Employees of the UK and US intelligence services have been helping the Tor network maintain anonymity of its users, claims Andrew Lewman, executive director of the Tor Project.
Lewman told the BBC that his development team regularly gets ‘tipped off’ when the National Security Agency (NSA) or Government Communications Headquarters (GCHQ) find a vulnerability that could compromise the security of the network.
“There are plenty of people in both organisations who can anonymously leak data to us to say – maybe you should look here, maybe you should look at this to fix this,” he said. “And they have.”
The Tor Project is a free encrypted network that is believed to conceal a user’s location and Internet use from anyone conducting network surveillance or traffic analysis. Originally sponsored by the US Naval Research Laboratory, today the project hosts a variety of content, from news and secure communication services to drugs bazaars and things like The Hidden Wiki, a collection of illegal instructions and manuals.
The documents released by Edward Snowden last year detailed repeated efforts by the NSA to crack Tor, and similar work has been conducted by the UK’s National Cyber Crime Unit (NCCU). The Russian government is currently trying to do the same.
Lewman claims that the network is warned about vulnerabilities discovered by government agencies almost every month, giving developers time to patch any holes before they can be abused. Although there’s no sure way to establish who sends these messages, he suggests such information could only come from someone intimately familiar with the workings of Tor.
“You have to think about the type of people who would be able to do this and have the expertise and time to read Tor source code from scratch for hours, for weeks, for months, and find and elucidate these super-subtle bugs or other things that they probably don’t get to see in most commercial software,” Lewman told the BBC.
He added that while the attempts to break the security of Tor have been well-documented, the safety of a large number of intelligence operatives relies on the integrity of the protocol, which is used by GCHQ to run some of its secret operations.
Last month, organisers of the Black Hat security conference cancelled a keynote which was apparently due to reveal how to track Tor users on a budget, after receiving a complaint from Carnegie Mellon University where this research was conducted.
Tor Project leader Roger Dingledine later said the Tor community had “a handle on what they did, and how to fix it.”
What do you know about Edward Snowden and the NSA? Take our quiz!
Two updates to Anthropic's AI chatbot Claude sees arrival of a new business-focused plan, as…
Most people in the United States view TikTok as a Chinese influence tool a poll…
UK regulator confirms it is investigating whether OnlyFans is doing enough to prevent children accessing…
Dismissed staff file complaint with a US labor board, and allege Google unlawfully terminated their…
Elon Musk dismisses two senior Tesla executives, plus the entire division that runs Tesla's Supercharger…
Eight newspaper publishers in the US allege Microsoft and OpenAI used their millions of their…