Why the NSA Hates Tor, the Network That Protects Internet Anonymity
As I described yesterday, Tor is an open-source network that provides people connected to it a pretty strong, though not perfect, method for browsing the Internet anonymously. You have to be using it in order to access the so-called “Dark Web,” which is where Silk Road, the online bazaar of illicit drugs and other things, existed until its operator was arrested in San Francisco on Wednesday. The case has cast new attention on both the Dark Web and on Tor itself.
Given its roots as a project born at the U.S. Naval Academy, it’s a tad ironic that the NSA dislikes it so much, but it’s pretty clear from a slide deck on the subject leaked by former NSA contractor Edward Snowden and published by The Guardian today that its opinion is clear. The title of the deck is “Tor Stinks.”
The presentation shows that the agency struggled to defeat the anonymity that Tor provides. As of the time of the presentation, which is dated June of 2012, it hadn’t had much luck. “We will never be able to de-anonymize all Tor users all of the time,” the presentation says. Using what it calls “manual analysis,” it had had some success in “de-anonymizing” a small fraction of people using Tor.
The deck shows that the NSA sought some inspiration from the Government Communications Headquarters, the United Kingdom’s signals intelligence agency. Under a program called Remation II, the two sought to combine their resources to figure out some new methods for attacking Tor. The idea appears to be to operate a network of Tor-enabled relay servers and get access to others. It’s unclear how far the attack might have progressed by now.
The GCHQ also sought to peel back the onion — sorry, couldn’t resist — on the identity of Dark Web sites like Silk Road. These are the sites that operate in the hidden space on the Web, and which have weird, difficult-to-remember Web addresses that end in .onion. The goal of the efforts was to “harvest and enumerate .onion URLs,” the presentation says.
Another line of inquiry involved seeking information on .onion sites that happen to be running on Amazon Web Services, the commerce giant’s cloud computing service. The presentation says that the GCHQ set up its own Tor servers on AWS as part of the Remation II program.
One other idea: Poison the Tor network itself. In the penultimate slide, the presentation asks if it would make sense to set up a network of Tor nodes, advertise them as running at high speeds, while in fact they would run slowly. The point, the slide reads, would be “to degrade the overall stability of the network.” In the end the presentation seems to argue against that approach. “A critical mass of targets use Tor. Scaring them away from using it might be counterproductive.”
As with any technology providing anonymity, Tor can be used for good things and for bad things. Political activists in countries with repressive regimes use it to communicate securely when the likelihood of government surveillance is high, and in fact it was for this purpose that Tor was created. (It’s a pretty sure bet that Syrian rebels are using it, for example.) The development work is partially funded by the U.S. Department of Defense, the NSA’s parent agency, which is sort of awkward.
Anyway, the existence of the presentation is probably good news if you’re someone who has a non-criminal reason for protecting your anonymity on the Web. It means that even the powerful NSA has trouble coping with Tor, which means you can probably still use it with a reasonable amount of confidence, provided you’re doing it right. That doesn’t mean they won’t figure out a way to compromise it. But it will probably take some time.