NSA targeted Firefox flaws to break TOR communications

Written by James Delahunty @ 08 Oct 2013 4:54 User comments (6)

According to leaked documents, the National Security Agency (NSA) targeted flaws in the Firefox web browser to attempt to descramble communications over TOR.

The Onion Router - or TOR - is a network that seeks to provide anonymity to users communications either within the network, or with servers based on the Internet. When visiting a website through a browser configured to use TOR, the traffic back and forth bounces through several servers that could be anywhere worldwide in order to make it difficult for both ends of the communication to know the location/identity of the other.

Only the Exit Node - the last TOR node before accessing a web server - could potentially have access to unencrypted data but still would not be aware of the other end of the communication.

From leaked documents published by the Guardian, it appears the NSA was unsuccessful in breaking TOR, and so decided another route; attack the browser and even infect the computer of a potential target in an effort to unmask them and their communications.

Browser flaws could open up the possibility of being unmasked as they could force an unencrypted, un-tunnelled connection between the target computer and a third party server. It also leaves browsers open to the delivery of a malware payload.

The U.S. Government claims that it is an undeniable fact that TOR and similar services are used by adversaries to communicate.

Tags: Firefox nsa Tor

<iTunes Radio to expand to Canada, UK in 2014 >BBC to unveil new personalized iPlayer

6 user comments

18.10.2013 17:00

A5J4DX

Send private message to this user

Senior Member

wow

28.10.2013 17:23

Mrguss

Send private message to this user

Senior Member

NSA spy machine can target individuals with browser exploits, but if they attack too many users, somebody's going to notice.

Tor Q&A page:
http://tor.stackexchange.com

ALSO: NSA attempted to de-anonymize Tor, with little success:
http://www.dailydot.com/news/nsa-tor-cr...snowden-slides/

This message has been edited since its posting. Latest edit was made on 08 Oct 2013 @ 7:29

38.10.2013 18:26

GrandpaBW

Send private message to this user

AfterDawn Addict

Originally posted by A5J4DX:
wow

Reported.

48.10.2013 22:45

ddp

Send private message to this user

Moderator

A5J4DX, he does have a point about your posts as all of them are in the news comments & none in the other forums. except for your reply to this, don't post in the news forum for the next year or be banned.

This message has been edited since its posting. Latest edit was made on 09 Oct 2013 @ 4:43

59.10.2013 01:31

xtago

Send private message to this user

Senior Member

It's hard to say really, maybe to get access to servers within the TOR network it'd be quite hard but in and out torrent packet trackers prove it's not hard to find people who do use TOR and/or encrypt the packets as well.

615.10.2013 13:59

pmshah

Send private message to this user

Member

"The U.S. Government claims that it is an undeniable fact that TOR and similar services are used by adversaries to communicate."

Really ? Who are these adversaries they are talking about? Why do I need torrent network to communicate? BitTorrentSynch can do the job perfectly. I can put an encrypted document in a predefined folder on my machine. I could then send the pass word to the recipient in a manner that handles "for your eyes only" in a sort of face to face meeting or written communication. The transfer of files will happen without any other servers coming into the picture.

Believe me I have worked out a method that can encrypt a file and can never be decrypted by even the most powerful MSA servers. This too while just using available freeware encryption tools.

Comments have been disabled for this article.

	YouTube Premium starts showing ads to subscribers (13 Nov 2024 3:09) For years, YouTube Premium has been marketed as a way to enjoy an ad-free YouTube experience. But apparently, that is no longer the case, as Premium subscribers are now starting to see ads on the platform.
	Android 16 will launch sooner than expected (01 Nov 2024 6:45) Google announced that upcoming Android 16 will break the traditional once-a-year cycle of major Android launches. Next Android is poised to launch in Q2 of 2025, so Android 16 should ship before end of June, 2025.
	Winamp ends its "open source" project that wasn't really open source (20 Oct 2024 11:12) Less than a month after the legendary MP3 player Winamp made its source code public, the company has made a sudden U-turn and removed its code from distribution. 2 user comments
	Winamp released its source code - but didn't go open source (25 Sep 2024 12:38) The source code of Winamp has now been officially released. However, it hasn't become a pure open-source project, as its licensing terms prohibit the creation of new, different versions.
	Does your phone rattle? Here's why it happens (25 Aug 2024 8:30) When you shake your phone and hear a light rattle, clatter, or jingle, it's likely not broken. The culprit is probably the optical image stabilization (OIS) system in your phone's camera, meaning everything is functioning as it should. 2 user comments

	GUIDE: Wi-Fi speeds are slow? Here are some tips Having problems with Wi-Fi speed and stability at home? Here are some tips to follow to alleviate the issues. 1 user comment
	Guide: Phone battery drains quickly - how to fix (iPhone / Android) In this guide, we go through the most typical reasons for rapid battery drain with phones, and look at potential reasons or solutions.
	Guide: Is Your Wi-Fi Sluggish or Slow? Here's How to Fix Do you have problems with you Wi-Fi? Slow connection or is it cutting off constantly? This guide aims to remedy these problems. 1 user comment
	What IP rating for dust and water resistance means An IP classification (such as IP68) is given to mobile phones, Bluetooth speakers, and other devices, but what do these classifications mean? 1 user comment
	Does your phone rattle? Here's why it happens When you shake your phone and hear a light rattle, clatter, or jingle, it's likely not broken. The culprit is probably the optical image stabilization (OIS) system in your phone's camera, meaning everything is functioning as it should. 2 user comments

NSA targeted Firefox flaws to break TOR communications

6 user comments

Latest news

Reviews

Guides

News archive

Subscribe

Sections:

Follow us:

	Roborock S8 MaxV Ultra review - obstacle avoidance doesn't work as it should, otherwise almost perfect robot vacuum We put the Roborock S8 MaxV Ultra through a very, very long review process. The $1800 mopping robot vacuum is almost perfect, but its obstacle avoidance was surprisingly bad, considering the price - and compared to its competitors.
	Sharge x OnePlus Pouch review: Beautiful power bank that supports SuperVOOC charging In our review, we take a look at Sharge's power bank that supports OnePlus SuperVOOC quick charging technology as well as standard USB PD charging. It has small design flaws, but despite those, the Pouch is very nice product. 1 user comment
	Roomba Combo j7+ review - Clever trick allows robot vacuum finally to tackle home with rugs and carpets Roomba Combo j7+ is the very first Roomba model to combine robot vacuum with mopping features. And Roomba Combo j7+ does all that with a very clever trick, which tackles the problem with mopping and carpets. But is it any good? We found out.