The report was covering the way the NSA and other agencies in the “Five Eyes” program are working to compromise encryption methods and anonymous networks like TOR. In it are details of their work including the way they see each as a threat to security (without the whole privacy thing). There is no mention of the legitimate uses of Encryption or TOR. From the stand point of the NSA it is all bad…
Some of the top contenders are AES (Advanced Encryption Standard), SSH, TOR, PGP, and OTR. In this group they have yet to truly penetrate PGP and AES, the others have weaknesses that appear to have given them a foothold. OTR has issues with the application side of the house that leave it vulnerable to exploitation while TOR has some rather critical weaknesses in implementation that seem to excite the spying community.
With TOR, as we have said before, there is the plain truth that someone can track packets based on timing. If you know the time a packet left a suspect system you can find its entry point (possible one that is compromised) and map it through the system of proxies base on the time it exits back into the world. This type of exploit can take some time to setup and requires signal intelligence on the front end (entry points) and more data from the exit points. The timing needs to be down to the second to reduce false positives and mapping the wrong user to the wrong exit point. It is a method that has already been used to back track people through a network when a destination site and exit point IP is known, so the idea of tracking someone through the TOR network is not farfetched.
In the end there is nothing that is secure and it is only a matter of time before someone finds a way to break into it…
Tell us what you think in our Forum.