Secret NSA documents show campaign against Tor encrypted network

On Nov. 1, 2007, the National Security Agency hosted a talk by Roger Dingledine, principal designer of one of the world’s leading Internet privacy tools. It was a wary encounter, akin to mutual intelligence gathering, between a spy agency and a man who built tools to ward off electronic surveillance.

According to a top setor_tearsheet_2cret NSA summary of the meeting, Dingledine told the assembled NSA staff that his service, called Tor, offered anonymity to people who needed it badly — to keep business secrets, protect their identities from oppressive political regimes or conduct research without revealing themselves. To the NSA, Tor was offering protection to terrorists and other intelligence targets.

Beginning at least a year before Dingledine’s visit, the NSA had mounted increasingly successful attacks to unmask the identities and locations of Tor users, according to documents provided by former agency contractor Edward Snowden.

In some cases, the NSA has succeeded in blocking access to the anonymous network, diverting Tor users to insecure channels. With a tool called MJOLNIR — the name of the hammer used by Thor, the Norse god of thunder — it has been able to monitor and control the paths of communications that are supposed to be chosen randomly as they pass through Tor. Another operation, called MULLENIZE, can “stain” anonymous traffic as it enters the Tor network, enabling the NSA to identify users as it exits.

Developed as secret intelligence tools, these and other NSA anti-anonymity techniques are now being used by law enforcement agencies. In August, civilian security researchers detected an FBI operation against an alleged child pornography ring that used a Tor-based Web server called Freedom Hosting. The FBI mounted a cyberattack to unmask the location and owner of that anonymous server, using precisely the technique spelled out in an NSA slide deck called EGOTISTICALGIRAFFE.

The Snowden documents, including a detailed PowerPoint presentation, suggest that the NSA cannot see directly inside Tor’s anonymous network but that it has repeatedly uncloaked users by circumventing Tor’s protections. The documents raise doubts about the reliability of Tor to protect human rights workers, dissidents and journalists who rely on anonymity to avoid threats to their safety and freedom in countries such as Libya and Syria.

The authors of one NSA slide deck acknowledge that Tor’s users include “Dissidents: (Iran, China, etc.).” But their next bullet point describes another Tor constituency: “Terrorists!”

The same document said the NSA’s EGOTISTICALGIRAFFE technique had succeeded in unmasking 24 Tor users in a single weekend. The same operation allowed the NSA to discover the identity of a key propagandist for al-Qaeda in the Arabian Peninsula, as the group’s offshoot in Yemen is known, after he posted information and instructions on the group’s Web site.

The Office of the Director of National Intelligence, which oversees NSA and other intelligence agencies, did not immediately comment. The Washington Post is not releasing certain details from the documents, including the name of the al-Qaeda operative.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s