Chaos Computer Club bolsters NSA spying complaint with Tor snooping evidence

The Chaos Computer Club wants new evidence to prompt an investigation into mass surveillance of German citizens

The German Chaos Computer Club said Wednesday that it has added to its legal complaint about U.S. spying on German citizens evidence that the NSA allegedly snooped on at least one of its Tor servers.

The CCC filed a complaint with Germany's federal prosecutor, Harald Range, in February, demanding an investigation into the German government's alleged involvement in the U.S. National Security Agency's mass surveillance of German citizens.

However, while Range started an investigation into the alleged tapping of Merkel's phone by the NSA in June, he said there wasn't enough evidence to start a similar investigation into the widely reported mass surveillance of German citizens.

The CCC hopes that new publications exposing data collection explicitly targeting servers that are used to connect to The Onion Router (Tor) network, a network that encrypts data traffic through random servers in order to obscure users' identities, will change Range's mind.

An investigation by German broadcasters revealed in early July that an NSA spying tool called XKeyScore is used to snoop on Tor users. A Tor server operated by computer science student Sebastian Hahn was identified as one of the NSA's targets by the broadcasters.

He's not the only Tor server operator who was identified though. The publication of parts of the search pattern code used in XKeyscore also "provides proof that data traffic to and from a CCC-operated server of the Tor network was explicitly collected and stored," the CCC said Wednesday.

"While other documents from the Snowden publications show that currently even the NSA isn't able to entirely de-anonymize Tor, the fact of the now documented surveillance of the CCC server demonstrates beyond doubt the aggressive surveillance with which the NSA targets German citizens," the CCC said. It is expanding the legal complaint filed in February to include this new evidence.

The organization called it "beyond comprehension" that Range started an investigation of the wiretapping of Merkel's phone while not acting on the mass surveillance of large parts of the entire population.

"For this reason we're urging the Federal Prosecutor General to stop blocking investigations and start doing his job to avoid public ridicule," the organization said, adding that his refusal to investigate is irresponsible and enhances suspicion that Range is "bowing to German as well as international intelligence services on judicial grounds."

Range's office did not immediately respond to a request for comment.

Loek is Amsterdam Correspondent and covers online privacy, intellectual property, open-source and online payment issues for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to

Join the CSO newsletter!

Error: Please check your email address.

Tags CriminalChaos Computer ClubNational Security Agencysecuritylegalprivacy

More about IDGNational Security AgencyNSA

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Loek Essers

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts