The US National Security Agency has successfully infiltrated two servers related to the dark web and gathered the IP addresses of anyone that searched for Tor.
ARD, the German public broadcaster, explained that a couple of Tor servers in its home country are being watched by the NSA and official sources told the company that anyone searching for or installing Tor could be spied on by the NSA.
The information hints that the NSA has been able to infiltrate traffic to and from two German directory servers used by Tor and siphoned off the IP addresses of the people that visited.
The NSA was able to grab the data moving in and out of the two servers as they are unencrypted – something that is one of the major reasons people decide to install Tor.
Any addresses the NSA successfully recovered have been monitored using XKeyscore, an analysis system that the NSA developed itself. The BBC reports that it works by snooping on information that passes across the few exchanges around the globe that allow data to go from one ISP to another.
"XKeyscore is an analytic tool that is used as a part of NSA's lawful foreign signals intelligence collection system. Such tools have stringent oversight and compliance mechanisms built in at several levels,” a spokesperson for the NSA told Ars Technica. "All of NSA's operations are conducted in strict accordance with the rule of law.”
The data that the NSA collected is used to form a profile of the web browsing habits of the IP address in question and builds up a profile of the people that are using the dark web. ARD also reports that the NSA watched several other sites offering anonymous browsing and privacy tools.
NSA whistleblower Edward Snowden first detailed NSA and GCHQ attempts to infiltrate Tor in October 2013 and in that sense it is no surprise that the NSA has managed to gather data.