NSA tried to crack Tor anonymity tool
The Guardian notes that the NSA’s determined effort to crack Tor raises questions about whether the agency, deliberately or inadvertently, acted against Internet users in the United States when attacking Tor. One of the main functions of Tor is to hide the country of all of its users, meaning any attack could be hitting members of Tor’s large U.S. user base.
Several of the NSA’s attacks entail implanting malicious code on the computer of Tor users who visit certain Web sites. The NSA says it is targeting terrorists or organized criminals visiting particular discussion boards, but these attacks could also hit journalists, researchers, or those who accidentally stumble on a targeted site.
Roger Dingledine, the president of the Tor project, told the Guardian that the NSA’s efforts are a reminder that using Tor on its own is not sufficient to guarantee anonymity against intelligence agencies, but that it was also a useful aid in combating mass surveillance.
“The good news is that they went for a browser exploit, meaning there’s no indication they can break the Tor protocol or do traffic analysis on the Tor network,” Dingledine said. “Infecting the laptop, phone, or desktop is still the easiest way to learn about the human behind the keyboard.
“Tor still helps here: you can target individuals with browser exploits, but if you attack too many users, somebody’s going to notice. So even if the NSA aims to surveil everyone, everywhere, they have to be a lot more selective about which Tor users they spy on.”
He added, however: “Just using Tor isn’t enough to keep you safe in all cases. Browser exploits, large-scale surveillance, and general user security are all challenging topics for the average internet user. These attacks make it clear that we, the broader internet community, need to keep working on better security for browsers and other internet-facing applications.”
The Guardian asked the NSA for its comment on the fact that it was attacking a service funded by the U.S. government, and whether the agency was involved in the decision to fund Tor or efforts to “shape” its development.
The agency did not respond directly, but sent the paper a statement which read: “In carrying out its signals intelligence mission, NSA collects only those communications that it is authorized by law to collect for valid foreign intelligence and counter-intelligence purposes, regardless of the technical means used by those targets or the means by which they may attempt to conceal their communications. NSA has unmatched technical capabilities to accomplish its lawful mission.
“As such, it should hardly be surprising that our intelligence agencies seek ways to counteract targets’ use of technologies to hide their communications. Throughout history, nations have used various methods to protect their secrets, and today terrorists, cybercriminals, human traffickers and others use technology to hide their activities. Our intelligence community would not be doing its job if we did not try to counter that.”
