Mobile // Mobile Applications
News
10/8/2013
11:00 AM
Connect Directly
RSS
E-Mail
50%
50%
Repost This

NSA Battles Tor: 9 Facts

National Security Agency has had limited success in cracking Tor communications. Here's what we have learned about the anonymizing network.

The National Security Agency has devoted substantial resources to tracking, unmasking and even attacking users of the anonymizing Tor network. But just how good are the NSA's Tor-attacking capabilities?

That question has persisted since former NSA contractor Edward Snowden turned whistleblower earlier this year and began leaking top-secret agency documents. By June 2013, those leaks had revealed some of the agency's operating guidelines, which suggested that anyone attempting to avoid the NSA's digital dragnet -- for example, by encrypting their data or using Tor to disguise their Web browsing -- might actually be making themselves more of a target. Indeed, the NSA's leaked operations manual allows intelligence analysts treat all such activity as suspicious, and to retain intercepted communications indefinitely.

This month, the release of additional documents has shed more light on the NSA's capabilities when it comes to defeating Tor's anonymity and tracking Tor users. Here's what we now know:

1. NSA Thinks Tor Stinks.

It's a measure of Tor's reliability that a secret NSA presentation -- labeled "top secret" -- sports the title "Tor Stinks." The presentation reads, "We will never be able to de-anonymize all Tor users all the time," and adds, "With manual analysis we can de-anonymize a very small fraction of Tor users." But that de-anonymization, to date, appears to have been random. Notably, the agency reports no success at unmasking the identity -- in response to a specific intelligence or law enforcement demand -- of a specific requested Tor user.

[ Federal authorities say the government shutdown is an invitation to hackers. Read Shutdown Heightens Cybersecurity Risks, Feds Warn. ]

Meanwhile, another top-secret briefing document dubs Tor "the king of high-secure, low-latency Internet anonymity." In other words, earlier advice from Snowden himself -- about how strong encryption and Tor were reliable techniques for avoiding the NSA's digital dragnet -- appear to remain true.

2. NSA Still Actively Targets Tor.

Still, NSA documents published by The Guardian show that the agency does have a collection of practical techniques, dubbed EgotisticalGiraffe, for attempting to defeat Tor. The techniques used by the agency for outing some small fraction of users have included everything from "cookie leakage" to "dumb users (EPICFAIL)," with the latter no doubt referring to people who inadvertently reveal their identity despite using Tor.

3. Attacks Haven't Cracked Tor Itself.

But according to cryptographer and information security expert Bruce Schneier, who's been reviewing documents leaked by Snowden, the NSA hasn't succeeded in breaking Tor itself. "Tor is a well-designed and robust anonymity tool, and successfully attacking it is difficult," Schneier said Monday in a blog post. "The NSA attacks we found individually target Tor users by exploiting vulnerabilities in their Firefox browsers, and not the Tor application directly."

However, Schneier added, anyone who wants to make life more difficult for the NSA can also turn off vulnerable services like scripts and Flash when using Tor, making it difficult to target those services.

The NSA has enjoyed some past success by attacking bugs in the Firefox browser, which is used to create the prebuilt Tor Browser Bundle. "The good news is that they went for a browser exploit, meaning there's no indication they can break the Tor protocol or do traffic analysis on the Tor network," said Tor project core member Roger Dingledine (aka "arma") in a blog post. "Infecting the laptop, phone or desktop is still the easiest way to learn about the human behind the keyboard."

Another upside of the NSA's limited success is that even when it can unmask Tor users, it risks losing that capability by using it too frequently. "Tor still helps here: you can target individuals with browser exploits, but if you attack too many users somebody's going to notice," Dingledine said. "So even if the NSA aims to surveil everyone, everywhere, they have to be a lot more selective about which Tor users they spy on."

4. "Fingerprints" Track Tor Users.

How has the NSA tracked some Tor users? This begins with NSA's ability to eavesdrop on the large portions of the Internet with the help of "partner" U.S. telecommunications companies, through programs with codenames such as Blarney, Fairview, Oakstar and Stormbrew.

"The NSA creates 'fingerprints' that detect HTTP requests from the Tor network to particular servers," Schneier explained. "These fingerprints are loaded into NSA database systems like XKeyscore, a bespoke collection and analysis tool that NSA boasts allows its analysts to see almost everything a target does on the Internet" -- including even encrypted VPN traffic.

5. NSA Sifts Internet To Spot Tor Use.

The NSA then applies big data techniques -- using tools with codenames such as Tumult, Turbulence and Turmoil -- to identify Tor communications among the massive amount of Internet activity that it intercepts.

But detecting Tor use isn't the same as identifying any given Tor user. "The very feature that makes Tor a powerful anonymity service, and the fact that all Tor users look alike on the Internet, makes it easy to differentiate Tor users from other Web users," said Schneier. On the other hand, Schneier pointed out, the anonymity provided by Tor makes it impossible for the NSA to know who the user is, or whether or not the user is in the U.S. and thus most likely someone that the agency, by law, should not be surveilling.

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
moarsauce123
50%
50%
moarsauce123,
User Rank: Ninja
10/9/2013 | 11:17:24 AM
re: NSA Battles Tor: 9 Facts
It would be nice to have a good number of run of the mill users start using Tor. It makes the haystack bigger and surely will annoy the NSA, hopefully to a point where they give up.
I know it is not the NSA's task, but as long as I wake up every night because some truck rumbles through the pot holes on the street that has better looking cousins in third world countries the government should spend the money on infrastructure that serves a purpose than on nerds hunting down virtual targets.
Nice to see that DHS had something build that its subsidiary cannot crack.
Laurianne
50%
50%
Laurianne,
User Rank: Author
10/8/2013 | 8:40:04 PM
re: NSA Battles Tor: 9 Facts
"Tor is a well-designed and robust anonymity tool, and successfully attacking it is difficult," Schneier said Monday in a blog post.
"The NSA attacks we found individually target Tor users by exploiting
vulnerabilities in their Firefox browsers, and not the Tor application
directly." FF vulnerabilities: still a favored tool.
mak63
50%
50%
mak63,
User Rank: Ninja
10/8/2013 | 7:56:53 PM
re: NSA Battles Tor: 9 Facts
Each time I read an article like this, it remains me of the movie V for Vendetta. Worth to quote from it is: "...And where once you had the freedom to object, to think and speak as you saw fit, you now have censors and systems of surveillance coercing your
conformity and soliciting your submission. How did this happen? Who's to blame? Well, certainly there are those more responsible than others, and they will be held accountable, but again truth be told, if you're looking for the guilty, you need only look into a mirror."
Paraphrasing a great patriot, I'd say: If we restrict liberty to attain security we will lose them both.
If anyone is interested there's a tor browser called PirateBrowser. I won't post links to it, but the name will give you a hint where to get it.
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Elite 100 - 2014
Our InformationWeek Elite 100 issue -- our 26th ranking of technology innovators -- shines a spotlight on businesses that are succeeding because of their digital strategies. We take a close at look at the top five companies in this year's ranking and the eight winners of our Business Innovation awards, and offer 20 great ideas that you can use in your company. We also provide a ranked list of our Elite 100 innovators.
Video
Slideshows
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.