An interesting article by Devin Coldewey, a contributing writer for NBC News.
Tor, a service that helps cautious Internet users stay anonymous online, is facing increased scrutiny and potentially new attacks as the global debate on surveillance and privacy escalates. A recent paper raises new concerns: Is Tor vulnerable to the likes of the National Security Agency?
A highly publicized NSA-level hack aimed at Tor users turned out, in the end, to not breach the service at all but rather the browser its users employed. Tor, which obscures Internet traffic by bouncing it between several nodes before letting it into the open, was not implicated in that hack, but that doesn’t mean it’s invulnerable.
Earlier this year, a paper describing a potential vulnerability in the service (PDF) was posted quietly to the Internet by its author, Aaron Johnson. He explained how a combination of secretly controlled Tor nodes and access to Internet service provider infrastructure could potentially reveal the identity of many users of the service. The FBI and NSA are always looking for a way to break Tor, and have the weight to lean on ISPs, so the threat is not necessarily just hypothetical.
The specifics of the hack are quite technical, but essentially, while it’s not enough to eavesdrop either from within Tor or via the Internet infrastructure, putting them together could let an “adversary” identify users or at least draw connections between IP addresses of interest.
Read more here.