3 July 2014
NSA Hacks TOR in Germany, Calls Users Extremists
German named an extremist targeted by U.S. intelligence from the NSA
Published: 07.03.2014 05:00 clock
The NSA peeks specifically from German that deal with encryption on the Internet.
This emerges from a secret source, the NDR and WDR exists. NSA victim can
thus be identified by name. One of them is a student from Erlangen.
By Lena Kampf, Jacob Appelbaum and John Goetz, NDR
It is one of the most sensitive secrets of the NSA, the engine of the global
monitoring machine: the source code of the XKeyscore program, the most
comprehensive Ausspähprogramm of U.S. foreign intelligence.
NDR and WDR have excerpts of the source code. Parts of the collection
infrastructure ie, so-called software rules that define the intelligence,
what or who they want to investigate.
There are only a few numbers and characters to string together the programmer.
But when the program executes XKeyscore these rules, get people and their
data in their sights. The connections from computers to the Internet are
identified and stored in a database type. The users are quasi marked. It
is the dragnet of the 21st century.
the video file
Users of the Tor network aim of penetration
In the present source is about the spying infrastructure and the users of
the Tor network. Tor stands for "the onion router" - a program in which Internet
traffic, such as a query to a search engine, is passed through various servers
and lie encryption layers like an onion to make the request. Thus, the origin
of the request, so obscures the IP address. The IP address is like a mailing
address and reveals among other things, the location of the computer.
There are about 5,000 Tor servers worldwide which are operated by volunteers.
It is an anonymizing infrastructure, which is often used, especially in countries
where it is dangerous to abandon the regime, which websites you visited or
where they retrieve. In Iran and Syria, for example. Tor is used by journalists,
human rights activists and lawyers worldwide.
Popular German IP addresses in Fort Meade
The reporting of the "Guardian" on PowerPoint presentations from the Snowden
archive has shown in the past year that the Tor network the NSA is a particular
thorn in the side. The top-secret documents and the first time published
the source code show that the NSA is making significant efforts to
deanonymisieren users of the Tor network. Search of the NDR and WDR show:
German IP addresses are defined in the source code of the NSA as a unique
The IP 212 212 245 170 leads to a gray, factory-like building, whose high
walls are fenced with barbed wire. "On the Tower" is the street in an industrial
area near Nürnberg. There is a computer center with Mietservern in long
shelves. They all look the same. But one is spied on by the NSA. Sebastian
Hahn, a student and employee of the computer science department in Erlangen
has rented this server.
The program goal: TOR a thorn in the NSA.
Momentous commitment to the Internet community
In his spare time he is involved in the Tor network, as well as one of the
authors of this paper. The gate community trusts Sebastian Hahn especially:
He may run one of nine so-called "Directory Authorities". On his server is
a list, in which all Tor servers are listed. Users who connect to the Tor
network, automatically access to one of the nine "Directory Authorities"
to download the latest list. Hundreds of thousands of hits a day there are
at Sebastian Hahn.
All of these accesses are marked by the NSA and land according to research
by the NDR and WDR then in a special NSA database. In the source code appeared
even the name of the server on tap: "Gabelmoo" had called him cock predecessor,
Frankish for "fork man," as the Bamberger call a Poseidon statue lovingly.
"This is shocking," says Hahn. Because: "The connection data of millions
of people are listed every day." Sebastian Hahn found next to "Gabelmoo"
all other names of "Directory Authorities" in Berlin, the Netherlands, Austria,
Sweden and the USA. They are also target of the NSA.
Second notably known NSA victims
Although he is only a means to an end for the NSA - finally, the intelligence
want to filter on its server who uses the Tor network - Hahn feels violated
his privacy. Because he wanted to do something good, he random "in the focus
of the intelligence agencies," he says, visibly shocked. He is now probably
after German Chancellor Angela Merkel, the second known by name German
surveillance victims of American intelligence.
The lawyer specializing in IT law, Thomas Stadler, sees a "suspicion of
intelligence agents work". The Attorney General expressed only in general
terms: you examine all instructions. On request, the NSA shares only generally,
we consider strictly to the law: "privacy and civil liberties always be
considered in the computer monitor."
What you want to anonymize is deanonymized
Ironically, it is in accordance with the special rules that NDR and WDR present,
so just people with the desire for anonymity that are the target of the NSA.
In the eyes of the Secret Service: extremists. This is not rhetoric, no
journalistic escalation. The term is even in the Comment column of the source
text, quoted by programmers of the NSA.
Extremists? The opposite is the case, as the search point. The German victims
are politically to find not at the outer edge. Extreme they are alone on
one point: They are concerned about the security of their data. And that's
what makes them suspect in the eyes of the U.S. Secret Service.
How quickly do you become a "Extremist"
"Tails" is an operating system that uses the Tor network to post on the Internet
any traces, but nothing saves the user on the computer from which it is,
for example, on a USB stick, booted.
Darko Medic, 18, short brown hair, sitting in front of his laptop. He is
"Tails" and "USB" in the mask its search engine. What Darko not know: He's
just so also landed in a database of the NSA. Marked as one of the extremists,
they seek the secret service so diligently.
How the NSA spying friends and enemies and the consequences of that.
Because what the rules of the source code also revealed: The NSA observed
on a large scale search queries worldwide - also in Germany. Just the simple
search for encryption software, such as "Tails" is enough to get into the
grid of the NSA. The connection of the request with search engines makes
suspicious. His search for "Tails" opens a door, access to Darko and his
world. Once in the database, any inquiry from Darko can be accessed selectively.
Darko is under observation.
This Darko has traveled in the computer-AG so he learns how to protect themselves
from the spying by the NSA. "I do not think anyone is reading my e-mails,"
His seatmate has opened the website of the Tor project. His connection to
the site is now marked and stored in a database. For the entire Web page
of the Tor project is under observation. Everyone who visits them, like the
Neukölln students ends with a marker.
The NSA peeks specifically from people who deal with encryption on the Internet.
It's not just about metadata
In addition, it can be shown beyond reasonable doubt through the source code
for the first time, that the NSA is not only so-called metadata, ie connection
data reads. According programming command, e-mails used to connect to the
Tor network, then the contents of the so-called e-mail body, analyzed and
stored. The relevant quote from the source code reads: "email_body
('https://bridges.torproject.org/': c + + extractors"
William Binney, 70, was technical director of the NSA until he left in 2001
because the machines he invented, were directed against its own people. Today
he is testifying before the NSA Untersuchungssauschuss. In an interview with
NDR and WDR, he explains why the secret service have calculated it apart
to users of the Tor network: "There shall be no free, anonymous rooms give,"
he says. "They want to know everything about everyone."
Only a few are excluded: Registered in the source code, the NDR and WDR exists,
is the differentiation between the partner countries of the United States,
the so-called "Five Eyes", in New Zealand, Australia, Britain and Canada,
and other countries. Compounds that are made from the "Five Eyes" countries
on the Tor website, according to the present rule should not be marked. From
all other countries, however, already. Without exception.
More on the topic tonight at Panorama, 21.45 clock in the First