NSA Trying Hard To Compromise Tor, But It's Still Mostly Safe

from the good-news dept

The latest from the Guardian out of the Ed Snowden leaks shows that the NSA and GCHQ have been trying desperately to target Tor, even though Tor is largely funded by the US government. The good news is that they basically haven’t been able to attack the underlying Tor network, but rather rely on exploits elsewhere, such as within Firefox to try to target certain individuals.

Top-secret NSA documents, disclosed by whistleblower Edward Snowden, reveal that the agency’s current successes against Tor rely on identifying users and then attacking vulnerable software on their computers. One technique developed by the agency targeted the Firefox web browser used with Tor, giving the agency full control over targets’ computers, including access to files, all keystrokes and all online activity.

But the documents suggest that the fundamental security of the Tor service remains intact. One top-secret presentation, titled ‘Tor Stinks’, states: “We will never be able to de-anonymize all Tor users all the time.” It continues: “With manual analysis we can de-anonymize a very small fraction of Tor users,” and says the agency has had “no success de-anonymizing a user in response” to a specific request.

Another top-secret presentation calls Tor “the king of high-secure, low-latency internet anonymity”.

In response to all of this the NSA put out one of its typically bland and empty statements about how what it does is “authorized by law” and it should be no surprise that it’s seeking information on bad people.

Filed Under: , , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “NSA Trying Hard To Compromise Tor, But It's Still Mostly Safe”

Subscribe: RSS Leave a comment
Anonymous Coward says:

Deterministic builds

Tor and Bitcoin are two projects which go further than most when it comes to security. For instance, they are working on deterministic builds (https://blog.torproject.org/blog/deterministic-builds-part-one-cyberwar-and-global-compromise), which will allow anyone to validate that the downloaded binaries were produced from the published source code, and have not been modified afterwards.

With most projects, even free/open-source software, you have to trust that the build machines have not been compromised. With deterministic builds, even this risk is reduced.

LivingParadox says:

Re: Re:

agreed. the us government as well as the nsa’s opinion of a “bad person” is essentially anyone who disagrees or chanlenges thier establishment. that demographic doesnt apply to nearly as many people as it should.

privacy is a natural human right in my opinion and for anyone to take that away from anyone is very wrong.

the whole system is designed to collapse… and soon. its not just the internet that is in trouble.

“End the fed, Arrest the Banksters!”

Anonymous Coward says:

Tor is no obstacle to NSA surveillance

I’m sure this information is quite outdated (it’s from way back in 2007) and misleading. An adversary with as much access to online traffic as the NSA can easily break a system like Tor by correlating traffic between clients, relay nodes, exit nodes and websites. If you think they’re not already doing this, you are being naive.

John Fenderson (profile) says:

Re: Re:

It’s impossible to say without knowing the specifics of the technique(s) they’re using.

Speaking generally, pretty much every nontrivial program that uses the internet has vulnerabilities (that’s a corollary to the fact that every nontrivial program has bugs). Many of these vulnerabilities are kept secret, so you probably won’t know of them if you aren’t the producer of the software, a spy, and/or a cracker.

Anonymous Coward says:

If I were a criminal defense attorney

…I’d probably be signing up new clients by the score. Mr. Snowden has revealed that the NSA is guilty of who knows how many thousands of counts of numerous federal crimes, among them computer hacking & authoring and distributing malware. If the local federal D.A. gets some of his/her cases dismissed on technicalities due to questionable or improper police work, I don’t see how the legal system can survive not upholding the same standard for these pricks.

Anonymous Coward says:

Even if the NSA can de-anonymise some Tor users through correlation. I’m not worried, because I’m a law-abiding citizen using Tor to opt-out of PRISM and exercise my 1st amendment right.

If the NSA want’s to waste valuable resources trying to figure out what I do online. That’s their choice.

Anything I can do to make their unconstitutional spying harder, is worthwhile.

Anonymous Coward says:

This is EXACTLY why the Tor project should compartmentalize development.

The development of a “Tor Browser Bundle” is plain stupid. Tor should be developed, a few browsers should be hardened and configured for Tor usage, as well as other clients for other protocols.

But they’ll never do that, as they’ve made clear again and again.

AnonymousRat says:

Lack of knowledge

Reading the posts here it appears that about 95% of the posts are from those who have not a clue what Tor is, how it works and may not even know what PGP is much less how it works.
I’m from the old school. I was in Crypto before PGP.
I was Navy. What department will go forever undisclosed.
What I’m reading here is so sgnorant it’s hard to stomach.
There are actually a few intellegent comments though.
AnonymousCoward you are pretty much knowledgeable and are leading the pack here with common sense.
Most of the rest of you should stop posting do a little more reading. Not here, go read about PGP, read about routing, read the history of PGP written by Phil Zimmerman who wrote and published it in the early 90’s.
Who was hounded by the US Communist run government.
I helped to pay for his defense in those days.
Go learn. You will never learn by just blabing about what you don’t know.
I still use Tor and what I use it for could be potentially life threatening.
No I am not violating any laws of my country. I’m trying to help those who have not the freedom you have.
Keep writing I want to learn just how ignorant my fellow citizens are.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...