The NSA has been capable to use ad networks like Google’s and The Onion Router‘s (TOR) own entry and exit nodes on the Internet to follow targeted Tor users, according to a new article based on documents leaked by whistleblower Edward Snowden. Tor is funded by the US State Department and the Department of Defense, home of the NSA.
Tor states it is helping people “defend against traffic analysis, a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security.”
Robert Hansen, a browser researcher at a security company, White Hat Security, stated that Tor’s access node tracking isn’t new.
“A couple of years ago a hacking group published exactly 100 embassy passwords from Tor exit nodes. One hundred is too round of a number,” he said. “Just logically there must be more. If you get enough exit nodes and entrance nodes, they can be correlated together.”
“Just because you’re using Tor doesn’t mean that your browser isn’t storing cookies,” said Jeremiah Grossman, a co-worker of Hansen’s who also specializes in browser research and vulnerabilities.
The NSA is aware of Tor’s entry and exit nodes because of its Internet-wide surveillance.
“The very feature that makes Tor a powerful anonymity service, and the fact that all Tor users look alike on the Internet, makes it easy to differentiate Tor users from other Web users,” he wrote.
The NSA purchases advertisements from ad companies like Google and places them around Tor’s access points.
The NSA then cookies that ad, so that every time you go to a site the cookie identifies you. Even though your IP address changed [because of Tor], the cookies gave you away,” he went on to say.
Tor stated in a blog itself that the NSA has not been able to track every Tor user this way. “They are hard for any organization other than the NSA to reliably execute, because they require the attacker to have a privileged position on the Internet backbone,”.