TechCrunch Disrupt Europe 2014: Photos, commentary and the Startup Battlefield LIVE

Feedback

Ever downloaded or searched for privacy software? Then the NSA is tracking you as an "extremist"

SecurityNews
by Paul Cooper
, 04 Jul 2014News
Ever downloaded or searched for privacy software? Then the NSA is tracking you as an "extremist"

The American National Security Agency (NSA) has been tracking anyone who has downloaded or even searched for privacy software such as Tor or the Linux-based operating system Tails, and labels such privacy-conscious users "extremists".

This emerged after researchers from the Tor Project sifted through the source code of the NSA's controversial XKeyscore programme, a formerly secret computer system first used by the United States National Security Agency for searching and analysing the vast amounts of Internet data it collects worldwide every day.

The true extent of the programme, paired with the vast data collection of the NSA's PRISM programme, was revealed in June of last year by former NSA contractor Edwards Snowden.

The investigators found that two servers in Germany, based in Berlin and Nuremberg – are directly under surveillance by the NSA.

Doing no more than searching the web for the privacy-enhancing software tools outlined in the XKeyscore rules causes the NSA to mark and track the IP address of the person doing the search. German privacy software users aren't the only ones tracked, however. The source code shows that privacy software users worldwide are tracked by the NSA.

Tor works by piling up layers of encryption over data, nested like the layers of an onion, which gave the network its original name, The Onion Router (TOR).

Tor encrypts data, including the destination IP address, multiple times and sends it through a virtual circuit made up of successive, randomly selected relays. Each relay decrypts a layer of encryption to reveal only the next relay in the circuit.

The final relay decrypts the innermost layer of encryption and sends the original data to its destination without revealing, or even knowing, the source IP address.

The NSA has made considerable efforts in the past to crack the encryption protocols behind Tor, but to limited success. It seems instead they've just banked on tracking everyone who uses it.

The NSA is also tracking anyone using the private portable operating system Tails. According to programmers notes in the source code, one piece of code "identifies users searching for the TAILs (The Amnesic Incognito Live System) software program, viewing documents relating to TAILs,or viewing websites that detail TAILs."

The notes describe Tails as "a comsec mechanism advocated by extremists on extremist forums." Ironically, Tor was originally created for the US Navy, and still receives a major part of its funding from the US government.

Merely visiting the websites of Tor or Tails is enough to put your IP on a tracking list. There are indications that NSA may be collecting not only the metadata of the people on the list, but also read their email exchanges with Tor and even analyse the full content of the connections they intercept.

In January of 2014, Edward Snowden told an interviewer that using the XKeyscore program, an NSA operative could "read anyone's email in the world, anybody you've got an email address for. Any website: You can watch traffic to and from it. Any computer that an individual sits at: You can watch it. Any laptop that you're tracking: you can follow it as it moves from place to place throughout the world. It's a one-stop-shop for access to the NSA's information."

Topics
blog comments powered by Disqus