This shouldn’t come as a huge surprise, but the NSA has reportedly been trying (and failing) to break into the Tor network for years. It turns out that Tor, a suite of tools to protect anonymity online, is just too secure as an infrastructure. Individual users, however, are less secure.
The Guardian just dropped a scoop about the NSA’s attempts to infiltrate Tor based on — surprise, surprise — documents leaked by Edward Snowden. It details various different methods the spy agency used to peel away at the different layers of the network, none of which were very successful. In the NSA’s own words: “We will never be able to de-anonymise all Tor users all the time. … With manual analysis we can de-anonymise a very small fraction of Tor users.” It adds that it can’t identify a specific user on command.
So that’s a good new/bad news sort of situation, isn’t it? The good news is that the Tor network as a whole is more or less rock solid and even the best-equipped, government-funded hackers in the world can’t figure out a way in, despite previous reports suggesting that they could. The bad news is that the NSA has been identifying Tor users and exploiting weakness in other software to break into their computers. This is the cybersecurity equivalent of watching someone walk into a mall and then raiding their house to see if they stole anything.
The NSA’s Tor-raiding efforts come in a variety of flavours. One method involves tapping into the Tor nodes and look for patterns in people entering and leaving the network. Results from this approach, the documents said, have been “negligible” since the NSA can only gain access to a small number of nodes. They’ve even tried directing traffic through NSA servers, also with little success. Similarly, the NSA has tried tracking users based on when they log on to the Tor network, a strategy that certainly seems questionable. More questionable, however, is another strategy to simply disrupt the Tor service and force anonymous users out into the open.
Again, the NSA has not had much luck infiltrating Tor. But boy do they want to! The names of the Snowden documents alone make it so glaringly clear. One presentation was titled “Tor Stinks” and another asserted: “Very naughty people use Tor.” And they’re not the only ones. Earlier this summer we learned about the FBI’s efforts to break into Tor, albeit for different reasons than the NSA and their surveillance habit. News of the NSA’s lack of success, however, should embolden Tor users. It really is the most secure way to browse the web anonymously.
Even if the NSA did one day manage to break into Tor, though, it’s unclear if they’d find any worthwhile intelligence. After all, it’s mostly just botnets and porn. [The Guardian]