Headlines are declaring what some see as the makings of another chapter in the National Security Agency scandal. The NSA may have worked to break into the Tor anonymity network.
James R. Clapper, director of national intelligence, published a statement saying the intelligence community seeks to understand how these tools work and the kind of information being concealed.
"In the modern telecommunications era, our adversaries have the ability to hide their messages and discussions among those of innocent people around the world," Clapper said. "They use the very same social networking sites, encryption tools and other security features that protect our daily online activities."
Tor's Good and Bad Uses
We turned to John Shier, a systems engineer at Sophos, to get his thoughts on the headline. He told us Tor relies on your data packets being randomly and anonymously routed through several nodes on the Internet. At its most basic, Tor is made up of an entry node, a relay node and an exit node. Each node is only aware of the next hop in the chain. That safeguards the original sender information.
"Tor is a useful tool for anyone looking to increase their privacy online, much like always paying in cash and turning off GPS or location tracking in your mobile phone -- or ditching the phone altogether -- to name a couple of physical world tactics," Shier said. "Tor is also no different than any other openly available service or tool. It can be used for good and bad, like SEO."
As Shier sees it, the fact that the NSA -- and its many collaborators -- would be interested in such a service should come as no shock. Not only do well-intentioned people, such as privacy advocates and researchers, use Tor but so can copyright thieves, activists, dissidents, reformists, cyber-criminals, terrorists, and the like. Not all of the latter are bad but may attract the attention of law enforcement nonetheless.
Where's the Focus?
Shier concluded that the issue with Tor is the same as with some of the other NSA revelations that have recently come to light: To what degree is the agency limiting its focus on "legitimate" targets? How widely is the net being cast and what assurance do private, law-abiding citizens have that they're not being unjustly and/or illegally monitored?
"Another concern is the alleged use of malware to aid surveillance. We have already seen how zero-day exploits can and will be used by the criminal element to spawn new families of malware, such as Stuxnet, Duqu or Flame," Shier said.
"While it appears that the infections were targeted, there is no guarantee that the infections were limited to the designated targets. We have our hands full enough with the traditional criminal element releasing malware into the wild that we don't need well-funded government agencies joining the party."
Kevin O'Brien, enterprise solution architect at CloudLock, told us he's not surprised but he is disturbed.
"The NSA has demonstrated that the privacy of individuals is of no consideration or concern in light of their efforts to monitor all modern communication traffic, and any system that serves to make that more difficult is a target," he said. "Tor is a well-designed system focused on anonymity, so this targeting is to be expected. In a sense, this revelation may serve to complicate that effort, since the de-anonymizing effort is predicated on the NSA controlling the majority of the exits from the network and working a profiling angle."
From O'Brien's perspective, if the Tor community is serious about keeping the system secure, this represents an opportunity to dramatically increase the number of relays and exits being run for legitimate purposes, thereby lowering the chances of the NSA controlling a majority of the network.
One way the NSA has attempted to compromise Tor has been to use a flaw on a small fraction of Firefox browsers to install spy malware on the computers of users who visited compromised Web sites. The flaw since has been fixed on Firefox, and the attack, known as FoxAcid, no longer works.
"The FoxAcid details, and its use to gain long-term access to the clients it attacks, underscore another key point: If you care about privacy, assume that any system is compromised by default," O'Brien said. "A Linux .ISO-based OS that's running from read-only media -- like a DVD -- or a known-clean VM environment should be the default for anyone who is regularly using Tor."