- Experts warn of uptick in ‘Ryuk’ ransomware after hackers net $3.7 million Wednesday 7:03 PM
- Video game composer boycotts Gillette after anti-toxic masculinity ad Wednesday 6:05 PM
- Steve Carell sitcom ‘Space Force’ heading to Netflix Wednesday 5:30 PM
- Ocasio-Cortez’s ‘run train’ phrase becomes conservative sex controversy Wednesday 5:25 PM
- ‘Into’ is a reminder that queer businesses can be hurt by straight leaders Wednesday 5:13 PM
- TSA agents are the latest tool in the government shutdown meme war Wednesday 4:22 PM
- YouTube still hosting bestiality images year after crackdown pledge Wednesday 4:13 PM
- YouTuber quits fight after Darth Vader fan film claimed by Disney Wednesday 3:26 PM
- Millions of Fortnite accounts exposed via Epic Games website exploit Wednesday 2:26 PM
- A man found a camera in his Airbnb and the company didn’t seem to care Wednesday 2:00 PM
- A redditor planted an Easter egg in Hulu’s Fyre Fest doc Wednesday 1:51 PM
- This new revelation about Woody from ‘Toy Story’ will blow your mind Wednesday 1:35 PM
- Dave Rubin fails to delete Patreon on livestream to delete Patreon Wednesday 1:14 PM
- The ‘some of y’all… and it shows’ meme is taking over Twitter Wednesday 12:24 PM
- ‘Star Trek: Discovery’ begins season 2 on a cheerful note Wednesday 11:49 AM
Here’s a step-by-step breakdown of how the NSA attacks and attempts to identify users of the anonymous online network Tor.
In a recent article in the Guardian, security expert Bruce Schneier reported that the U.S. National Security Agency attacks users of the online anonymity network, Tor. Schneier’s article, based on the leaked documents of former intelligence contractor Edward Snowden, comes only days after the creator of Silk Road, a black market for anonymous online drug sales on Tor, was identified and arrested by the FBI.
Here is a breakdown of how the NSA leverages its massive spy operations—which include brokering deals with major telecoms and tapping directly into the backbone of the Internet—in order to identify Tor users:
1. Scan Internet traffic. The NSA uses programs like Stormbrew, Fairview, Oakstar, and Blarney. These programs were all categorized as “upstream” data collection programs on previous slides released by Snowden. Through them, the agency brokers deals with major telecoms and taps into the fibreoptic backbone of the Internet.
2. Mark Tor requests. As the NSA monitors the world’s Internet traffic, it creates what Schneier refers to as “fingerprints” of requests from Tor users to various servers. It stores these requests in searchable databases like XKeyscore, through which the NSA monitors emails, browsing histories, and Facebook chats, the latter in real time.
3. Sift out marked traffic. The NSA uses automatic sifting programs to separate marked Tor users from the pool of all Internet traffic. As Schneier wrote, “The very feature that makes Tor a powerful anonymity service, and the fact that all Tor users look alike on the Internet, makes it easy to differentiate Tor users from other web users.”
4. Send users to NSA servers. The NSA brokered deals with major telecom companies in order to redirect Tor users to a system of secret servers dubbed FoxAcid. Through these deals, the agency places what it calls Quantum servers at key points along the fibre optic infrastructure of the Internet. These servers pretend to be the legitimate server that the Tor user is trying to access. They then redirect the users to the FoxAcid system.
5. Attack users’ computers. Through the NSA controlled FoxAcid system, the agency launches attacks on Tor users. These attacks—which Schneier said exploits weaknesses in the Firefox browser—insert long-term eavesdropping applications onto the targeted computers.
6. Identify Tor users. After infiltrating a Tor user’s computer, the NSA spies on the user’s various activities, presumably collecting both metadata and content from their Internet use. From this information, they attempt to identify the user.
Despite these efforts, the NSA has apparently had little success identiying specific Tor users at will, and has been unable to peel back the veil of anonymity that protects the network as a whole.
“We will never be able to de-anonymize all Tor users all the time. With manual analysis we can de-anonymize a very small fraction of Tor users,” reads one slide from a leaked NSA presentation on anti-Tor initiatives.
The agency has had “no success de-anonymizing a user in response” to a specific request.
Photo by Ashtyn Renee/Flickr
Joe Kloc is a former Daily Dot contributor who covered technology and policy. He's contributed to Newsweek and Mother Jones, discussed his reporting on air with WNYC, and written Weekly Reviews for Harper's Magazine.