Jump to content
Not connected, Your IP:

How the NSA attacks Tor

Recommended Posts

Tor users often turn off vulnerable services like scripts and Flash when using Tor, making it difficult to target those services. Even so, the NSA uses a series of native Firefox vulnerabilities to attack users of the Tor browser bundle.


One of the top-secret documents provided by Snowen demonstrates how FoxAcid can circumvent commercial products that prevent malicious software from making changes to a system that survive a reboot process.




NSA and GCHQ target Tor network that protects anonymity of web users



PDFs of the leaked documents:






Rather than use the highly exploitable TBB on your desktop run these applications inside a virtual machine like VirtualBox or VMware Player. See reference to Tails in the Tor: 'The king of high-secure, low-latency anonymity' presentation.


Liberté Linux








Share this post

Link to post

I agree with virtualization being an additional layer of security.

I disagree with TBB being "highly exploitable". The leaked presentation clearly shows that digging up native FF vulns is a pain in the ass, even for the NSA.

So, they won't waste such vulns for wide-spread attacks against Joe Blow users. ¹ ³


Also, VirtualBox is not a security product and it's maintained by Oracle, a commercial vendor with an awful track record wrt to code quality and security management. ²




¹ Case in point: The FF vuln recently used by FBI for their "Torsploit" was no 0day, it was long patched - which either means they didn't have a better vuln for a more effective exploit - or they didn't want to waste it for this particular attack. 

² https://www.whonix.org/wiki/Advanced_Security_Guide#About_VirtualBox

³ "The good news is that they went for a browser exploit, meaning there's no indication they can break the Tor protocol or do traffic analysis on the Tor network. (..) you can target individuals with browser exploits, but if you attack too many users, somebody's going to notice." from: https://blog.torproject.org/blog/yes-we-know-about-guardian-article

all of my content is released under CC-BY-SA 2.0

Share this post

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Security Check
    Play CAPTCHA Audio
    Refresh Image

  • Create New...