All the latest UK technology news, reviews and analysis

GCHQ and NSA spooks leaking Tor bugs to developers

22 Aug 2014
Spooks tipping Tor off about possible hacks

UK and US intelligence officers are tipping the Tor Project off about possible vulnerabilities in the anonymising network, according to developer Andrew Lewman.

Lewman, who oversees Tor operations, claimed the organisation has received a number of bug reports that look like they stem from intelligence officers and agents within the US National Security Agency (NSA) and UK Government Communications Headquarters (GCHQ).

"There are plenty of people in both organisations who can anonymously leak data to us to say, 'maybe you should look here, maybe you should look at this to fix this', and they have," he said during an interview with the BBC.

"It's a hunch. Obviously we are not going to ask for any details. You have to think about the type of people who would be able to do this and have the expertise and time to read Tor source code from scratch for hours, for weeks, for months, and find and elucidate these super-subtle bugs."

At the time of publishing the Tor Foundation, GCHQ and NSA had not responded to V3's request for comment on Lewman's comments.

Tor is a network built from volunteer nodes designed to let people surf the internet anonymously and host services without them indexing on the public internet. The network is commonly used by journalists in censored countries to relay information to the outside world and whistleblowers looking to report wrongdoing anonymously.

It is also used for criminal purposes and is known to host cyber black markets and illegal services. The GCHQ and NSA workers' alleged activities are contrary to most law enforcement and intelligence agencies' approach to Tor. Recent reports have suggested that most agencies and governments are actively working to find ways to track Tor users.

The Russian government is offering 3.9 million roubles, around £65,000, to anyone who can produce a system for finding data relating to those using Tor. An FBI child pornography sting on hidden web services provider Freedom Hosting led to concerns that the law enforcement agency is using websites hosted on Freedom Hosting's servers to track people using Tor in August 2013.

Government agencies are not the only groups working to hack Tor. The Foundation reported detecting evidence that an unknown private group was hunting for hidden services using a previously undiscovered vulnerability in March.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus

Devices at work poll

Which device do you use most for work?

Popular Threads

Powered by Disqus
LG G Flex 2 hands-on review

CES 2015: LG G Flex 2 video

A closer look at LG's latest curved-screen smartphone

Updating your subscription status Loading

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging


Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Assistant Account Manager - Hotels US-New York

Fast track your career with a leading online Travel and...

Business Analyst

Hudson is currently looking for a Business Analyst to...

Project Manager

Hudson is currently looking for a Project Manager to...

.NET Developer - Fastest Growing Social Media Firm - Birmingham

.NET Developer (ASP.NET, C#, C#.NET, dot NET, Web Application...
To send to more than one email address, simply separate each address with a comma.