NSA 'targets' Tor web servers and users

The NSA has been targeting the Tor anonymising system to spy on its users, suggests a report.

German public broadcaster ARD, external said two Tor servers in Germany were actively being watched by the US spy agency.

Citing information given by official sources, ARD said almost anyone searching for Tor or installing it could be watched by the NSA.

Tor hides users' location and identity by randomly bouncing data through some of the machines making up the network.

Data is encrypted during the hops to better conceal who is visiting which page.

Information passed to ARD suggests the NSA has tapped into traffic to and from two German directory servers used by Tor to scoop up the IP (internet protocol) addresses of people who visited it.

Data passing in and out of these servers was vulnerable because it was unencrypted. Other directory servers might also have been watched.

The addresses the NSA grabbed were monitored via an analysis system it developed called XKeyscore, said ARD. XKeyscore works by snooping on information passing through the few exchanges around the world where data hops from one ISP to another.

Data grabbed from these sources was used to build up a a profile of the web browsing habits associated with those IP addresses.

Sites offering several other anonymising and privacy tools were also watched, said the ARD report.

"Merely searching the web for the privacy-enhancing software tools outlined in the XKeyscore rules causes the NSA to mark and track the IP address of the person doing the search," it said.

A spokeswoman for the NSA told news site Ars Technica, external: "XKeyscore is an analytic tool that is used as a part of NSA's lawful foreign signals intelligence collection system. Such tools have stringent oversight and compliance mechanisms built in at several levels.

"All of NSA's operations are conducted in strict accordance with the rule of law."