How The NSA Is Trying To De-Cloak Tor Users

Brian Proffitt Author: Publish date: Section: Infrastructure Interaction count: 1

The Tor network, used to keep communications anonymous on the Internet, has been under fire from the NSA's tech attacks.

How The NSA Is Trying To De-Cloak Tor Users

The NSA has been systematically attacking the anonymizing Tor network in order to spy on its users, according to leaked documents obtained by the Guardian.

The Tor network is an open-source software project that renders users anonymous by relaying multiply encrypted communications across many different computers around the Internet, effectively obscuring a user's location and activity from anyone conducting surveillance or analyzing Web traffic. (Such as, say, the NSA.) The network makes it much more difficult to trace site visits, messages, posts or other communications to any particular individual.

According to the Guardian, the NSA has been working to circumvent Tor security for quite some time, albeit with limited success. As a result, the intelligence agency has had better luck targeting suspects' computers:

One technique developed by the agency targeted the Firefox web browser used with Tor, giving the agency full control over targets' computers, including access to files, all keystrokes and all online activity.

Attacking a user's computer is a tried-and-true NSA method for obtaining data. This is what has allowed the agency to "break" file encryption and Tor anonymity: if the user's computer is compromised, no amount of security can will help.

In a related Guardian story, security expert Bruce Schneier details how the NSA can bypass Tor security directly via "man-in-the-middle" attacks that apparently direct a targeted Tor user to special servers that mimic legitimate sites such as a bank or Google. Those fake sites, hosted on what the NSA calls "FoxAcid" servers, then seek to infect the target's browser and inject it with malware that can compromise a Tor connection.

Image courtesy Reuters/ Kai Pfaffenbach