A method similar to the one the FBI used to take down Freedom Hosting

Oct 5, 2013 12:11 GMT  ·  By

To our knowledge, the NSA hasn't been able to circumvent Tor and de-anonymize users in bulk. The agency even thinks that it may never be possible to completely break Tor's protections. However, it has been successful in using vulnerabilities in other software and several other methods to discover the identities of Tor users.

One way it did this is by exploiting a vulnerability in an older version of the Firefox browser, on which the TOR browser bundle is based. This vulnerability was exploited to infect the computer running the browser with malware which then made it possible for the NSA to remotely connect to that computer and monitor everything that happened on it, including all Tor traffic.

Specifically, one attack method the NSA imaginatively named EgotisticalGiraffe, exploited a vulnerability in E4X, an XML extension for JavaScript. This vulnerability affected Firefox 11 through 16.0.2 as well as Firefox 10 ESR (extended support release) on which a previous Tor browser bundle was based.

The very same method was used by the FBI to go after Freedom Hosting which allegedly hosted a child abuse site on the Tor hidden web not long ago.

The vulnerability was fixed, in a way, whe Mozilla removed the E4X library from Firefox altogether. However, the NSA has access to a number of exploits which it can use depending on the target. Some of these vulnerabilities it finds itself, some it buys.

In all likelihood, NSA has an exploit or more right now that it could use against Tor users. The catch is though that it has to get users to visit specific sites to be able to exploit the vulnerabilities so, as usual, a little caution in what sites you visit will go a long way. Disabling JavaScript or plugins like Java or Flash will also help.