Science and Tech

Actions

NSA, GCHQ Agents Allegedly Undermining Efforts To Crack Tor

Tor's head of operations accuses GCHQ and NSA agents of providing bug reports for the project, effectively undermining the agencies they work for.
Posted

Anonymous browsing tool Tor might be improving thanks to some of the very organizations who reportedly intend to break it.

In an interview with the BBC, Tor's head of operations Andrew Lewman, said he's pretty certain agents from "both the UK Government Communications Headquarters and the US National Security Agency" have pointed out bugs in Tor's software and design.

Andrew Lewman: "There are plenty of people inside both organizations who can anonymously leak data to us ... and they have."

Lewman says because Tor chooses to accept completely anonymous bug reports, GCHQ and NSA agents can submit bugs without compromising their identity or job security. But that anonymity is what has media outlets saying "alleges" over and over again.

Andrew Lewman: "It's a hunch, you know, obviously we're not going to ask for details."

His hunch is based on the complexity and insight of the reported bugs. Lewman says there's a pretty narrow subset of people who can dedicate the amount of time and resources needed to tackle these vulnerabilities.

The NSA and GCHQ reportedly rely on these bugs to circumvent anonymity and reveal the identities of their respective targets. Tor has been used to access illicit drug trade networks and other illegal content. 

Keep in mind this is an organization partially funded by government agencies. Tor lists its current and past sponsors, which include the U.S. Department of State Bureau of Democracy, Human Rights, and Labor; the National Science Foundation; the Navy; and DARPA.

Business Insider suggests a report like this points to internal concerns over the amount of surveillance taking place within these agencies.

A writer for TechCrunch tidily, if somewhat snarkily, sums the whole thing up: "A project to help Internet users be private that the United States has funded in the past, and currently funds today, is being hacked by the NSA, while other actors of state agencies appear to be leaking found vulnerabilities to Tor itself. That's just so damn efficient it almost sounds like government."