Spy vs spy: Tor (US Naval Intelligence designed anonymous network) attacked by NSA

ImagesThe Tor Project runs Tor (“The Onion Router”), a network designed to provide its users with anonymity when using the Internet. Tor was originally developed by US Naval Intelligence, and a large part of support for the network still comes from government interests.

Tor was in the news recently as the high profile Silk Road anonymous marketplace for drugs was shut down. Silk Road had been hosted as a hidden node reachable only through Tor, and it ran openly on that network for years until a dedicated effort unmasked the organizer. The description of the resources used to take down Silk Road did not mention any specific attacks on Tor; the proprietor of Silk Road left behind enough clues through sloppy tradecraft that it was possible through diligent efforts to identify him based on his public postings. The takedown of Silk Road caused a disturbance in the Force as seen through the volatility in Bitcoin prices seen right after the system was taken down.

Most recently the Guardian printed a Bruce Schneier piece on Attacking Tor: how the NSA targets users’ online anonymity. It goes into detail on the flaws in browser implementations that can be used to attack Tor anonymity as well as the peculiar attacks that only the NSA can take out by doing monkey-in-the-middle attacks on the Tor (and Internet) infrastructure. It’s a good read, and exposes such lovely NSA code names as “EgotisticalGiraffe”.

The conclusion of the Schneier piece is that it’s not impossible to unmask the anonymity of Tor users, especially if they are sloppy in any way in their use of the system; there are enough bugs to go around in the components that make up a typical Tor browser bundle that it’s likely that a dedicated effort to entrap a specific user will succeed. But it’s hard work, and thus the Tor system works as its Naval Intelligence designers intended – only the most determined state actor can foil typical use of the system.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s