

NSA and GCHQ agents 'leak Tor bugs', alleges developer - markmassie
http://www.bbc.com/news/technology-28886462

======
tptacek
He can't attribute the bugfixes, but he can obviously identify which ones they
are. He's made an extraordinary claim. Let's see some data. I'd sure like to
know which Tor bugs he thinks NSA leaked him.

~~~
mpyne
I think it would be amusing if these "sympathetic NSA agent tipoffs" are
actually tipoffs of bugs they've seen utilized by Iranian, Russian, etc.
intelligence agencies and would put activists friendly to American values at
risk, but can't be revealed publically since that would reveal those ever-
popular intelligence "sources and methods" of the NSA, or even the U.S.
Intelligence Community at large.

We already know that Tor is first and foremost a scheme to enable U.S. covert
and clandestine operations, so it wouldn't be that surprising to see the USG
trying to fine tune the balance of Tor security to be breakable against bugs
only they possess while ironclad against vulnerabilities known to the rest of
the world.

------
molecule
_> Mr Lewman said that his organisation received tips from security agency
sources on "probably [a]monthly" basis about bugs and design issues that
potentially could compromise the service._

 _> However, he acknowledged that because of the way the Tor Project received
such information, he could not prove who had sent it._

 _> "It's a hunch," he said._

~~~
tedunangst
Exactly. He just made a claim that can't be disproved, in fact won't even be
denied, but which he also doesn't need to present any evidence for.

------
stephen_g
It would make sense, because I expect that they use Tor a great deal
themselves.

Perhaps they only anonymously report the bugs that they detect someone else
potentially exploiting? I'm sure they would try to maintain their ability to
try and break the protocol, but perhaps if they think some other (non five-
eyes intelligence) actor has discovered the vulnerability then they report it.

------
tedunangst
Hundreds of millions of people rely on Tor? That's at a minimum like 10% of
the internet.

------
dang
Please do not editorialize article titles. That is against the site
guidelines.

(Edit: The submitted title was "NSA, GCHQ agents deliberately undermining Tor
surveillance efforts by NSA, GCHQ". Was in a rush and forgot to mention it
earlier.)

------
zachrose
With a name like "National Security Agency," you'd think that filing bugs
would be part their official duties in securing the nation.

~~~
adestefan
It is.

~~~
srslack
They don't seem to be doing their job very well, then, if President Obama had
to 'reaffirm' it:

[http://www.wired.com/2014/04/obama-zero-
day/](http://www.wired.com/2014/04/obama-zero-day/)

~~~
mpyne
There are bugfixes in the x.org code based from a "@tycho.nsa.gov" developer
that might even be from the Bush 43 Administration...

