Skip to main content

NSA and GCHQ repeatedly tried to infiltrate Tor, documents reveal

The Onion Router, or Tor as it is commonly known, has seen repeated efforts by the US National Security Agency [NSA] and UK GCHQ to attack a system that is funded and promoted by the US government.

Secret NSA documents, leaked to The Guardian by whistleblower Edward Snowden, revealed repeated attempts by the NSA to gain access to the computers of Tor users yet the overall security of the browser remains very much intact.

The documents reveal that the success the NSA had has been through identifying users and infiltrating vulnerable software on a user’s computer. One way in which this has been done is by targeting the Firefox browser used in conjunction with Tor that eventually gives the NSA full control over the targets' computers with access to all files, keystrokes and online activity.

Even though the NSA has gained access to users on the system, the documents add “we will never be able to de-anonymise all Tor users all the time”. It continues by stating "with manual analysis we can de-anonymise a very small fraction of Tor users,” and the NSA has had “no success de-anonymising a user in response” to a specific request.

Another surveillance method involved using NSA and GCHQ systems to recognise patterns of signals leaving and entering the Tor network to achieve the de-anonymisation mentioned above. A further method involved measuring and recording the timings of messages entering and leaving the network, with a third effort attempting to degrade or disrupt the Tor web browser thus causing users to abandon it completely.

GCHQ presentations revealed in the documents showed it was under no illusions of what it thought of Tor with one stating “very naughty people use Tor” and another detailing that GCHQ is interested in the browser as “bad people use Tor”.

One of the questions that will be asked of the NSA is whether it has acted against Internet users in the US by deliberately attacking the Tor web browser.

Roger Dingledine, president of Tor, stated that using the web browser on its own is simply not enough and that the online community must continue to work on “better security for browser and other Internet-facing applications”.

Tor was last in the news earlier this week when the operator of the Silk Road trading site, which ran on the Tor browser, was detained by the FBI in San Francisco.