How Does The NSA Identify Tor Users?

Posted by on Oct 25, 2013

Image from http://topinfopost.com

Image from http://topinfopost.com

Tor (The Onion Router) is an open source application that maintains the privacy of Internet users from the prying eyes of surveillance programs or other tracking software. Tor conceals the user’s identities and their network activity by separating the identification and routing information. The data is transmitted through multiple computers via network relays run by volunteers around the globe. The routers employ encryption in multiple layers during the data transmission to maintain privacy between the relays, thereby providing users with anonymity in network location. There are a lot of benefits of using Tor: it protects your privacy from potential identity thieves and marketers, hides any sensitive information you are researching on and conceals your location from anyone conducting surveillance.

Image from http://cdn3.tnwcdn.com

Image from http://cdn3.tnwcdn.com

The Tor program came in to prominence because of the recent revelations of the NSA’s PRISM program. As we know that the NSA has been successful in cracking majority of the encryption technologies on the Internet, now the question is how the NSA surveillance impacts Tor? So far the NSA has been successful in invading the privacy of Tor users by exploiting vulnerabilities in the Tor browser bundle- a collection of programs designed to make it easy for people to install and use the software. It attacks Tor users by implanting malicious code on the computer of Tor users who visits a particular website. The malicious code exploits the vulnerabilities in the version of Firefox that’s in the Tor Browser Bundle.

Tor is a high-priority target for NSA and they are working on developing ways to defeat the security of this tool. As per security researcher, Bruce Schneier, these are the following steps by which NSA exploits the vulnerabilities in Tor users network or computer:

  • Firstly, the NSA identifies the Tor users by monitoring the Internet traffic. It creates fingerprints for Tor users that detect any http request from Tor networks to any server.
  • These fingerprints are loaded to the NSA ‘s database systems where the powerful data analysis tools sift through the enormous amount of Internet traffic, looking for Tor connections.
  • After identifying a Tor user, the NSA redirects those users to a set of secret internal servers known as FoxAcid to infect user’s computer.  “FoxAcid is an NSA system designed to act as a matchmaker between potential targets and attacks developed by the NSA, giving the agency opportunity to launch prepared attacks against their systems”.
  • Once the user’s system is compromised, it secretly calls FoxAcid server, then carries out further attacks on the target and makes sure that the system remains compromised for a prolonged time to provide eavesdropping information back to the NSA.
  • The NSA places secret servers codenamed “Quantum” at the key places of Internet backbone. As a result these servers intercepts the requests for legitimate sites and responds before the legitimate servers reply. The response of the Quantum servers redirects the user to a NSA controlled web server that sends the browser malware.

If there is one thing that can be concluded from all these efforts of NSA, it’s that it is difficult to compromise the core security of Tor. In order to invade Tor user’s privacy, the NSA has to look for loopholes in its browser. The technique used by NSA to target Tor users with vulnerable software on their computers was called EgotisticalGiraffe. Here the attack was conducted by exploiting the vulnerabilities in the version of Firefox that’s in the Tor Browser Bundle. “According to the documents provided by Edward Snowden, the particular vulnerabilities used in this type of attack were inadvertently fixed by Mozilla Corporation in Firefox 17, released in November 2012 – a fix the NSA had not circumvented by January 2013 when the documents were written. So, the users who have not updated their software might become victims of such attacks.

Again the NSA can target individuals with browser exploits but if it attacks too many users then it will become noticeable. So, they have to be selective about which tor user they want to spy on, rather than tracking everyone. Tor hidden services are arbitrary communications endpoints that are resistant to both metadata analysis and surveillance. It is not possible to go to a single party and obtain the full metadata, communications frequency, or contents. One top-secret presentation, titled ‘Tor Stinks’, states: “We will never be able to de-anonymize all Tor users all the time.” It continues: “With manual analysis we can de-anonymize a very small fraction of Tor users,” and says the agency has had “no success de-anonymizing a user in response” to a specific request.

Tor conceals your identity from your recipent and conceals your recipient and your content from observers on your end. It does not protect your communication content once it leaves Tor network. Therefore Tor recommends its users to use Tor in combination with some other tools for better security. For example you can use HTTPS Everywhere in Tor Browsers to secure your online communications. You can also use a combination of tools like TorBirdy and EnigmailOTR, and Diaspora along with Tor to  protect your communications content in cases where the communications infrastructure (Google/Facebook) is compromised.

Secure cloud storage service that protects you data from surveillance

Similar to Tor, SpiderOak is a secure cloud storage service that protects its user data from government surveillance. This service provides users with fully private cloud storage and syncing, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak is available with onsite deployment and private servers or outsourced deployment through a private and secured public cloud server, so that users and small businesses of all sorts and sizes can tailor the service to fit their needs.

SpiderOak protects sensitive user data with 256-bit AES encryption so that files and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. This way, even if programs like NSA’s PRISM continue to stand unchallenged, people can rest easy knowing that their data is truly protected. SpiderOak’s cross-platform private cloud services are available for users on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and mobile access. SpiderOak offers amazing products like SpiderOak Hive and SpiderOak Blue to secure consumer and enterprise data. You can signup for this product now


3 Responses to “How Does The NSA Identify Tor Users?”

  1. Jane says:

    While I understand that there are legitimate national security concerns afoot, the whole process of spying on and attacking people seems completely Orwellian. Don’t citizens have the right to a reasonable amount of privacy? I can see this getting really out of hand really quickly in who they deem to be a viable target for these attacks. How long before the corporate world latches on to this and exploits government technology for its own nefarious means? It seems that most are complicit to let this happen under the guise of being “protected” from something, but what that something is I’m not quite sure. Maybe it’s a bit of a bleak outlook, but surely I can’t be the only one that thinks the NSA has gotten really bloated and over-reaching?

  2. Kristie says:

    When I first saw the title of this article I was quite alarmed. I am still alarmed that they can track some people using TOR but I am relieved that TOR is making it hard for the government to track everything that we do. Even if someone is not doing something wrong they should have an expectation of privacy and TOR seems like a good tool to support that. I do wonder if Mozilla’s fix wasn’t such an accident. I’ve always liked Mozilla as a company and hope they will continue to aid users in the fight against government surveillance.

  3. Bambi says:

    I was intrigued by the title of this article, as I am a regular user of the Tor browser because I feel that I have the right to view what I want to view on the internet privately. I am not engaging in any illegal activities online and find it outrageous that the government and NSA feels it has the right to simply invade our privacy and monitor things that we do in the privacy of our own homes. I was initially concerned by the title of this article, expecting the article to contain information stating that Tor was not as secure as once was expected. I am happy to see that the security is holding strong for the most part, but dismayed to see that our government is spending so much time and money to break into the program. As citizens of this country, we expect that we are to be given a certain level of privacy and security. I can’t help but feel that these things are slowly being taken away from us and find myself wondering what’s next. Finally, I think that SpiderOak’s secure cloud storage is a great thing and commend the company for providing this.

Leave a Reply