All sizes | Theme of the Week - Pieces of Me | Flickr - Photo Sharing!
Here's a step-by-step breakdown of how the NSA attacks and attempts to identify users of the anonymous online network Tor.

In a recent article in the Guardian, security expert Bruce Schneier reported that the U.S. National Security Agency attacks users of the online anonymity network, Tor. Schneier’s article, based on the leaked documents of former intelligence contractor Edward Snowden, comes only days after the creator of Silk Road, a black market for anonymous online drug sales on Tor, was identified and arrested by the FBI.

Here is a breakdown of how the NSA leverages its massive spy operations—which include brokering deals with major telecoms and tapping directly into the backbone of the Internet—in order to identify Tor users:

1. Scan Internet traffic. The NSA uses programs like Stormbrew, Fairview, Oakstar, and Blarney. These programs were all categorized as “upstream” data collection programs on previous slides released by Snowden. Through them, the agency brokers deals with major telecoms and taps into the fibreoptic backbone of the Internet.

2. Mark Tor requests. As the NSA monitors the world's Internet traffic, it creates what Schneier refers to as “fingerprints” of requests from Tor users to various servers. It stores these requests in searchable databases like XKeyscore, through which the NSA monitors emails, browsing histories, and Facebook chats, the latter in real time.

3. Sift out marked traffic. The NSA uses automatic sifting programs to separate marked Tor users from the pool of all Internet traffic. As Schneier wrote, “The very feature that makes Tor a powerful anonymity service, and the fact that all Tor users look alike on the Internet, makes it easy to differentiate Tor users from other web users.”

4. Send users to NSA servers. The NSA brokered deals with major telecom companies in order to redirect Tor users to a system of secret servers dubbed FoxAcid. Through these deals, the agency places what it calls Quantum servers at key points along the fibre optic infrastructure of the Internet. These servers pretend to be the legitimate server that the Tor user is trying to access. They then redirect the users to the FoxAcid system.

5. Attack users’ computers. Through the NSA controlled FoxAcid system, the agency launches attacks on Tor users. These attacks—which Schneier said exploits weaknesses in the Firefox browser—insert long-term eavesdropping applications onto the targeted computers.

6. Identify Tor users. After infiltrating a Tor user’s computer, the NSA spies on the user’s various activities, presumably collecting both metadata and content from their Internet use. From this information, they attempt to identify the user.

Despite these efforts, the NSA has apparently had little success identiying specific Tor users at will, and has been unable to peel back the veil of anonymity that protects the network as a whole.

"We will never be able to de-anonymize all Tor users all the time. With manual analysis we can de-anonymize a very small fraction of Tor users," reads one slide from a leaked NSA presentation on anti-Tor initiatives. 

The agency has had "no success de-anonymizing a user in response" to a specific request.

 Photo by Ashtyn Renee/Flickr

Promoted Stories Powered by Sharethrough
Layer 8
A female Lebanese news anchor was told to shut up—here's what she did instead
Rima Karaki is a Lebanese TV host who isn't afraid of a fight. Things got heated Monday when Karaki was interviewing Hani Al-Seba'i about the phenomenon of Christians joining Islamic groups like ISIS. Al-Seba’i is a Sunni scholar who fled to London after he was sentenced in an Egyptian court to 15 years in prison for being a part of the Egyptian Islamic Jihad. The United Nations considers the group to be an affiliate of al Qaeda.
nsa
Private Torrent sites are collecting their own trove of secret data on users
It's easy to feel a sense of security when you're downloading a pirated file on a private tracker. Sure, various copyright enforcement agencies might be on the prowl, but your data is probably safe with the private torrenting services, right? Even public sites like The Pirate Bay are usually vociferous advocates of privacy rights.
The Latest From Daily Dot Video
Group

Pure, uncut internet. Straight to your inbox.

Thanks for subscribing to our newsletter!