Report: NSA has little success cracking Tor

IDG News Service – The U.S. National Security Agency has repeatedly tried to compromise Tor, the government-funded online anonymity tool, but
has had little success, according to a new report in the U.K.’s Guardian.

The NSA has tried multiple strategies for defeating Tor, with its most successful method focused on attacking vulnerable software
on users’ computers, including the Firefox browser, according to the report, published Friday. In the Firefox attack, NSA agents have been able to gain “full control” of targets’ computers, said the
report, citing documents given to the Guardian by former NSA contractor Edward Snowden.

NSA documents provided by Snowden, which the Guardian began publishing in June, say the agency is collecting bulk phone records
in the U.S. as well as Internet communications overseas.

But in many cases, the NSA has been frustrated in its efforts to target Tor users, an irony because the open-source project
is largely funded by the U.S. Department of Defense, the NSA’s parent agency, and the U.S. Department of State.

“We will never be able to de-anonymize all Tor users all the time,” according to one NSA document quoted by the Guardian.
“With manual analysis we can de-anonymize a very small fraction of Tor users.” The NSA has had “no success de-anonymizing
a user in response” to a specific request, the document said.

Tor is “the king of high-secure, low-latency internet

Tor routes Internet traffic through a number of relays as a way to keep communications anonymous. The State Department promotes
the software to activists in countries with strong censorship regimes, including Iran and China.

An NSA spokeswoman referred a request for comments on the story to a previous statement from the agency:

“In carrying out its signals intelligence mission, NSA collects only those communications that it is authorized by law to
collect for valid foreign intelligence and counterintelligence purposes, regardless of the technical means used by those targets
or the means by which they may attempt to conceal their communications. … It should hardly be surprising that our intelligence
agencies seek ways to counteract targets’ use of technologies to hide their communications.

“Throughout history, nations have used various methods to protect their secrets, and today terrorists, cybercriminals, human
traffickers and others use technology to hide their activities,” the statement continued. “Our intelligence community would
not be doing its job if we did not try to counter that.”

NSA efforts to compromise “anonymous online communication” is justified, U.S. Director of National Intelligence James Clapper
said in a statement released late Friday.

News articles on the NSA’s Tor efforts “fail to make clear that the intelligence community’s interest in online anonymity
services and other online communication and networking tools is based on the undeniable fact that these are the tools our
adversaries use to communicate and coordinate attacks against the United States and our allies,” Clapper said. “The articles
fail to mention that the intelligence community is only interested in communication related to valid foreign intelligence
and counterintelligence purposes and that we operate within a strict legal framework that prohibits accessing information
related to the innocent online activities of U.S. citizens.”

The IDG News Service is a Network World affiliate.

Netflash

Report: NSA has little success cracking Tor