Civil Liberties

Are Rogue NSA Agents Tipping Off Tor to Its Vulnerabilities?

|

The Tor Project is a great way for people to cover their tracks on the Internet. Because of this, some in the federal government, specifically the National Security Agency (NSA), really dislikes Tor. So it comes as a bit of a surprise that an executive with Tor claims that NSA agents helping the project. A few of them, at least.

Andrew Lewman, who handles operations for the Internet-anonymizer tool, claimes that he receives tip-offs on "probably [a] monthly" basis that he believes come from the NSA and Britain's equivalent agency, the Government Communications Headquarters. From the BBC:

"There are plenty of people in both organisations who can anonymously leak data to us to say—maybe you should look here, maybe you should look at this to fix this," he said. "And they have." …

He acknowledged that because of the way the Tor Project received such information, he could not prove who had sent it.

"It's a hunch," he said. "Obviously we are not going to ask for any details.

"You have to think about the type of people who would be able to do this and have the expertise and time to read Tor source code from scratch for hours, for weeks, for months, and find and elucidate these super-subtle bugs or other things that they probably don't get to see in most commercial software.

"And the fact that we take a completely anonymous bug report allows them to report to us safely."

He added that he had been told by William Binney, a former NSA official turned whistleblower, that one reason NSA workers might have leaked such information was because many were "upset that they are spying on Americans."

Reason covered some of the NSA's recent anti-Tor activities here

And, earlier this month, Reason's Elizabeth Brown noted that "the FBI is using hacker-like techniques to track Tor users, in an effort the agency calls 'Operation Torpedo.'" At the same time, Tor receives millions of dollars in funding from various federal agencies, like the State Department. 

As TechCrunch's Alex Wilhelm summarizes: "A project to help Internet users be private that the United States has funded in the past, and currently funds today, is being hacked by the NSA, while other actors of state agencies appear to be leaking found vulnerabilities to Tor itself. That's just so damn efficient it almost sounds like government."