Tor Is Being Kept Safe By Dissenting GCHQ And NSA Agents, Claims Project Director

Employees of the UK and US intelligence services have been helping the Tor network maintain anonymity of its users, claims Andrew Lewman, executive director of the Tor Project.

Lewman told the BBC that his development team regularly gets ‘tipped off’ when the National Security Agency (NSA) or Government Communications Headquarters (GCHQ) find a vulnerability that could compromise the security of the network.

“There are plenty of people in both organisations who can anonymously leak data to us to say – maybe you should look here, maybe you should look at this to fix this,” he said. “And they have.”

Spy games

The Tor Project is a free encrypted network that is believed to conceal a user’s location and Internet use from anyone conducting network surveillance or traffic analysis. Originally sponsored by the US Naval Research Laboratory, today the project hosts a variety of content, from news and secure communication services to drugs bazaars and things like The Hidden Wiki, a collection of illegal instructions and manuals.

The project simultaneously helps activists, dissidents and journalists evade oppressive governments, while also enabling cyber criminals to conduct their dealings in secret.

The documents released by Edward Snowden last year detailed repeated efforts by the NSA to crack Tor, and similar work has been conducted by the UK’s National Cyber Crime Unit (NCCU). The Russian government is currently trying to do the same.

Lewman claims that the network is warned about vulnerabilities discovered by government agencies almost every month, giving developers time to patch any holes before they can be abused. Although there’s no sure way to establish who sends these messages, he suggests such information could only come from someone intimately familiar with the workings of Tor.

“You have to think about the type of people who would be able to do this and have the expertise and time to read Tor source code from scratch for hours, for weeks, for months, and find and elucidate these super-subtle bugs or other things that they probably don’t get to see in most commercial software,” Lewman told the BBC.

He added that while the attempts to break the security of Tor have been well-documented, the safety of a large number of intelligence operatives relies on the integrity of the protocol, which is used by GCHQ to run some of its secret operations.

Last month, organisers of the Black Hat security conference cancelled a keynote which was apparently due to reveal how to track Tor users on a budget, after receiving a complaint from Carnegie Mellon University where this research was conducted.

Tor Project leader Roger Dingledine later said the Tor community had “a handle on what they did, and how to fix it.”

What do you know about Edward Snowden and the NSA? Take our quiz!