How the NSA Is Trying to Sabotage a U.S. Government-Funded Countersurveillance Tool

The Citizen's Guide to the Future
Oct. 4 2013 5:04 PM

How the NSA Is Trying to Sabotage a U.S. Government-Funded Countersurveillance Tool

The "Five Eyes" are watching you

Photo by KAREN BLEIER/AFP/Getty Images

The NSA called it “the king” of Internet anonymity.  But while the privacy-protecting Tor browser has proven to be a serious burden to the spy agency, that hasn’t stopped it trying to secretly subvert the popular counter-surveillance tool.

Ryan Gallagher Ryan Gallagher

Ryan Gallagher is a journalist who reports on surveillance, security, and civil liberties.

On Friday, newly released documents leaked by former NSA contractor Edward Snowden revealed the extent of the agency’s attempts to monitor Tor users’ Internet activity. Top-secret slides shed light on how the NSA has worked to infiltrate the Tor anonymity network in apparent cooperation with allied agencies in Britain and the other members of the “Five Eyes” network—Australia, New Zealand, and Canada. But the spies’ efforts to infiltrate Tor have not been entirely successful, which will come as welcome news to privacy advocates. One NSA slide notes: “we will never be able to de-anonymize all Tor users all the time.”


Tor works by masking users’ IP addresses, bouncing their connection through a complex network of computers. Each day, the tool is used by about 500,000 people, many of whom are pro-democracy activists in authoritarian countries, journalists, human rights advocates, and others whose work can be compromised by government surveillance or censorship. But the software can also be used by criminal groups and terrorist plotters, which makes it of particular interest to spy agencies.

According to the leaked slides published Friday by the Guardian, the NSA has devised a way to identify targeted Tor users, and it has the capacity to covertly redirect targets to a set of special servers called “FoxAcid.” Once identified as a target, the spy agency can try to infect a user with malware by preying on software vulnerabilities in the Mozilla Firefox browser. This capability was hinted at in a report by Brazilian TV show Fantastico in September. As I noted at the time, the British spy agency GCHQ appeared to be monitoring Tor users as part of a program called “Flying Pig.”

Notably, the leaked Snowden files on Tor may shed light on some of the tactics used by the U.S. government to identify the recently outed alleged mastermind of the Silk Road online drug empire. Silk Road operated on a hidden Tor server, which was tracked down by the feds and shut down. Back in August, the feds also managed to shut down a Tor server allegedly used to host images of child abuse. In a malware attack that was linked by researchers to the NSA, the FBI reportedly exploited a Mozilla vulnerability to target users—similar to the spy methods described in the Snowden documents.

Going after Tor users is clearly not easy for the spies, however, and they appear to have considered sabotaging the anonymity tool because it has proven difficult to infiltrate. One NSA presentation titled “Tor Stinks” shows the agency considering whether it would be possible to “deny/degrade/disrupt Tor users.” One option for degrading the stability of Tor posed by the NSA, the 2012 presentation states, could be to set up a “relay” used by Tor users to access the service, but deliberately making it frustratingly slow in order to destabilize the network. Other slides suggest British spooks at GCHQ set up clandestine Tor “nodes” used to monitor users, with Australia’s Defense Signals Directorate also assisting in GCHQ’s efforts.

Somewhat ironically, the Tor Project was originally borne out of a U.S. Navy program to protect government communications. The initiative still receives a large portion of its funding from the U.S. government: In 2012, for instance, the State Department and the Defense Department wrote checks to the Tor Project worth more than $1.2 million. This means that the U.S. government is publicly investing in keeping Tor strong—while at the same time, in secret, the NSA is trying to weaken it.

Future Tense is a partnership of SlateNew America, and Arizona State University.



More Than Scottish Pride

Scotland’s referendum isn’t about nationalism. It’s about a system that failed, and a new generation looking to take a chance on itself. 

IOS 8 Comes Out Today. Do Not Put It on Your iPhone 4S.

Why Greenland’s “Dark Snow” Should Worry You

Three Talented Actresses in Three Terrible New Shows

The Human Need to Find Connections in Everything

It’s the source of creativity and delusions. It can harm us more than it helps us.


Happy Constitution Day!

Too bad it’s almost certainly unconstitutional.

The Ungodly Horror of Having a Bug Crawl Into Your Ear and Scratch Away at Your Eardrum

My Father Was James Brown. I Watched Him Beat My Mother. Then I Married Someone Like Him.

  News & Politics
The World
Sept. 17 2014 4:08 PM How Teflon Is Vladimir Putin's Popularity?
Business Insider
Sept. 17 2014 1:36 PM Nate Silver Versus Princeton Professor: Who Has the Right Models?
Sept. 17 2014 1:59 PM Ask a Homo: Secret Ally Codes 
  Double X
Sept. 17 2014 4:10 PM Can These Women Fix the NFL? Or will the NFL fix them?
  Slate Plus
Slate Fare
Sept. 17 2014 9:37 AM Is Slate Too Liberal?  A members-only open thread.
Brow Beat
Sept. 17 2014 4:07 PM Kern Your Enthusiasm: The Genius of Jenson’s Roman
Future Tense
Sept. 17 2014 12:35 PM IOS 8 Comes Out Today. Do Not Put It on Your iPhone 4S.
  Health & Science
Bad Astronomy
Sept. 17 2014 11:18 AM A Bridge Across the Sky
Sports Nut
Sept. 17 2014 3:51 PM NFL Jerk Watch: Roger Goodell How much should you loathe the pro football commissioner?