NSA and GCHQ moles feeding Tor Project with bug reports, claims executive director

Spooks secretly helping us

The wizards of Tor are being fed bug reports by anonymous sources inside the agencies normally seen as trying to break its security, the NSA and GCHQ, the Project's executive director Andrew Lewman has claimed in a BBC interview.

Tor had received reports of flaws that seemed to come from people with intricate knowledge of how Tor's open source technology worked, he said.

"There are plenty of people inside both organisations who can anonymously leak data to us to say 'maybe you should look here' or 'maybe you should fix this," he said.

"We're been totally impressed at the level of bug reports we get both on the coding side oron the design side, he added. "You have to think through the type of people who would be able to do this and have the expertise and time to read Tor source code."

It's an extraordinary claim even if Lewman was quick to admit that he had no direct evidence that friendly spooks might be behind some of the well-informed bug reporting.

"It's a hunch," he said.

Unlike other open and closed source projects, Tor accepts anonymous flaw reporting.

And their motivation for leaking information on how Tor could make itself less hackable? Lewman referred to conversations with NSA whistleblower William Binnie, who had suggested to him that some inside the NSA were upset about Government spying.

That is a problem with basing a theory on Binnie - he resigned from the organisation in 2001 and hails from an era in which discussion of the NSA's power was confined to a small number of security experts and the odd journalist. It's hard to believe but pre-Snowden theories about NSA snooping were conversation killers.

As to the importance of Tor, "if your only adversary is the NSA or GCHQ you've probably already lost that battle because they're multi-billion agencies with fantastic capabilities," said Lewman. "You need a whole toolbox to be able to defeat adversaries like that."

People are trying to break from within into Tor and the suspicion is that one quite sophisticated attempt detected and publicised by the Project some weeks ago was connected to "irresponsible" researchers acting on behalf of the US Government.

Without doubt, other Governments around the world would love to find a way in too. As Tor's use grows, so does its importance on the privacy frontline.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.


More about GCHQNSA

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Brand Page

Stories by John E. Dunn

Latest Videos

More videos

Blog Posts