Skip to main content

NSA Has Trouble with Tor, Snowden Documents Show

A detail of an NSA presentation slide showing how Tor anonymizes Internet traffic.

A detail of an NSA presentation slide showing how Tor anonymizes Internet traffic.

UPDATED 9:45 am ET Monday (Oct. 7) with comments from Director of National Intelligence James Clapper.

The National Security Agency can't crack Tor.

That's the upshot of new PowerPoint slides provided by NSA leaker Edward Snowden and released by the British newspaper The Guardian today (Oct. 4). The documents show that the NSA and its British counterpart, GCHQ, have had little success breaking into the Tor Internet anonymizing protocol.

"We will never be able to de-anonymize all Tor users all the time," reads a PowerPoint presentation entitled "Tor Stinks" and meant to be shown to NSA and GCHQ personnel. "With manual analysis, we can de-anonymize a very small fraction of Tor users."

MORE: 13 Security and Privacy Tips for the Truly Paranoid

Cryptography expert Bruce Schneier, who is assisting The Guardian with examination of the Snowden files, wrote in a piece on the newspaper's website that NSA and GCHQ have fallen back to attacking flaws in the software and computers running Tor.

"The NSA attacks we found individually target Tor users by exploiting vulnerabilities in their Firefox browsers," Schneier wrote, "and not the Tor application directly."

Tor, originally an acronym for "The Onion Router," was initially developed by the U.S. Navy. It is now an open-source project maintained by volunteers, but U.S. government agencies still provide much of its funding.

Tor users install special software that strips identifying information from Internet data packets and sends email, Web pages and other Internet traffic through a hidden network of servers.

DOWNLOAD: Tor Browser Bundle for Windows

Tor has "hundreds of thousands of users," states another purported NSA presentation, classifying those users into "dissidents," "terrorists" and "other targets." (The U.S. State Department advises dissidents in other countries to use Tor to communicate secretly.)

Earlier this week, the U.S. Justice Department took down the Silk Road, a drug-dealing website accessible only through Tor, and arrested a man alleged to be its owner and operator.

The "Tor Stinks" presentation dates from June 2012 and was apparently intended for a two-week "joint NSA/GCHQ counter-Tor workshop."

"Week one at MHS focus on analytics," reads one slide, possibly referring to the GCHQ/NSA radio listening post at Menwith Hill in northern England.

"Week two at GCHQ focus on exploitation," the slide continues, presumably referring to GCHQ's main facility outside Cheltenham in southwestern England.

The slides detail various failed attempts to identify Tor users through wayward browser "cookies," timing of sent messages and other methods.

For a time, another PowerPoint presentation details, it seemed the NSA was able to spy on Tor users who were using a specific build of the Firefox Web browser, but the flaw that permitted the spying was fixed in later versions of Firefox. (The flaw was different from one that the FBI used to catch child-pornography suspects who used Tor.)

The NSA programs that spied on Firefox were called "ERRONEOUSINGENUITY," "EGOTISTICALGOAT" and "EGOTISTICALGIRAFFE."

Other programs, some perhaps not real, mentioned in the documents included "ONIONBREATH," "QUANTUMCOOKIE," "RONIN," "QUICKANT," "GREAT EXPECTATIONS" and "EPICFAIL." 

Ultimately, according to one presentation, the best way to target possible Tor users may be to simply infect their computers with traditional spyware, such as keyloggers or Web-traffic diverters.

"Tor stinks ... but it could be worse," concludes one presentation. "Will never get 100 percent, but we don't need to provide true IPs [Internet Protocol addresses] for every target every time they use Tor."

UPDATE: On his office's Tumblr blog Friday evening, U.S. Director of National Intelligence James R. Clapper posted a statement addressing the revelations in the Guardian story, which were mirrored in a separate Washington Post story.

"The articles fail to make clear that the Intelligence Community's interest in online anonymity services and other online communication and networking tools is based on the undeniable fact that these are the tools our adversaries use to communicate and coordinate attacks against the United States and our allies," Clapper wrote.

"The articles fail to mention that the Intelligence Community is only interested in communication related to valid foreign intelligence and counterintelligence purposes, and that we operate within a strict legal framework that prohibits accessing information related to the innocent online activities of U.S. citizens," he said.

"In the modern telecommunications era, our adversaries have the ability to hide their messages and discussions among those of innocent people around the world," the director of national intelligence stated. "They use the very same social networking sites, encryption tools and other security features that protect our daily online activities."

Follow Paul Wagenseil at @snd_wagenseil. Follow Tom's Guide at @tomsguide, on Facebook and on Google+.

  • MajinCry

    Oh god. That diagram. Looks like something right out of a satirical comic.

    Shame that it's real.

    I wonder if people will start recognizing propaganda now.
  • Larry Bob
    So the NSA has a right to install spyware on users' computers without their discretion if they use a program to prevent the NSA (in theory) from spying on them?

    Seems legit.
  • house70
    "NSA Has Trouble with Tor"

    Good, good...
  • Rahbot
    "So the NSA has a right to install spyware on users' computers without their discretion if they use a program to prevent the NSA (in theory) from spying on them?

    Seems legit."

    So if you found such software on your PC could you Sue the NSA for millions for stepping on your rights... I know I would sue them for like 100 Trillion dollars, if it happened to me.. serves the NSA... they don't need to spy on everyone they think are against them and this Nazi Government in place by other Muti-Millionaires, doing their bidding.
  • michael908
    This is a document from over a year ago. I'm sure the NSA has made great strides in cracking it.
  • jhansonxi
    There are others:
  • DREGstudios
    The dystopian fantasies of yesteryear are now a reality. We’ve allowed the coming of an age where the civil liberties our forefathers fought so hard for are being eroded by the day. Freedom of Press, Freedom of Speech and Freedom of Assembly are mere ghostly images of their original intent. We’ve woken up to an Orwellian Society of Fear where anyone is at the mercy of being labeled a terrorist for standing up for rights we took for granted just over a decade ago. Read about how we’re waging war against ourselves at
  • bustapr
    @rahbot, of only it were that easy. sadly te NSA is protected by the almighty broken Patriot Act which they seem to mention every time they are accused of something.

    I think they could even sue you back for "getting in the way of justice".
  • HEXiT
    you know if the nsa and gchq had bothered to be transparent about the fact that they were monitoring emails i would have considered not being to bothered about them looking at my porn surfing habits. but the fact that there doing it with so little regard to peoples privacy is really starting to irk me...

  • HEXiT
    i dunno why you have thumbed down DREGstudios he is rite in a way... less than 10 years go this would have been a story of pure fantasy, but today it is the real reality. our own governments now live in fear of there own populace. not because we have done anything to deserve it but because they have betrayed us and they know, we now know it.
    every day houses are being raided and people are being shot to death in the u.s.a by swat teams only to find out they have killed innocent people. but you dont hear much about it on the news because it is being buried...