Video Screencast Help
Security Community Blog

Tor – The Target of User’s Online Anonymity?

Created: 17 Oct 2013 • Updated: 17 Oct 2013
Avkash K's picture
+3 3 Votes
Login to vote

Hi All,

Tor is buzzing word nowadays due to attacks on it's "Anonymity" by NSA.

In this article, i have just tried to cover up all the techniques & methodologies being used by NSA for taking down onto Tor users. These contents are based on my understanding of the Snowden presentations & other internet articles released in past days.

TOR”:  this is the buzzing word around the security evangelists nowadays, especially after Snowden revelations.

TOR Introduction: Tor (The Onion Router) was originally designed and implemented by U.S. Naval research laboratory keeping U.S. navy in mind. Primarily it was designed with the intent of having anonymity in the government communication. Today, it is used by huge variety of people for various purposes inheriting anonymity.

 But, nowadays integrity of “this” “anonymity” of Tor is under question for several reasons. One of them is NSA-National Security Agency. Yes, it is said to be under attack by NSA.

It’s being carried out by “SID-Systems Intelligence directorate” which is app vulnerability branch of NSA. According to NSA presentation shared by Edward Snowden, NSA has developed techniques exploiting Tor browser bundle. This technique identifies the Tor users on Internet and executes the exploit against Firefox web browser. This trick is referred as CNE, Computer Network Exploitation.


Going Step By Step, first step is to identify the Tor users over the internet. This is not the tough task for NSA at all having partnership with US telecom firms under program codenamed Stormbrew, Fairview, Oakstar and Blarney.

There are many NSA tools available which has the capability of identifying the Tor users by monitoring internet. NSA uses the system called “XKeyscore”, a tool which collects information of Tor users provides with analysis of all the activity of those users.

Doing data analysis for Tor traffic on such an enormous amount of internet traffic is carried out with the tools codenamed such as Turbulence, Turmoil and Tumult.

Going towards next step, after identifying these Tor users on internet NSA uses some secret internet servers to redirect these users to another secret internet servers codenamed “FoxAcid”, to infect their computer. FoxAcid works as a platform between target machine and the attacks developed by NSA.

Once the target system compromised successfully, it setbacks connection to FoxAcid server where it’s being targeted for another round of attacks for acquiring long term control over target machine to send the required information back to NSA.

Though these types of attacks are not actual exploitation of Tor browser but yes it targets the Tor users.

There are also some hidden systems called Quantum, which tricks target users to visit FoxAcid servers. These Quantum systems are placed on internet backbone.





Blog Entry Filed Under: