On Nov. 1, 2007, the National Security Agency hosted a talk by Roger Dingledine, principal designer of one of the world’s leading Internet privacy tools. It was a wary encounter, akin to mutual intelligence gathering, between a spy agency and a man who built tools to ward off electronic surveillance.
According to a top secret NSA summary of the meeting, Dingledine told the assembled NSA staff that his service, called Tor, offered anonymity to people who needed it badly — to keep business secrets, protect their identities from oppressive political regimes or conduct research without revealing themselves. To the NSA, Tor was offering protection to terrorists and other intelligence targets.
Beginning at least a year before Dingledine’s visit, the NSA had mounted increasingly successful attacks to unmask the identities and locations of Tor users, according to documents provided by former agency contractor Edward Snowden.
Developed as secret intelligence tools, these and other NSA anti-anonymity techniques are now being used by law enforcement agencies. In August, civilian security researchers detected an FBI operation against an alleged child pornography ring that used a Tor-based Web server called Freedom Hosting. The FBI mounted a cyberattack to unmask the location and owner of that anonymous server, using precisely the technique spelled out in an NSA slide deck called EGOTISTICALGIRAFFE.
The Snowden documents, including a detailed PowerPoint presentation, suggest that the NSA cannot see directly inside Tor’s anonymous network but that it has repeatedly uncloaked users by circumventing Tor’s protections. The documents raise doubts about the reliability of Tor to protect human rights workers, dissidents and journalists who rely on anonymity to avoid threats to their safety and freedom in countries such as Libya and Syria.
The authors of one NSA slide deck acknowledge that Tor’s users include “Dissidents: (Iran, China, etc.).” But their next bullet point describes another Tor constituency: “Terrorists!”
The same document said the NSA’s EGOTISTICALGIRAFFE technique had succeeded in unmasking 24 Tor users in a single weekend. The same operation allowed the NSA to discover the identity of a key propagandist for al-Qaeda in the Arabian Peninsula, as the group’s offshoot in Yemen is known, after he posted information and instructions on the group’s Web site.
The Office of the Director of National Intelligence, which oversees NSA and other intelligence agencies, did not immediately comment. The Washington Post is not releasing certain details from the documents, including the name of the al-Qaeda operative.
- Tor Is Less Anonymous Than You Think (motherboard.vice.com)
- Tor usage up by more than 100% in August (theregister.co.uk)
- Tor anonymity network membership has doubled since NSA leak (rt.com)
- Tor anonymity network could be ‘easily compromised,’ researcher says (usahitman.com)
- Tor: The Anonymous Internet, and If It’s Right for You (gizmodo.com)
- Botnet likely caused spike in number of Tor clients (networkworld.com)