As he spoke to the NSA, Dingledine said in an interview Friday, he suspected the agency was attempting to break into Tor, which is used by millions of people around the world to shield their identities. Documents provided to The Washington Post by former agency contractor Edward Snowden show that he was right.
Beginning at least a year before Dingledine’s visit, the NSA has mounted increasingly successful attacks to unmask the identities and locations of users of Tor. In some cases, the agency has succeeded in blocking access to the anonymous network, diverting Tor users to insecure channels. In others, it has been able to “stain” anonymous traffic as it enters the Tor network, enabling the NSA to identify users as it exits.
Tor works by encrypting traffic repeatedly as it flows across a global network of servers, mostly run by volunteers. The traffic, which can include e-mails, information from a Web site and almost anything else on the Internet, is supposed to arrive at its destination with no identifying information about its origin or the path it took.
The Snowden documents, including a detailed PowerPoint presentation, suggest that the NSA cannot see directly inside Tor’s anonymous network but that it has repeatedly uncloaked users by circumventing Tor’s protections. The documents also illustrate the power of the NSA to at least partially penetrate what have long been considered the most secure corners of the Internet.
The U.S. Naval Research Laboratory first developed Tor more than a decade ago as a tool to allow anonymous communications and Web browsing. It was embraced by privacy advocates, including the Electronic Frontier Foundation, and continues to receive substantial federal funding. Tor is now maintained by Dingledine’s nonprofit group, the Tor Project.
The State Department trains political activists worldwide on how to use Tor to protect communications from the intelligence services of repressive governments. But the anonymity service also has become popular with criminals — especially dealers of illicit drugs, military-grade weapons and child pornography — and terrorists seeking to evade tracking by Western intelligence services.
One of the documents provided by Snowden said an NSA technique code-named EGOTISTICALGIRAFFE had succeeded in unmasking 24 Tor users in a single weekend. The same operation allowed the NSA to discover the identity of a key propagandist for al-Qaeda in the Arabian Peninsula, as the group’s offshoot in Yemen is known, after he posted information and instructions on the group’s Web site.