During the morning hours on Dec. 16, Harvard University’s Emerson Hall was evacuated along with three other buildings. University officials received emails indicating the possibility of shrapnel bombs distributed throughout the campus. But after a thorough search no bombs were found. Later Eldo Kim confessed to the FBI his role in sending the emails.
The idea that law enforcement was able to quickly track down Kim — who stated he made the threats to get out of a test he was not prepared for — is not what makes this incident alarming. The concern comes from the fact that Kim sent the emails through Tor — an anonymity tool that has won both praise and scorn over recent years.
Kim, who sent the emails through Guerrilla Mail, which allows users to send emails without their IP address metadata being attached to the message over the Tor Network, should theoretically have been invisible as far as a third-party observer is concerned. Yet investigators were able to detect his usage of Tor over Harvard’s WiFi network and ascertain the possibility of Kim’s involvement.
This raises questions about Tor’s suitability as an anonymity tool, as thousands of journalists . In light of increased surveillance from the federal government, revelations — such as Edward Snowden’s leaking of classified National Security Agency’s documents to journalist Glenn Greenwald — may not be possible without the coverage Tor offers.
Flaws in Tor’s “invisibility” can literally mean the difference between life and death.
Censoring the media
In light of increasing Internet censorship worldwide, Tor, or the Onion Router, has grown to become safe access for free speech. Tor was originally promoted as an international diplomacy tool to help those behind censorship walls to communicate freely with the rest of the world. The network, which works by routing a message through a series of randomized, private servers that strip the originating server’s data from the message each time it is routed to a new network point and make the message “origin-less,” has been used to defeat state-instituted bans on content.
In Eritrea, all domestic media is controlled by the government, and no foreign reporters are granted access to the nation. The Ministry of Information dictates the details of domestic journalistic coverage. There are no unauthorized stories that are allowed to be published officially from within Eritrea.
“Every time [a journalist] had to write a story, they arrange for interview subjects and tell you specific angles you have to write on,” an exiled Eritrean journalist told the Committee to Protect Journalists, speaking on condition of anonymity. “We usually wrote lots about the president so that he’s always in the limelight.”
North Korea, Syria, Iran, Equatorial Guinea, Uzbekistan, Burma, Saudi Arabia and Cuba have all been singled out as having excessive limits on international and domestic coverage of their internal news. In a large part, this is propagandic control — by controlling access to the news, a government can warp and shape public opinion in a manner that best serves it. Syria, for example, imposed a news blackout that denied international journalists entry visas and attacked the nation’s citizen-journalist community.
«The censorship of the media existed far before the revolution, but it has increased since because [President Bashar] al-Assad wants to convey a particular picture to the outside world that the regime is fighting off terrorists who are causing the unrest,» said Eiad Shurbaji, a Syrian journalist who fled the country in January for fear of his life, to the CPJ. «Another tenet of Syria’s propaganda was that minorities would be at risk without the regime, he said. «Media censorship played a huge role in keeping Assad in power.»
Tor has been influential in undermining attempts to block the freedom of the press — from helping Voice of America to be broadcast in nations that ban American news to allowing communication between citizen journalists and protesters in some of the world’s most oppressive regimes. But many have dismissed Tor as a proper anonymity tool in light of recent revelations.
Law enforcement and anonymity
Despite its importance in the protection of oppressed voices worldwide, Tor’s alleged anonymity offers a tempting cover for illegal computer activities. Tor offers access to the Darknet or “deep web,” a private portion of the Internet, or internet — a network of computers capable of internetworking — that is not accessible using HTTP.
Some of the sites on the Darknet specialize in explicitly illegal activities — including the sale of illicit paraphernalia, money laundering, identity theft and child porn — which regularly places the Darknet on law enforcement’s radar. Recently, the Darknet site Silk Road — which sold illegal drugs, counterfeit identification and other banned merchandise — was seized by the federal government. As such, law enforcement has indicated a desire to break Tor’s anonymity.
This is problematic for two reasons. First, more than 60 percent of Tor’s funding comes from the federal government, with large percentages from the State Department, the Department of Defense — the NSA’s hosting department — and the National Science Foundation. The State Department, for example, saw Tor as being key to its Internet Freedom Program and its anti-censorship campaigns.
This leaves Tor uniquely susceptible to the NSA, the second problem. An increasing number of individuals suspect that the NSA — with the blessings of the administration — may have placed pressure on other agencies to allow the NSA access to Tor or to implement security weaknesses the NSA can exploit. This is in light of the revelations leaked by former NSA-contractor Edward Snowden about the scale and scope of the nation’s electronic eavesdropping.
Despite leaked reports indicating that the NSA has never been able to break Tor’s anonymity veil completely or has been able to de-anonymize an user in response to a request, the NSA has been able to de-anonymize Tor users — primarily by targeting the software used to access Tor. In one example, the NSA exploited a security loophole in Mozilla’s Firefox — the browser used to access the Darknet via Tor — giving NSA agents full access to the Tor user’s computer.
Attempts to circumvent Tor and conflicts of interest
Typically, law enforcement would look for telltale signs that a user’s signal has entered or exited the Tor network — such as a signal having a large number of “network exits” or a signal going to or coming from a known Tor server. Once the Tor user has been identified, the agency would then exploit the user’s computer software to verify Tor use.
The Firefox exploit was found to have been developed by the FBI, who seized Freedom Hosting — the largest provider of ultra-anonymous hosting — and used the servers to spread, via an error message, a malware package that alerted FBI computers of the media access control address of users that used the Tor browser bundle.
While Freedom Hosting did indeed host 95 percent of the world’s child porn websites, not all Darknet or Freedom Hosting sites were illicit — some were used for human rights and free speech protection. As the FBI virus attacked those users as well, many felt that this was an overstep in a long line of oversteps by the federal government.
More importantly, it reinforced the impression that Tor cannot be truly trusted. The federal government has a long history of working to ensure government access to private communications. In the 1990s, for example, the NSA promoted the Clipper Chip, which was “a cryptographic device purportedly intended to protect private communications while at the same time permitting government agents to obtain the ‘keys’ upon presentation of what has been vaguely characterized as ‘legal authorization.’”
The Clipper Chip would be installed in all telephones, and by simply telling the phone company it wants access to a certain user’s call, can record and eavesdrop on the conversation remotely.
The Clipper Chip was dismissed due to public outrage, but in September it was revealed that the NSA managed to have independent software publishers intentionally place NSA-exploitable security flaws in its consumer software.
“For the past decade, NSA has led an aggressive, multi-pronged effort to break widely used Internet encryption technologies,” said a 2010 memo describing the NSA accomplishments with the exploit program — “Bullrun” — for employees of its British counterpart, Government Communications Headquarters, or GCHQ. “Cryptanalytic capabilities are now coming online. Vast amounts of encrypted Internet data which have up till now been discarded are now exploitable.”
With the collapse of the Silk Road, an increasing number of Bitcoin raids and seizures and revelations about “Bullrun,” Tor’s credibility has been rocked. But many feel that Tor still offers the best shot for online anonymity. Tor defenders argue that as Tor is open source, many people are looking at and changing the code simultaneously. If the federal government attempts to place an exploit in the code, it would be noticed immediately. In addition, the NSA — to date — has yet proven itself able to go after a specific person on Tor. All of the NSA’s intercepts have been incidental.
But in light of increased attempts globally to circumvent regime censorship — including an explosion of malware use — Tor is less an anonymity cloak than a smokescreen designed to hide a user’s footprints on the Internet.
Yet as seen in Egypt during the Arab Spring, the use of Tor — as flawed as it is — helped to change a nation, despite attempts to circumvent the Egyptian people’s ability to share their stories among themselves and with the world.
Increasingly, security systems are flagging journalists not just for what they write, but for where they browsed to research a story or the people they interviewed. As authorities look harder at the way its people communicate, the harsher the glare on those who speak against the status quo will grow. As the challenges of reporting grow — not just in oppressive regimes — but across the industry at large, it becomes more important that avenues for free speech are assured. Currently, Tor is the best solution available to address this.
In a world where the right to speak freely is increasingly being challenged, flawed protection is better than no protection at all.