On Nov. 1, 2007, the National Security Agency hosted a talk by Roger Dingledine, principal designer of one of the world’s leading Internet privacy tools. It was a wary encounter, akin to mutual intelligence gathering, between a spy agency and a man who built tools to ward off electronic surveillance.
According to a top-secret NSA summary of the meeting, Dingledine told the assembled NSA staff that his service, called Tor, offered anonymity to people who needed it badly – to keep business secrets, protect their identities from oppressive political regimes or conduct research without revealing themselves.
In the minds of NSA officials, Tor was offering protection to terrorists and other intelligence targets.
As he spoke to the NSA, Dingledine said in an interview Friday, he suspected the agency was attempting to break into Tor, which is used by millions of people around the world to shield their identities. Documents provided to the Washington Post by former agency contractor Edward Snowden show he was right.
Beginning at least a year before Dingledine’s visit, the NSA has mounted increasingly successful attacks to unmask the identities and locations of users of Tor. In some cases, the agency has succeeded in blocking access to the anonymous network, diverting Tor users to insecure channels. In others, NSA has been able to stain anonymous traffic as it enters the Tor network, enabling the NSA to identify users as it exits.
Tor works by encrypting traffic repeatedly as it flows across a global network of servers, mostly run by volunteers. The traffic, which can include emails, information from a website and almost anything else on the Internet, is supposed to arrive at its destination with no identifying information about its origin or the path it took.
The Snowden documents, including a detailed PowerPoint presentation, suggest that the NSA cannot see directly inside Tor’s anonymous network but that it has repeatedly uncloaked users by circumventing Tor’s protections. The documents also illustrate the power of the NSA to at least partially penetrate what have long been considered the most secure corners of the Internet.
The U.S. Naval Research Laboratory first developed Tor more than a decade ago as a tool to allow anonymous communications and Web browsing. It was embraced by privacy advocates, including the Electronic Frontier Foundation, and continues to receive substantial federal funding. Tor is now maintained by Dingledine’s nonprofit group, the Tor Project.
The State Department trains political activists worldwide on how to use Tor to protect communications from the intelligence services of repressive governments. But the anonymity service also has become popular with criminals – especially dealers of illicit drugs, military-grade weapons and child pornography – and terrorists seeking to evade tracking by Western intelligence services.
One of the documents provided by Snowden said an NSA technique code-named EGOTISTICALGIRAFFE had succeeded in unmasking 24 Tor users in a single weekend. The same operation allowed the NSA to discover the identity of a key propagandist for al-Qaida in the Arabian Peninsula after he posted information and instructions on the group’s website.
NSA anti-anonymity techniques are now also being used by law enforcement agencies. In August, civilian security researchers detected an FBI operation against an alleged child pornography ring that used a Tor-based Web server called Freedom Hosting. The FBI mounted a cyberattack to unmask the location and owner of that anonymous server, using precisely the technique described as EGOTISTICALGIRAFFE.
In a statement, Director of National Intelligence James Clapper, who oversees NSA and other intelligence agencies, said that the intelligence community seeks to understand tools that facilitate anonymous communication.