- SMB Spotlight
UK and US intelligence officers are tipping the Tor Project off about possible vulnerabilities in the anonymising network, according to developer Andrew Lewman.
Lewman, who oversees Tor operations, claimed the organisation has received a number of bug reports that look like they stem from intelligence officers and agents within the US National Security Agency (NSA) and UK Government Communications Headquarters (GCHQ).
"There are plenty of people in both organisations who can anonymously leak data to us to say, 'maybe you should look here, maybe you should look at this to fix this', and they have," he said during an interview with the BBC.
"It's a hunch. Obviously we are not going to ask for any details. You have to think about the type of people who would be able to do this and have the expertise and time to read Tor source code from scratch for hours, for weeks, for months, and find and elucidate these super-subtle bugs."
At the time of publishing the Tor Foundation, GCHQ and NSA had not responded to V3's request for comment on Lewman's comments.
Tor is a network built from volunteer nodes designed to let people surf the internet anonymously and host services without them indexing on the public internet. The network is commonly used by journalists in censored countries to relay information to the outside world and whistleblowers looking to report wrongdoing anonymously.
It is also used for criminal purposes and is known to host cyber black markets and illegal services. The GCHQ and NSA workers' alleged activities are contrary to most law enforcement and intelligence agencies' approach to Tor. Recent reports have suggested that most agencies and governments are actively working to find ways to track Tor users.
The Russian government is offering 3.9 million roubles, around £65,000, to anyone who can produce a system for finding data relating to those using Tor. An FBI child pornography sting on hidden web services provider Freedom Hosting led to concerns that the law enforcement agency is using websites hosted on Freedom Hosting's servers to track people using Tor in August 2013.
Government agencies are not the only groups working to hack Tor. The Foundation reported detecting evidence that an unknown private group was hunting for hidden services using a previously undiscovered vulnerability in March.