Two Germany-based Tor Directory Authority servers, among others, have been specifically targeted by the National Security Agency’s XKeyscore program, according to a new report from German public broadcaster ARD. Thor is a well-known open source project designed to keep users anonymous and anonymous—users’ traffic is encrypted and bounced across different computers around the world to keep it safe.
This is the first sign of actual source code from XKeyscore is published. ARD did not say how or where the code was obtained. Unlike many other NSA-related stories, the broadcaster did not specifically mention the information that was part of the trove leaked by whistleblower Edward Snowden.
XKeyscore is one of the top NSA surveillance programs that was revealed by Snowden last year. The interface allows the NSA and allied intelligence agencies to find all kinds of short-term data taken off of many Internet Exchanges worldwide.
This new code, which was published on Wednesday, appears to flag people who are believed to live outside the United States and who request Tor Bridge information via email or who search or download Tor or those who are secure. . TILS technology. Those users’ IP addresses may be tracked for further monitoring.
The report’s authors include Jacob Appelbaum, a well-known American computer security researcher who has taken up residence in Berlin. Appelbaum is also a paid employee of the Tor Project. The other two listed as authors are either employees or volunteers to Tor.
“Their research in this story is completely independent from the Tor Project and does not reflect the views of the Tor Project in any way,” ARD said in a statement. “During the course of the investigation, we have further discovered that an additional computer system that Jacob Appelbaum used for his volunteer work including helping to operate part of the Tor network was targeted by the NSA. Furthermore, all members of this group are Tor users and appear to have been the target of the mass surveillance described in the study. “
The special codes refer to the IP addresses of the Tor Directory Authority—these servers serve as the top nine control points that form the backbone of the Tor Network. These authorities are what keep track of new Tor relays, and they are updated every hour.
Tor was originally developed as part of the Onion pathway project at the US Naval Research Laboratory. While today it exists as an independent non-profit organization headquartered in Massachusetts, it still takes 60 percent of its income (PDF) from US government sources. Tor is used by journalists, law enforcement, military personnel, and activists around the world.
Another rule in the published code shows that the NSA is also targeting users of the so-called anonymous email system MixMinion, which is hosted on a server at the Massachusetts Institute of Technology. Roger Dingledine, who is the head of the Tor Project, also runs this MixMinion server.
Vanee Vines, a spokeswoman for the NSA, responded to Ars’ request for comment with the same information she provided to ARD:
In carrying out its mission, the NSA collects only what it is authorized by law to collect for valid foreign intelligence purposes—regardless of the technical means used by foreign intelligence targets. The communications of people who are not foreign intelligence targets are of no interest to the company.
In January, President Obama issued a statement US Presidential Policy 28which affirms that all individuals—regardless of nationality—have legitimate privacy interests in the handling of their personal information, and that privacy and civil liberties shall be important considerations in the design of intelligence services. US signal.
The President’s policy also makes it clear that the United States does not accept signals for the purpose of suppressing or suppressing criticism or opposition, or for disadvantaging people based on their race, ethnicity, gender, sexual orientation, or religion. .
XKeyscore is an analysis tool used as part of the NSA’s illegal signature intelligence collection program. Such tools have strong monitoring and compliance processes built into multiple levels. Using XKeyscore allows the agency to help protect the nation and protect US and allied forces abroad.
All NSA activities are carried out in accordance with the law, including the latest directive of the President.