Amid the furore over a German intelligence operative arrested on suspicion of being a double agent for the US, two German TV broadcasters have revealed a harrowing discovery – the NSA is targeting over a million users of the Tor IP anonymity network.
The two broadcasters, Norddeutscher Rundfunk (NDR) and Westdeutscher Rundfunk (WDR), claim that they have been given access to a next-generation version of XKeyScore (XKS), a server-based software program developed by the NSA that is able to "spider search" everything a targeted user is doing on the internet, including web browsing history, contents of emails and all social media interactions.
According to the broadcasters, the souped-up version of XKS goes one step further.
It is designed to spy on German internet by monitoring the two main Tor servers located in Berlin and Nuremberg, but it can also track specific users on Tor in other countries, even if they are using a non-public Tor relay for users in China and Iran, where governments block public relays of the Tor network.
What is Tor?
Tor, known as The Onion Router, is a web browser which can connect to sites on a part of the internet known as the Dark Web.
By routing the connection between the user and the website through thousands of different servers across the globe, tracking data sent through Tor is supposed to be impossible and Dark Web websites cannot be found through search engines like Google and Bing.
There are currently about 5,000 Tor servers worldwide operated by volunteers, and Tor is used by a wide range of people – from regular citizens concerned about their online privacy, to journalists, lawyers, human rights activists and hackers.
"They want to know everything about everyone"
NDR and WDR say that their findings are the result of months of interviews with former NSA employees, exclusive access to the new XKS source code, analysis by IT professionals and reviews of secret German government documents.
One such interviewee is William Binney, 70, a former technical director with the NSA who left in 2001 after seeing the agency use the technology he developed internally on its own people.
He told NDR and WDR: "There shall be no privacy or anonymity on the internet. They want to know everything about everyone."
The new XKS source code (located here) includes a wide range of rules that seem to particularly target people who are trying to stay private online, particularly users of other privacy-focused internet services such as Tails, FreeNet, HotSpotShield, FreeProxies.org, Centurian, MegaProxy, privacy.li and anonymous email service MixMinion.
However, the program apparently avoids specifically targeting users located in Australia, Canada, New Zealand and the UK – countries that are part of the Five Eyes intelligence alliance, but only for one particular rule in the code pertaining to searching and storing entire contents of emails.