How the NSA Is Trying to Sabotage a U.S. Government-Funded Countersurveillance Tool

The Citizen's Guide to the Future
Oct. 4 2013 5:04 PM

How the NSA Is Trying to Sabotage a U.S. Government-Funded Countersurveillance Tool

The "Five Eyes" are watching you

Photo by KAREN BLEIER/AFP/Getty Images

The NSA called it “the king” of Internet anonymity.  But while the privacy-protecting Tor browser has proven to be a serious burden to the spy agency, that hasn’t stopped it trying to secretly subvert the popular counter-surveillance tool.

Ryan Gallagher Ryan Gallagher

Ryan Gallagher is a journalist who reports on surveillance, security, and civil liberties.

On Friday, newly released documents leaked by former NSA contractor Edward Snowden revealed the extent of the agency’s attempts to monitor Tor users’ Internet activity. Top-secret slides shed light on how the NSA has worked to infiltrate the Tor anonymity network in apparent cooperation with allied agencies in Britain and the other members of the “Five Eyes” network—Australia, New Zealand, and Canada. But the spies’ efforts to infiltrate Tor have not been entirely successful, which will come as welcome news to privacy advocates. One NSA slide notes: “we will never be able to de-anonymize all Tor users all the time.”


Tor works by masking users’ IP addresses, bouncing their connection through a complex network of computers. Each day, the tool is used by about 500,000 people, many of whom are pro-democracy activists in authoritarian countries, journalists, human rights advocates, and others whose work can be compromised by government surveillance or censorship. But the software can also be used by criminal groups and terrorist plotters, which makes it of particular interest to spy agencies.

According to the leaked slides published Friday by the Guardian, the NSA has devised a way to identify targeted Tor users, and it has the capacity to covertly redirect targets to a set of special servers called “FoxAcid.” Once identified as a target, the spy agency can try to infect a user with malware by preying on software vulnerabilities in the Mozilla Firefox browser. This capability was hinted at in a report by Brazilian TV show Fantastico in September. As I noted at the time, the British spy agency GCHQ appeared to be monitoring Tor users as part of a program called “Flying Pig.”

Notably, the leaked Snowden files on Tor may shed light on some of the tactics used by the U.S. government to identify the recently outed alleged mastermind of the Silk Road online drug empire. Silk Road operated on a hidden Tor server, which was tracked down by the feds and shut down. Back in August, the feds also managed to shut down a Tor server allegedly used to host images of child abuse. In a malware attack that was linked by researchers to the NSA, the FBI reportedly exploited a Mozilla vulnerability to target users—similar to the spy methods described in the Snowden documents.

Going after Tor users is clearly not easy for the spies, however, and they appear to have considered sabotaging the anonymity tool because it has proven difficult to infiltrate. One NSA presentation titled “Tor Stinks” shows the agency considering whether it would be possible to “deny/degrade/disrupt Tor users.” One option for degrading the stability of Tor posed by the NSA, the 2012 presentation states, could be to set up a “relay” used by Tor users to access the service, but deliberately making it frustratingly slow in order to destabilize the network. Other slides suggest British spooks at GCHQ set up clandestine Tor “nodes” used to monitor users, with Australia’s Defense Signals Directorate also assisting in GCHQ’s efforts.

Somewhat ironically, the Tor Project was originally borne out of a U.S. Navy program to protect government communications. The initiative still receives a large portion of its funding from the U.S. government: In 2012, for instance, the State Department and the Defense Department wrote checks to the Tor Project worth more than $1.2 million. This means that the U.S. government is publicly investing in keeping Tor strong—while at the same time, in secret, the NSA is trying to weaken it.

Future Tense is a partnership of SlateNew America, and Arizona State University.


Medical Examiner

The Most Terrifying Thing About Ebola 

The disease threatens humanity by preying on humanity.

I Bought the Huge iPhone. I’m Already Thinking of Returning It.

Scotland Is Just the Beginning. Expect More Political Earthquakes in Europe.

Students Aren’t Going to College Football Games as Much Anymore

And schools are getting worried.

Two Damn Good, Very Different Movies About Soldiers Returning From War

The XX Factor

Lifetime Didn’t Think the Steubenville Rape Case Was Dramatic Enough

So they added a little self-immolation.


Blacks Don’t Have a Corporal Punishment Problem

Americans do. But when blacks exhibit the same behaviors as others, it becomes part of a greater black pathology. 

Why a Sketch of Chelsea Manning Is Stirring Up Controversy

How Worried Should Poland, the Baltic States, and Georgia Be About a Russian Invasion?

Trending News Channel
Sept. 19 2014 1:11 PM Watch Flashes of Lightning Created in a Lab  
  News & Politics
Sept. 20 2014 11:13 AM -30-
Business Insider
Sept. 20 2014 6:30 AM The Man Making Bill Gates Richer
Sept. 20 2014 7:27 AM How Do Plants Grow Aboard the International Space Station?
  Double X
The XX Factor
Sept. 19 2014 11:33 AM Planned Parenthood Is About to Make It a Lot Easier to Get Birth Control
  Slate Plus
Slate Picks
Sept. 19 2014 12:00 PM What Happened at Slate This Week? The Slatest editor tells us to read well-informed skepticism, media criticism, and more.
Brow Beat
Sept. 20 2014 3:21 PM “The More You Know (About Black People)” Uses Very Funny PSAs to Condemn Black Stereotypes
Future Tense
Sept. 19 2014 5:03 PM White House Chief Information Officer Will Run U.S. Ebola Response
  Health & Science
Bad Astronomy
Sept. 20 2014 7:00 AM The Shaggy Sun
Sports Nut
Sept. 18 2014 11:42 AM Grandmaster Clash One of the most amazing feats in chess history just happened, and no one noticed.