Donate for the Cryptome archive of files from June 1996 to the present

5 October 2013

NSA Tor Media Reports Stink, Disinformative

Related NSA and GCHQ Tor and related documents: 

2013-1365.htm         NSA EgotisticalGiraffe Differs in Guardian-WaPo  October 5, 2013
2013-1364.htm         NSA Informed on Tor by Roger Dingledine          October 5, 2013
2013-1363.htm         Packet Staining                                  October 5, 2013
2013-1359.htm         NSA Link Removed by Guardian                     October 5, 2013
2013-1357.pdf         NSA IAT Tor via/Guardian                         October 4, 2013 (2.7MB)
2013-1356.pdf         NSA Tor Stinks via/Guardian                      October 4, 2013 (4.2MB)                  
2013-1355.pdf         NSA Egotisticalgiraffe Tor Attack via/Guardian   October 4, 2013 (3.2MB)
2013-1354.pdf         NSA Report on Tor via/WaPo                       October 4, 2013
2013-1353.pdf         GCHQ on MULLENIZE Tor Staining via/WaPo          October 4, 2013
2013-1350.htm         Questioning Snowden Truth                        October 3, 2013
2013-1348.pdf         Glenn Greenwald and Janine Gibson Reddit Q&A     October 3, 2013
2013-1347.htm         The Guardian by the New Yorker                   October 3, 2013

And:

NSA tracks Google ads to find Tor users:

http://news.cnet.com/8301-1009_3-57606178-83/nsa-tracks-google-ads-to-find-tor-users/

Date: Sat, 5 Oct 2013 00:17:11 -0700
From: Andy Isaacson <adi[at]hexapodia.org>
To: liberationtech <liberationtech[at]mailman.stanford.edu>
Subject: Re: [liberationtech] 49 Page NSA analysis of Tor
Cc: cypherpunks[at]cpunks.org
On Fri, Oct 04, 2013 at 02:05:23PM -0700, d.nix wrote:

> Just published by Bart Gellman (Thanks Bart!):
> http://apps.washingtonpost.com/g/page/world/nsa-research-report-on-the-tor-encryption-program/501/

[The NSA report: http://cryptome.org/2013/10/nsa-tor.pdf]

This is the output of a student Summer Program project, as advertised here:

http://www.nsa.gov/careers/opportunities_4_u/students/undergraduate/msep.shtml

    Cryptanalysis and Exploitation Services Summer Program (CES SP)
    (formerly MSEP)

    The Cryptanalysis and Exploitation Services Summer Program (CES SP)
    is open to undergraduate students majoring in mathematics, computer
    science, or a major with a strong background in math and computer
    science.

Here's one interesting story about a summer program invitation:

http://mathbabe.org/2012/08/25/nsa-mathematicians/

The 2006 CES SP Tor paper is pretty superficial; they make several claims that don't bear up under the slightest analysis ("we might be able to MITM a Tor node because the certificates are self-signed") and don't seem to have developed any significant analysis or attacks on the
system.

This document doesn't give much insight into capabilities the IC has developed against Tor.  It's apparently quite common to run multiple research teams (either known or unknown to each other) against a single target, and a few summer students with a dozen lab machines is a pretty small investment.  I'd expect there are other programs with more sophisticated attacks, especially now 7 years later.

In fact the most enlightening fact about this paper might be that the NSA thought Tor was worth attacking *at all* in 2006.

I wonder if tor.eff.org has any referer logs from 2006 showing inbound traffic from http://wiki.gchq/ or similar.

-andy