The massive data breach that dumped 400 gigabytes of secret information about the Hacking Team revealed that the Italian cyber arms dealer intended to hack the Tor anonymity network. While Tor administrators have denied that Hacking Team was successful, the proposal is just the latest reminder that the most popular privacy software in the world is considered a nuisance to foreign spy and security apparatus.
Tor, an acronym for “The Onion Router,” was invented by and continues to receive funding from the U.S. military. It was designed to enable free communication between American spies, privacy activists, dissidents and anyone else stationed or stuck in countries with repressed internet service. Tor adoption has steadily grown as international Internet users (and digital criminals) have realized that it’s one of the only ways to browse the Internet undetected.
Hacking Team’s plan to hack Tor is laid out in a 54-page PowerPoint slideshow that proposes infiltrating the network by first infecting specific users. Word that Hacking Team is trying to decrypt Tor came after an unknown group of hackers published 400 GB of Hacking Team’s emails, business contracts, source code and other files. The data dump immediately went viral, propelled by the news that Hacking Team sold invasive Zero Day spyware to brutal dictatorships and employees internally described notable privacy activists as radicals, along with a list of popular vulnerable passwords and other surprises.
Hacking Team’s plan to break Tor consisted of targeting an individual user (that’s key, as this doesn’t aim for mass surveillance), infiltrate their Internet service, then installing a bug that would allow Hacking Team to monitor that person’s unencrypted browsing activity. From there, Hacking Team would access the target’s Tor browser and redirect the connection through a computer controlled by Hacking Team, according to an explanation from the Tor Project.
The presentation isn’t dated, though a Motherboard analysis of Hacking Team’s internal emails implies the project has been ongoing since January 2015.
“The good news is that they don’t appear to have any exploit on Tor or on Tor Browser,” the Tor Project explained in a post after the 400 GB was published online. “The other good news is that their proposed attack doesn’t scale well. They need to put malicious hardware on the local network of their target user, which requires choosing their target, locating her, then arranging for the hardware to arrive in the right place. So it’s not really practical to launch the attack on many Tor users at once.”
It’s hardly a surprise that an influential surveillance technology manufacturer is trying to infiltrate the Tor network. Even though the U.S. Department of Defense funds much of Tor (DoD paid 60 percent of Tor’s bills in 2012) the National Security Agency has consistently failed to breach the dense network of connection nodes dispersed throughout the world.
But Tor was hacked last year. A Tor spokesman told International Business Times last summer that the anonymous network was not that anonymous between Jan. 30 and July 4 of last year. The hacker’s identity was never made public, but respected cybersecurity experts pointed the blame at researchers affiliated with the CERT Division of Carnegie Mellon’s Software Engineering Institute in Pittsburgh.
Hacking Team did not immediately respond to a request for comment for this story.