• Rebel NSA and GCHQ agents secretly help Tor in fixing bugs
    16 replies, posted
[QUOTE] Tor has claimed that the NSA and GCHQ cyber agents secretly help Tor by reporting bugs that can be patched to prevent it from being used for surveillance. Tor Project Executive director Andrew Lewman mentioned that the agents place a higher priority for fixing bugs in the privacy-preserving technology that would prevent the colleagues from using the flaws for surveillance. The Tor’s official site receives bug reports from users who remain anonymous and are reported to the company on a monthly basis. In an interview to BBC, Lewman said:“There are plenty of people in both organizations who can anonymously leak data to us to say – maybe you should look here, maybe you should look at this to fix this.”Lewman admitted that he was not exactly sure who reported the bugs though he mentioned to think about the type of people who have the expertise and analyze the source code of Tor for hours and report the bugs. Earlier, Edward Snowden had revealed that NSA was constantly looking up for vulnerabilities in Tor to target users for surveillance.The US has always been interested in the data from Tor while Russia has offered $100,000 for hacking it. Developed by US Naval Research Laboratory, Tor – The Onion Router is used extensively by human rights activists, military and others to access website anonymously. Government communications Headquarters also uses Tor for their operations. A section of GCHQ also tries to hack into Tor while a part of GCHQ reports flaws in the search engine as they use it for their operations. [/QUOTE] [url]http://thenextdigit.com/10936/rebel-nsa-gchq-agents-secretly-help-tor-fixing-bugs/[/url]
I've got a shitload of respect for someone who's got the balls to do that.
As much as I like to know not all SIGINT employees are baby-eating satan worshippers, I feel publicly announcing this means those agencies will crack down on their employees.
[QUOTE=kaine123;45782815]I've got a shitload of respect for someone who's got the balls to do that.[/QUOTE] And now the media has gone and blown their cover
Isn't this because governments have interest in a secure network but still want to catch criminals or something? [editline]poop[/editline] [quote]A section of GCHQ also tries to hack into Tor while a part of GCHQ reports flaws in the search engine as they use it for their operations.[/quote] Government infighting.
[QUOTE=carcarcargo;45782911]And now the media has gone and blown their cover[/QUOTE] Don't know why people are rating you disagree. If it weren't for this report, the agencies wouldn't know it was going on. Now they're going to be watching to see who's working with exploits that suddenly get fixed, and they're going to crack down or even prosecute the offenders. In publishing this to the world they've inadvertently stopped the leaks they're reporting on.
As unfortunate as it is that people will use such things for illegal activities, a secure, anonymous network is necessary to keep around.
[QUOTE=catbarf;45783200]Don't know why people are rating you disagree. If it weren't for this report, the agencies wouldn't know it was going on. Now they're going to be watching to see who's working with exploits that suddenly get fixed, and they're going to crack down or even prosecute the offenders. In publishing this to the world they've inadvertently stopped the leaks they're reporting on.[/QUOTE] Can they really be prosecuted for giving indirect hints to flaws in legal, public domain software they found on their own? Fired, sure, but what could they be prosecuted as?
[QUOTE=Awesomecaek;45783592]Can they really be prosecuted for giving indirect hints to flaws in legal, public domain software they found on their own? Fired, sure, but what could they be prosecuted as?[/QUOTE] I'm sure they could be called traitors or terrorists or whatever. It also probably wouldn't be too hard for the news media to get a good portion of the population rabid enough because "hurrf national security to protect muh freedums" that these peoples lives could be irreversibly fucked.
[QUOTE=kaine123;45783709]I'm sure they could be called traitors or terrorists or whatever. It also probably wouldn't be too hard for the news media to get a good portion of the population rabid enough because "hurrf national security to protect muh freedums" that these peoples lives could be irreversibly fucked.[/QUOTE] I find it hard to believe anyone would consider this a similar crime to leaking classified information - and this is besides the fact that the article doesn't necessarily imply that it's whistleblowing. It's possible they're doing this as part of their job - they're still interested in keeping Tor secure, just more secure for them than anybody else, so they want to be the only ones who can break it. It'd make sense to fix the bugs that might be allowing other people to do so. Maybe they want to keep the best bugs to themselves, and encourage everyone else to use it because it's apparently secure - like the whole "hey everyone use these enigma machines we captured from Germany, they're totally secure, yeah" thing, who knows :v:
[QUOTE=kaine123;45783709]I'm sure they could be called traitors or terrorists or whatever. It also probably wouldn't be too hard for the news media to get a good portion of the population rabid enough because "hurrf national security to protect muh freedums" that these peoples lives could be irreversibly fucked.[/QUOTE] But as it points out parts of the government itself use and want secure Tor, somebody would surely vouch for them at least on legal level.
Didn't the NSA write the specs for Tor?
[QUOTE=FalconKrunch;45783144]Isn't this because governments have interest in a secure network but still want to catch criminals or something? [editline]poop[/editline] Government infighting.[/QUOTE] You have some portions of the government wanting TOR to be valid and useful for their own purposes; you also have other portions of the same government doing their best to tear it apart.
[QUOTE=download;45783983]Didn't the NSA write the specs for Tor?[/QUOTE] It was originally sponsored by the U.S. Naval Research Laboratory, because they'd been working on onion routing with DARPA, but the NSA has never publicly worked on Tor. Right now, it's run by a 501(c)(3) nonprofit organization called The Tor Project, and they get most of their money from the U.S. State Department, and some other places. The US government is actually extremely dependant on the Tor network in a lot of cases, especially the FBI. Turns out, if you visit a child porn website from FBI's networks directly, they might just serve you teddy bears, instead of what they're really hosting.
[QUOTE=Awesomecaek;45783592]Can they really be prosecuted for giving indirect hints to flaws in legal, public domain software they found on their own? Fired, sure, but what could they be prosecuted as?[/QUOTE] If the agency has a vested interest in maintaining these vulnerabilities, then an officer using his inside knowledge to deliberately work against the interests of the agency would be considered an act of insubordination at least and treason at worst. Directly and deliberately working against your own agency is a very bad idea in government, let alone in the intelligence community. [editline]24th August 2014[/editline] [QUOTE=Capnscarlet;45783761]It's possible they're doing this as part of their job - they're still interested in keeping Tor secure, just more secure for them than anybody else, so they want to be the only ones who can break it. It'd make sense to fix the bugs that might be allowing other people to do so. Maybe they want to keep the best bugs to themselves, and encourage everyone else to use it because it's apparently secure - like the whole "hey everyone use these enigma machines we captured from Germany, they're totally secure, yeah" thing, who knows :v:[/QUOTE] Maybe, but then the reply from higher-ups would be that they weren't authorized to conduct an operation with global consequences on their own, without approval. Even if these agencies want to fix certain vulnerabilities, as far as they're concerned it's not up to individuals to decide.
[QUOTE=catbarf;45785688] Maybe, but then the reply from higher-ups would be that they weren't authorized to conduct an operation with global consequences on their own, without approval. Even if these agencies want to fix certain vulnerabilities, as far as they're concerned it's not up to individuals to decide.[/QUOTE] Yeah, but it's not exactly clear from that one source in the OP that they were doing it individually, it's not impossible that it's part of their job, such that they're told to send the bug reports to Tor by their superiors.
Sorry, you need to Log In to post a reply to this thread.