NSA

Are Rogue NSA Agents Tipping Off Tor to Its Vulnerabilities?

|

The Tor Project is a great way for people to cover their tracks on the Internet. Because of this, some in the federal government, specifically the National Security Agency (NSA), really dislikes Tor. So it comes as a bit of a surprise that an executive with Tor claims that NSA agents helping the project. A few of them, at least.

Andrew Lewman, who handles operations for the Internet-anonymizer tool, claimes that he receives tip-offs on "probably [a] monthly" basis that he believes come from the NSA and Britain's equivalent agency, the Government Communications Headquarters. From the BBC:

"There are plenty of people in both organisations who can anonymously leak data to us to say—maybe you should look here, maybe you should look at this to fix this," he said. "And they have." …

He acknowledged that because of the way the Tor Project received such information, he could not prove who had sent it.

"It's a hunch," he said. "Obviously we are not going to ask for any details.

"You have to think about the type of people who would be able to do this and have the expertise and time to read Tor source code from scratch for hours, for weeks, for months, and find and elucidate these super-subtle bugs or other things that they probably don't get to see in most commercial software.

"And the fact that we take a completely anonymous bug report allows them to report to us safely."

He added that he had been told by William Binney, a former NSA official turned whistleblower, that one reason NSA workers might have leaked such information was because many were "upset that they are spying on Americans."

Reason covered some of the NSA's recent anti-Tor activities here

And, earlier this month, Reason's Elizabeth Brown noted that "the FBI is using hacker-like techniques to track Tor users, in an effort the agency calls 'Operation Torpedo.'" At the same time, Tor receives millions of dollars in funding from various federal agencies, like the State Department. 

As TechCrunch's Alex Wilhelm summarizes: "A project to help Internet users be private that the United States has funded in the past, and currently funds today, is being hacked by the NSA, while other actors of state agencies appear to be leaking found vulnerabilities to Tor itself. That's just so damn efficient it almost sounds like government."

NEXT: Federal Court Rules Connecticut Town Can't Claim Immunity for Deadly Botched SWAT Raid

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of Reason.com or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  1. “Hey. Back off! I’ll rip out your eyes and piss on your brain.”

  2. I guess Lewman doesn’t want to get anymore leaks…

  3. “It’s a hunch,” he said. “Obviously we are not going to ask for any details.

    “You have to think about the type of people who would be able to do this and have the expertise and time to read Tor source code from scratch for hours, for weeks, for months, and find and elucidate these super-subtle bugs or other things that they probably don’t get to see in most commercial software.

    Along with the Wired article’s hint that there’s at least one more non-Snowden leaker currently operating in the NSA, this gives me a little old-fashioned, libertarian-remnant hope.

    1. I hope Wired was considerate enough not to hint at anything that the NSA higher-ups weren’t already aware of.

  4. while other actors of state agencies appear to be leaking found vulnerabilities

    umm what evidence is there for this?

    As far as I can tell the only evidence presented in the article was that someone with a lot of time on their hands is helping anonymously…Which is not evidence at all.

    1. Also does this mean that 10 years from now Gore will say he invented TOR?

  5. Tor funding probably creates jobs in someone’s Congressional district.

    #iamdouglass

Please to post comments

Comments are closed.