Attacking Tor: how the NSA targets users' online anonymity

The Guardian ^ | 10/4/13 | Bruce Schneier

[shego]

The online anonymity network Tor is a high-priority target for the National Security Agency. The work of attacking Tor is done by the NSA's application vulnerabilities branch, which is part of the systems intelligence directorate, or SID. The majority of NSA employees work in SID, which is tasked with collecting data from communications systems around the world.

According to a top-secret NSA presentation provided by the whistleblower Edward Snowden, one successful technique the NSA has developed involves exploiting the Tor browser bundle, a collection of programs designed to make it easy for people to install and use the software. The trick identified Tor users on the internet and then executes an attack against their Firefox web browser....

[shego]

Two-bit computer crooks!

[max americana]

Thanks for the article. Tor is popular amongst the torrent community and this shows it ain’t safe (for now) either.

[ShadowAce]

[shego]

The big takeaway is that the core Tor functionality is solid -- the snoops had to ooze their way in through browser vulnerabilities that are easier to patch or avoid (e.g. taking care to turn off the Javascript functionality used in the exploits).

In fact, the NSA created a presentation titled -- I swear I am not making this up -- "Tor Stinks", lamenting:

With manual analysis we can de-anonymize a very small fraction of Tor users, however, no de-anonymizing a user in response to a Tor request/on demand.

(emphasis in original)

The paragraph immediately following is redacted. No doubt this is because The Guardian identified it as one of the few bits of Snowden's data that actually would be useful to terrorists; however, I like to imagine that it's censored because the NSA minion who wrote the presentation couldn't resist uncorking a profane rant that would make a sailor blush.

[Bikkuri]

Don't know you.. never seen you before... but this is a double edged sword (more like a double edged razor)..

We have the true patriots that are trying to get information to us about what, and how, the government is trying to undermine us... then, on the same 'dark' network, selling anything from drugs to assassins (and child porn)...

This is a really tough thing to defend because it is now a catch 22..


I am curious about TOR though... it was created by/from the US Navy.. is supported by SourceForge...

[marron]

If I was NSA, I would set up a company just like TOR. I would set up a company just like Silk Road.

[I want the USA back]

In other words they illegally modify files on a user’s computer, illegally redirect traffic, and call it all national security.

It illegally does “phishing.”
It illegally hacks user’s computers.

They illegally intercept all phone calls (echelon)
They read all internet traffic.

Anybody know how to use a morse code transmitter?

The biggest crooks are in the government.

[shego]

Do you also think it's "really tough" to defend the Second Amendment because guns are sometimes used by criminals?

The same principle applies here.

[Bobalu]

Good grief :-(

I guess I will build a new image for my Raspberry Pi and copy it to a handful of 4GB SD cards. Pop a new one in every day and use that system to browse using the proXPN VPN.

Hook the Pi to my HDMI monitor on HDMI#1 and plug the big PC into HDMI#2 ...use the remote to switch between the two computers.

Leave the PC totally disconnected from the net.

Put a 32GB SD card on my USB switchbox and when I need data from the net on the PC just use the Pi to save it to the SD card then switch it to the PC and move it to the HD.

Luckily the Pi only uses a couple of watts of power so it will cost zip to leave it up all the time.

[Graewoulf]

The only good NSA is an ABOLISHED NSA.

[Bikkuri]

Very good point...