UK-based GCHQ and US-based NSA are mysteriously reporting vulnerabilities in anonymity-preserving software Tor in an attempt to crack its network, Tor’s leading developer has claimed.
Andrew Lewman, the Tor Project’s executive director, claimed that some cyber spies place a higher priority on fixing flaws in Tor than keeping secret bugs that might support their colleagues in their surveillance efforts on “dark web”.
“There are plenty of people in both organisations who can anonymously leak data to us to say – maybe you should look here, maybe you should look at this to fix this…And they have,” Lewman said.
According to Lewman, the organisation has received tips ‘most probably on a monthly basis’ from sources of the security agencies about bugs and design issues of Tor that potentially could compromise the service.
He, however, acknowledged that due to the manner in which the Tor Project received such info, the senders’ identity cannot be found and proved.
Elaborating the secret act by intelligence agencies of both the countries, Lewman said, “You have to think about the type of people who would be able to do this and have the expertise in it. Also they have ample time to read Tor source code from scratch for hours, for weeks, for months and finally find and elucidate these super-subtle bugs or other things that they probably don’t get to see in most commercial software.”
Reacting to the allegations made by the Tor’s top official, GCHQ spokesperson said, “It is our long-standing policy that we don’t comment on intelligence matters. GCHQ’s all work is carried out in accordance with a strict legal and policy framework, ensuring that all our activities are necessary, authorised and proportionate.”
NSA declined to comment on Lewman’s allegations.
The Tor project chief presented several instances to prove his submissions.
Firstly, the leaks from whistleblower Edward Snowden highlighted that the US security agency NSA is hovering up the Tor’s traffic for analysis and keeping a close and constant watch on probable vulnerabilities that would help it to unmask the identities of those who are using the anonymization software.
Earlier this month, reports emerged that the FBI was using “drive-by downloads” in a bid to expose child abusers using Tor.
While talking about GCHQ, Lewman said, “The UK’s security agency heavily relies on Tor for working on a lot of their operations.”
He further said, “You can imagine one part of GCHQ is trying to break Tor, the other part is trying to make sure it’s not broken because they’re relying on it to do their work.”
Tor: Anonymous Online
Tor, earlier known as The Onion Router, was developed by the US Naval Research Laboratory. It is being funded by the US State Department for long.
The software supports about 2.5 million users per day. The browser technology of Tor has been downloaded by a staggering 150 million times over the last 12 months.
The online anonymity software is used by all walks of people ranging from human rights activists, military, terrorists, spies, businesses and others.
As the software allows perseverance of users’ anonymity while surfing the web and accessing online services, Tor is extensively used in the unsavory works like malware distribution, sale of illegal drugs, posting images of child abuse.