GCHQ and NSA security staff tip-off Tor developers over bugs

NSA and GCHQ staff are routinely tipping off Tor over bugs the security agencies are trying to exploit

Andrew Lewman, executive director of the Tor Project, has accused US and UK security services of repeatedly attempting to hack the anonymous web-browsing tool and infrastructure - but revealed that their efforts are being undermined by insiders tipping them off about bugs and vulnerabilities so that they can be fixed before security services exploit them.

In an interview with the BBC, Lewman claimed that leaks had come from both the US National Security Agency, as well as the UK's GCHQ high-tech spying agency.

"There are plenty of people in both organisations who can anonymously leak data to us to say - maybe you should look here, maybe you should look at this to fix this," he said. "And they have."

Lewman claims that his team receives tip-offs on a monthly basis about the bugs and design flaws that the NSA and GCHQ are seeking to crack and exploit - although he also admitted that because of the way in which Tor receives such information, he could not prove that agents at the two organisations were definitely responsible.

"It's a hunch," he said. "Obviously we are not going to ask for any details.

"You have to think about the type of people who would be able to do this and have the expertise and time to read Tor source code from scratch for hours, for weeks, for months, and find and elucidate these super-subtle bugs or other things that they probably don't get to see in most commercial software.

"And the fact that we take a completely anonymous bug report allows them to report to us safely."

Edward Snowden, the NSA whistleblower currently living in asylum in Russia, has released several documents that suggest that security agencies have sought to crack Tor.

Tor was originally designed by the US Naval Research Laboratory, and continues to receive funding from the US State Department.

Lewman coordinates the team of open source developers responsible for maintaining Tor, a web-browsing technology that runs on top of the Firefox web browser, which is also supported by thousands of volunteers providing encrypted points-of-presence all over the world. Tor enables people to both browse genuinely anonymously on the one hand, while providing access to websites not registered by Google and other search engines.

As such, while it has been used by people with a legitimate need to cloak their identity online, it has also been used for various illegal activities, such as the sale of firearms and class-A drugs.

Tor has clocked up approximately 150 million downloads and is used by about 2.5 million users every day.