Intelligence agents allegedly leak bugs to Tor developers

The most popular tool used by 2.5 million people per day to anonymously browse the internet, TOR, is apparently at the center of a spy versus spy scenario playing out between both British and American intelligence agents who are attempting to crack the software, but instead end up being undermined by colleagues.

It’s well known that governments worldwide work diligently to crack and find flaws in the TOR software, which is used by both intelligence agencies, bitcoiners, and criminals alike to hide their online activities.

But these new claims allege that flaws discovered by some spies are often leaked to the TOR developers by other spies who work on the same team, allowing the Tor team to quickly fix the vulnerabilities.

The allegations were made in a BBC interview by the head of Tor operations, Andrew Lewman, who said that leaks have previously come from both the UK and USA intelligence agencies including GCHQ and the NSA.

“There are plenty of people in both organizations who can anonymously leak data to us to say – maybe you should look here, maybe you should look at this to fix this,” Lewman told the BBC. “And they have.”

The tip-offs help Tor developers quickly fix security flaws, leading to continued and increased protection of users’ anonymity – users who include intelligence agents.

Lewman said that the Tor team receives anonymous tips from intelligence agencies on a monthly basis relating to various bugs and design issues that could render the Tor service less secure. But identifying the leakers is next to impossible, and the Tor team doesn’t bother asking for details relating to identities.

“You have to think about the type of people who would be able to do this and have the expertise and time to read Tor source code from scratch for hours, for weeks, for months, and find and elucidate these super-subtle bugs or other things that they probably don’t get to see in most commercial software. And the fact that we take a completely anonymous bug report allows them to report to us safely.”

NSA whistleblower William Binney reportedly told Lewman that one reason NSA workers might leak information is because they could be “upset that they are spying on Americans.”

Another potential reason is because the Tor software is still heavily relied upon by intelligence agents themselves. Tor was initially designed by the US Naval Research Laboratory to be used by intelligence agents to maintain anonymity in while abroad in hostile countries. If there is a flaw in the software, it could potentially expose the intelligence agents to threats. So informing the Tor developers of such bugs could be beneficial to their own intelligence agents as well.

A spokesman from the NSA public affairs office told the BBC, “we have nothing for you on this one.”

British GHCG commented saying “It is long-standing policy that we do not comment on intelligence matters. Furthermore, all of GCHQ’s work is carried out in accordance with a strict legal and policy framework, which ensures that our activities are authorized, necessary and proportionate.”

Lewman told the BBC:

“It’s sort of funny because it also came out that GCHQ heavily relies on Tor working to be able to do a lot of their operations.

So you can imagine one part of GCHQ is trying to break Tor, the other part is trying to make sure it’s not broken because they’re relying on it to do their work.

So it’s typical within governments, or even within large agencies, that you have two halves of the same coin going after different parts of Tor. Some protect it, some to try to attack it.”