NSA repeatedly tries to unpeel Tor anonymity and spy on users, memos show

NSA repeatedly tries to unpeel Tor anonymity and spy on users, memos show

Analysts grudgingly hail Tor as “king of high-secure, low-latency” anonymity.

  by       –    Oct 4 2013, 9:40pm +0300

The National Security Agency and its UK counterpart have made repeated and determined attempts to identify people using the Tor anonymity service, but the fundamental security remains intact, as top-secret documents published on Friday revealed.

The classified memos and training manuals—which were leaked by former NSA contractor Edward Snowden and reported by The Guardian, show that the NSA and the UK-based Government Communications Headquarters (GCHQ) are able to bypass Tor protections, but only against select targets and often with considerable effort. Indeed, one presentation slide grudgingly hailed Tor as “the king of high-secure, low-latency Internet anonymity.” Another, titled “Tor Stinks,” lamented: “We will never be able to de-anonymize all Tor users all the time.”

An article published separately by The Washington Post also based on documents provided by Snowden concurred.

“There is no evidence that the NSA is capable of unmasking Tor traffic routinely on a global scale,” the report said. “But for almost seven years, it has been trying.”

How the NSA might use Hotmail, Yahoo or other cookies to identify Tor users

How the NSA might use Hotmail, Yahoo or other cookies to identify Tor users

One of the more intriguing revelations in the most recent leak of NSA documents is the prospect that the spy agency is using browser cookies from Yahoo, Hotmail or the Google-owned DoubleClick ad network to decloak users of the Tor anonymity service.

One slide from a June 2012 presentation titled “Tor Stinks” carried the heading “Analytics: Cookie Leakage” followed by the words “DoubleclickID seen on Tor and nonTor IPs.” The somewhat cryptic slide led to rampant speculation on Twitter and elsewhere that the NSA and its British counterpart, the Government Communications Headquarters (GCHQ), are able to bypass Tor protections by somehow manipulating the cookies Google uses to track people who have viewed DoubleClick ads. Principal volunteers with the Tor Project believe such a scenario is “plausible,” but only in limited cases. Before explaining why, it helps to discuss how such an attack might work.

As documented elsewhere in the “Tor Stinks” presentation, the spy agencies sometimes use secret servers that are located on the Internet backbone to redirect some targets to another set of secret servers that impersonate the websites the targets intended to visit. Given their privileged location, the secret backbone nodes, dubbed “Quantum,” are able to respond to the requests faster than the intended server, allowing them to win a “race condition.” Government spies can’t track cookies within the Tor network, because traffic is encrypted during its circuitous route through three different relays. But if the spies can watch the Internet backbone, they may be able to grab or manipulate cookies once the data exits Tor and heads toward its final destination.

A slide later in the deck refers to something called “QUANTUMCOOKIE,” which purportedly “forces clients to divulge stored cookies.” There are multiple ways to interpret such a vague bullet point. One of the more plausible is that the Quantum backbone servers can be used to serve cookies not just from DoubleClick or Google, but from Yahoo, Hotmail, or any other widely used Internet service.