NSA targeted Tor users via Firefox flaw, reports say

Tor web page
Image caption The NSA tried to circumvent the Tor anonymity service by infecting Tor users' computers, according to leaked documents.

The NSA attempted to monitor Tor users by using security holes in the Firefox web browser, according to reports.

The US agency broke into computers to try to look at Tor anonymous communications, documents leaked by Edward Snowden have suggested.

The National Security Agency (NSA) had difficulty in undermining the encrypted Tor service itself, they said.

A security expert said the NSA appeared not to have yet managed to crack Tor.

US signals intelligence agency the NSA, and its UK counterpart GCHQ, have been involved in long-term efforts to try to undermine the Tor online anonymity service, according to leaked documents published by the Guardian newspaper.

The NSA and GCHQ have been implicated in spying on mass communications in a number of documents leaked by former US intelligence contractor Edward Snowden.

Tor (The Onion Router) tries to hide user identities, and the websites that people are looking at, by routing encrypted internet traffic through a number of volunteer computers.

One of the ways the NSA tried to get around Tor encryption was to infect Tor users' computers instead, according to a Guardian report.

Attempts to crack Tor

The leaked document, called "Tor Stinks", said that the NSA had no success in revealing Tor communications between criminal suspects.

Nevertheless, the agency had managed to "de-anonymise a very small fraction of Tor users".

The document outlined different avenues the NSA had explored, including placing small pieces of data called cookies on users' machines.

The agency also suggested slowing down communications over Tor using its own network of computers running Tor.

The NSA has the ability to "stain" people's website traffic as it enters Tor, and to identify it as it leaves, according to leaked documents published by the Washington Post.

Firefox infection

The NSA allegedly infected computers in an attempt to look at web traffic at both ends of the encrypted Tor communication path, rather than decrypt the path itself.

The agency used links with US telecoms companies to sift vast amounts of internet data and identify traffic from computers connecting to Tor, the report said.

Once the users' machines were identified, the NSA allegedly used secret internet servers, codenamed FoxAcid, to infect the computers with malicious software.

The NSA used software called EgotisticalGiraffe to attack vulnerable older versions of the Firefox web browser, the report said.

Firefox is included in a bundle of software provided to get users up and running with Tor.

The Tor service is intended for legitimate use by people in repressive regimes, but law enforcement agencies have been concerned that Tor can hide criminal and terrorist activity.

The US government published a statement on Friday saying that its interest in Tor and other means of online communication "is based on the undeniable fact that these are the tools our adversaries use to communicate and co-ordinate attacks against the United States and our allies".

Security expert Steven Murdoch said it was "strangely comforting" that the NSA had not managed to crack Tor.

"Tor seems not to be the weakest link," said Mr Murdoch, a Cambridge University researcher who contributes to the Tor Project.

"It looks like the weakest link is software on people's computers, in this case, older versions of Firefox," he said.

More on this story

Related Internet links

The BBC is not responsible for the content of external Internet sites