and torture, stop and frisk without probable cause, search and seizure without a warrant, no-knock entry, confiscation and destruction of cameras that might have been used to film police acting illegally, police brutality, police shootings that go without investigation, managed news, and the civil-rights destroying "Patriot" Act.


    Acts of police behaving illegally, with shootings, Tasers, and unwarranted violence now appear almost daily. Rarely are these offenses punished. Most often "an investigation" is claimed, but soon forgotten.

    

In addition, the USA, with 5% of the world population, has 25% of all of the prisoners in the world. That means the USA has the most people in prison of any nation in history. Even by percentage of residents incarcerated, not just sheer numbers. USA is # 1!

 Does any of that sound like a free country?


    As Dwight D. Eisenhower said about communism, "It's like slicing sausage. First they out off a small slice. That isn't worth fighting over. Then they take another small slice that isn't worth fighting over. Then another and another. Finally, all you have left is the string and that isn't worth fighting over, either.
  • 0 Hide
    James_Smith , October 7, 2013 12:58 PM

    It isn't as if any rational person still believes the USA is a free country. Think about it. No-warrant wire taps, indefinite detention of citizens without charges, approval of rendition of prisoners and torture, stop and frisk without probable cause, search and seizure without a warrant, no-knock entry, confiscation and destruction of cameras that might have been used to film police acting illegally, police brutality, police shootings that go without investigation, managed news, and the civil-rights destroying "Patriot" Act.


    Acts of police behaving illegally, with shootings, Tasers, and unwarranted violence now appear almost daily. Rarely are these offenses punished. Most often "an investigation" is claimed, but soon forgotten.

    

In addition, the USA, with 5% of the world population, has 25% of all of the prisoners in the world. That means the USA has the most people in prison of any nation in history. Even by percentage of residents incarcerated, not just sheer numbers. USA is # 1!

 Does any of that sound like a free country?


    As Dwight D. Eisenhower said about communism, "It's like slicing sausage. First they out off a small slice. That isn't worth fighting over. Then they take another small slice that isn't worth fighting over. Then another and another. Finally, all you have left is the string and that isn't worth fighting over, either.
Tom’s guide in the world
  • Germany
  • France
  • Italy
  • Ireland
  • UK
Follow Tom’s guide
Subscribe to our newsletter
  • add to twitter
  • add to facebook
  • ajouter un flux RSS