- ‘American Dirt’ controversy inspires meme about Latinx stereotypes in literature Wednesday 9:02 PM
- What is the TikTok ‘flex challenge’? Wednesday 8:03 PM
- GoFundMe to send ‘Target Tori’ on vacation raises more than $30K Wednesday 6:54 PM
- Furries stop domestic assault in viral video Wednesday 6:10 PM
- Gritty under police investigation for allegedly punching a teen fan Wednesday 6:04 PM
- Twitter users throw animal parties with emoji in new meme Wednesday 5:21 PM
- Woman who went viral supporting Soleimani killing exposed as Libyan militia lobbyist Wednesday 5:01 PM
- Jeff Bezos subtweets Saudi prince following phone hack report Wednesday 3:29 PM
- ‘Yeah, good. OK’ Bernie Sanders meme is a new way to dismiss people Wednesday 3:10 PM
- ‘Vanderpump Rules’ recap: Petty displays of affection Wednesday 2:12 PM
- Makeup artist transforms into Timothée Chalamet on TikTok Wednesday 1:54 PM
- Iguanas are falling from trees—and people are selling them online for food Wednesday 1:02 PM
- 75,000 sign petition to fire Wendy Williams after ‘cleft lip’ comment about Joaquin Phoenix Wednesday 12:30 PM
- Kim Kardashian says Kylie Jenner’s setting spray is ‘cheap sh*t’ Wednesday 11:59 AM
- Trump continues to demand Apple unlock iPhones for the government Wednesday 11:46 AM
How the NSA identifies Tor users in 6 easy steps
Here’s a step-by-step breakdown of how the NSA attacks and attempts to identify users of the anonymous online network Tor.
In a recent article in the Guardian, security expert Bruce Schneier reported that the U.S. National Security Agency attacks users of the online anonymity network, Tor. Schneier’s article, based on the leaked documents of former intelligence contractor Edward Snowden, comes only days after the creator of Silk Road, a black market for anonymous online drug sales on Tor, was identified and arrested by the FBI.
Here is a breakdown of how the NSA leverages its massive spy operations—which include brokering deals with major telecoms and tapping directly into the backbone of the Internet—in order to identify Tor users:
1. Scan Internet traffic. The NSA uses programs like Stormbrew, Fairview, Oakstar, and Blarney. These programs were all categorized as “upstream” data collection programs on previous slides released by Snowden. Through them, the agency brokers deals with major telecoms and taps into the fibreoptic backbone of the Internet.
2. Mark Tor requests. As the NSA monitors the world’s Internet traffic, it creates what Schneier refers to as “fingerprints” of requests from Tor users to various servers. It stores these requests in searchable databases like XKeyscore, through which the NSA monitors emails, browsing histories, and Facebook chats, the latter in real time.
3. Sift out marked traffic. The NSA uses automatic sifting programs to separate marked Tor users from the pool of all Internet traffic. As Schneier wrote, “The very feature that makes Tor a powerful anonymity service, and the fact that all Tor users look alike on the Internet, makes it easy to differentiate Tor users from other web users.”
4. Send users to NSA servers. The NSA brokered deals with major telecom companies in order to redirect Tor users to a system of secret servers dubbed FoxAcid. Through these deals, the agency places what it calls Quantum servers at key points along the fibre optic infrastructure of the Internet. These servers pretend to be the legitimate server that the Tor user is trying to access. They then redirect the users to the FoxAcid system.
5. Attack users’ computers. Through the NSA controlled FoxAcid system, the agency launches attacks on Tor users. These attacks—which Schneier said exploits weaknesses in the Firefox browser—insert long-term eavesdropping applications onto the targeted computers.
6. Identify Tor users. After infiltrating a Tor user’s computer, the NSA spies on the user’s various activities, presumably collecting both metadata and content from their Internet use. From this information, they attempt to identify the user.
Despite these efforts, the NSA has apparently had little success identiying specific Tor users at will, and has been unable to peel back the veil of anonymity that protects the network as a whole.
“We will never be able to de-anonymize all Tor users all the time. With manual analysis we can de-anonymize a very small fraction of Tor users,” reads one slide from a leaked NSA presentation on anti-Tor initiatives.
The agency has had “no success de-anonymizing a user in response” to a specific request.
Photo by Ashtyn Renee/Flickr
Joe Kloc is a former Daily Dot contributor who covered technology and policy. He's contributed to Newsweek and Mother Jones, discussed his reporting on air with WNYC, and written Weekly Reviews for Harper's Magazine.