NSA's XKeyscore Source Code Leaked! Shows Tor Users Classified As 'Extremists'
from the peeling-away-the-layers dept
We learnt about the NSA's XKeyscore program a year ago, and about its incredibly wide reach. But now the German TV stations NDR and WDR claim to have excerpts from its source code. We already knew that the NSA and GCHQ have been targeting Tor and its users, but the latest leak reveals some details about which Tor exit nodes were selected for surveillance -- including at least one in Germany, which is likely to increase public anger there. It also shows that Tor users are explicitly regarded as "extremists" (original in German, pointed out to us by @liese_mueller):
The source code contains both technical instructions and comments from the developers that provide an insight into the mind of the NSA. Thus, all users of such programs are equated with "extremists".
Such is the concern about Tor that even visitors to Tor sites -- whether or not they use the program -- have their details recorded:
not only long-term users of this encryption software become targets for the [US] secret service. Anyone who wants to visit the official Tor Web site simply for information is highlighted.
The source code also gives the lie to the oft-repeated claim that only metadata, not content, is gathered:
With the source code can be proven beyond reasonable doubt for the first time that the NSA is reading not only so-called metadata, that is, connection data. If emails are sent using the Tor network, then programming code shows that the contents -- the so-called email-body -- are evaluated and stored.
As well as all this interesting information, what's important here is that it suggests the source of this leak -- presumably Edward Snowden, although the German news report does not name him -- copied not just NSA documents, but source code too. As in the present case, that is likely to provide a level of detail that goes well beyond descriptive texts.
Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: content, extremists, gchq, metadata, nsa, source code, surveillance, tor, xkeyscore
Reader Comments
Subscribe: RSS
View by: Time | Thread
Who else here is an extremist?
Does this make Techdirt a terrorist/extremist group? (NSA generalization says everybody here is now a potential target ;D)
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re:
All of their definitions are so damn broad that is the only classification left that applies. Including our elected officials.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: I've got you all beat
So I'm sure I'm now considered a valid selector by the NSA. And thanks to Obama's two hop rule, by downloading this comment you are now a valid target to have all your email downloaded, read, processed and saved for later use by the government as they see fit.
[ link to this | view in chronology ]
Re:
That I wouldn't know. But obviously those guys in the NSA are extremists.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
Ditto that. And I used my work computer, too.
[ link to this | view in chronology ]
Re:
At least TD readers are aware of the issues. But I do feel bad for people like Ty Pennington, snowboarders, anyone who eats Doritos...
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
I'm the oldest one!
Let's all run out to wally world, grab a cheap laptop, toss a tor exit node on it, and fire it up. Let's see how many we can get going here!
[ link to this | view in chronology ]
Re: I'm the oldest one!
[ link to this | view in chronology ]
Re: Re: I'm the oldest one!
[ link to this | view in chronology ]
Re: Re: I'm the oldest one!
[ link to this | view in chronology ]
Re: Re: Re: I'm the oldest one!
[ link to this | view in chronology ]
Re: Re: I'm the oldest one!
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
As long as you are careful about how you are using TOR, it is still safe. That is until the NSA has all 3 of your nodes compromised...
A big caveat for the NSA though - while they may be able to compromise a few nodes here and there or set up a bunch of fake nodes, it is such a big network that it would be very unlikely to have both your entry and exit node at the same time. Plus, you can simply change your route through the TOR network with a single click, which should be done often anyway. 5 or 10 years from now, who knows...
Always treat TOR like you are being monitored and are already compromised. Switch routes frequently, never use the same user-agent, always rotate through names/accounts, never allow JS and always make sure cookies are cleared out and sessions are closed after every single use.
Plus, you can always use proxy-chains and go through a VPN before entering TOR - it doesn't slow you down at all since TOR is always slower than a VPN.
[ link to this | view in chronology ]
Re: Re:
https://cpunks.org//pipermail/cypherpunks/2014-July/004922.html
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re:
Tor on windows borders on futile. You can be exploited so many other ways.
The only way to approach security(if you really care) is holistically. Start with a secure OS from a trusted source, and build up from there. The tails project is a good way to achieve this without too much effort.
[ link to this | view in chronology ]
GitHub, anyone?
[ link to this | view in chronology ]
Re: GitHub, anyone?
bool isExtermest(std::string name) {
if (name != "John Smith") {
return true; // Not an american.
}
if (name == "John Smith") {
return true; // Obviously hiding something.
}
// Lots of irrelevant code.
return false;
}
[ link to this | view in chronology ]
Re: Re: GitHub, anyone?
bool isExtremist(std::string name) {
return true;
}
(* efficiency is important here after all, we can't waste processor cycles when we're processing everyone on the darned planet and in orbit around it, and we have built in capability for processing non-earth aliens by not using human characteristics as determinants)
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
Second - are you really trying to start up a real conversation on my bad "tor" pun thread?
[ link to this | view in chronology ]
Re: Re: Re:
2. I didn't really mean to divert your pun torrent either.
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
if BRL-CAD is free because it is a public work
[ link to this | view in chronology ]
Re: if BRL-CAD is free because it is a public work
[ link to this | view in chronology ]
Re: Re: if BRL-CAD is free because it is a public work
[ link to this | view in chronology ]
If Tor users are extremists,
[ link to this | view in chronology ]
Re: If Tor users are extremists,
[ link to this | view in chronology ]
Re: Re: If Tor users are extremists,
you got that right...
[ link to this | view in chronology ]
freedom fighters
[ link to this | view in chronology ]
Re: freedom fighters
[ link to this | view in chronology ]
Re: Re: If Tor users are extremists,
[ link to this | view in chronology ]
Suggestion for a secure PC & Internet in times of surveillance scandal
• + https://freenetproject.org (most secure anonymous filesharing software, which exists so far)
Regarding software the most important thing is to use a secure operation system; it's the fundament for everything, which you do with a PC regarding software. So it's a weakness, if on the one hand one relies on programs like the freenet project or TOR, but on the other hand does so on foundation of windows, which has a direct wire to the NSA.
[ link to this | view in chronology ]
Re: Suggestion for a secure PC & Internet in times of surveillance scandal
This inexorable connection to boum.org, *in and of itself*, is a red-flag pointing to Tails usage.
[ link to this | view in chronology ]
given their behavior
[ link to this | view in chronology ]
Re: given their behavior
> authors full blown terrorists.
Totally so. If George Washington and Thomas Jefferson were alive today, the US government would have a revolutionary war going against it.
[ link to this | view in chronology ]
Re: Re: given their behavior
[ link to this | view in chronology ]
Re: given their behavior
0_o
[ link to this | view in chronology ]
Next thing you know
[ link to this | view in chronology ]
Re: Next thing you know
[ link to this | view in chronology ]
mmm
God only knows now what they have no me.
[ link to this | view in chronology ]
Re: mmm
Ever seen the contents of a full background check? Now add in everything you've ever posted online, posted near you online, or referred to anything you've ever even viewed online.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
Does that make the NSA the Templars?
[ link to this | view in chronology ]
Whatever is an extremist
[ link to this | view in chronology ]
Re: Whatever is an extremist
Obviously Whatever is fine with it, because all copyright/NSA fanboys are masochists by nature. How else could they loudly and proudly claim more copyright extensions and surveillance betters culture and society, while still keeping a poker face?
[ link to this | view in chronology ]
Re: Whatever is an extremist
[ link to this | view in chronology ]
At this point...
[ link to this | view in chronology ]
Well, since we're already extremists...
I mean, you never know when that kind of thing will be handy, as an extremist.
[ link to this | view in chronology ]
I am an extremist
Waihopai, INFOSEC, Information Security, Information Warfare, IW, IS, Priavacy, Information Terrorism, Terrorism Defensive Information, Defense Information Warfare, Offensive Information, Offensive Information Warfare, National Information Infrastructure, InfoSec, Reno, Compsec, Computer Terrorism, Firewalls, Secure Internet Connections, ISS, Passwords, DefCon V, Hackers, Encryption, Espionage, USDOJ, NSA, CIA, S/Key, SSL, FBI, Secert Service, USSS, Defcon, Military, White House, Undercover, NCCS, Mayfly, PGP, PEM, RSA, Perl-RSA, MSNBC, bet, AOL, AOL TOS, CIS, CBOT, AIMSX, STARLAN, 3B2, BITNET, COSMOS, DATTA, E911, FCIC, HTCIA, IACIS, UT/RUS, JANET, JICC, ReMOB, LEETAC, UTU, VNET, BRLO, BZ, CANSLO, CBNRC, CIDA, JAVA, Active X, Compsec 97, LLC, DERA, Mavricks, Meta-hackers, ^?, Steve Case, Tools, Telex, Military Intelligence, Scully, Flame, Infowar, Bubba, Freeh, Archives, Sundevil, jack, Investigation, ISACA, NCSA, spook words, Verisign, Secure, ASIO, Lebed, ICE, NRO, Lexis-Nexis, NSCT, SCIF, FLiR, Lacrosse, Flashbangs, HRT, DIA, USCOI, CID, BOP, FINCEN, FLETC, NIJ, ACC, AFSPC, BMDO, NAVWAN, NRL, RL, NAVWCWPNS, NSWC, USAFA, AHPCRC, ARPA, LABLINK, USACIL, USCG, NRC, ~, CDC, DOE, FMS, HPCC, NTIS, SEL, USCODE, CISE, SIRC, CIM, ISN, DJC, SGC, UNCPCJ, CFC, DREO, CDA, DRA, SHAPE, SACLANT, BECCA, DCJFTF, HALO, HAHO, FKS, 868, GCHQ, DITSA, SORT, AMEMB, NSG, HIC, EDI, SAS, SBS, UDT, GOE, DOE, GEO, Masuda, Forte, AT, GIGN, Exon Shell, CQB, CONUS, CTU, RCMP, GRU, SASR, GSG-9, 22nd SAS, GEOS, EADA, BBE, STEP, Echelon, Dictionary, MD2, MD4, MDA, MYK, 747,777, 767, MI5, 737, MI6, 757, Kh-11, Shayet-13, SADMS, Spetznaz, Recce, 707, CIO, NOCS, Halcon, Duress, RAID, Psyops, grom, D-11, SERT, VIP, ARC, S.E.T. Team, MP5k, DREC, DEVGRP, DF, DSD, FDM, GRU, LRTS, SIGDEV, NACSI, PSAC, PTT, RFI, SIGDASYS, TDM. SUKLO, SUSLO, TELINT, TEXTA. ELF, LF, MF, VHF, UHF, SHF, SASP, WANK, Colonel, domestic disruption, smuggle, 15kg, nitrate, Pretoria, M-14, enigma, Bletchley Park, Clandestine, nkvd, argus, afsatcom, CQB, NVD, Counter Terrorism Security, Rapid Reaction, Corporate Security, Police, sniper, PPS, ASIS, ASLET, TSCM, Security Consulting, High Security, Security Evaluation, Electronic Surveillance, MI-17, Counterterrorism, spies, eavesdropping, debugging, interception, COCOT, rhost, rhosts, SETA, Amherst, Broadside, Capricorn, Gamma, Gorizont, Guppy, Ionosphere, Mole, Keyhole, Kilderkin, Artichoke, Badger, Cornflower, Daisy, Egret, Iris, Hollyhock, Jasmine, Juile, Vinnell, B.D.M.,Sphinx, Stephanie, Reflection, Spoke, Talent, Trump, FX, FXR, IMF, POCSAG, Covert Video, Intiso, r00t, lock picking, Beyond Hope, csystems, passwd, 2600 Magazine, Competitor, EO, Chan, Alouette,executive, Event Security, Mace, Cap-Stun, stakeout, ninja, ASIS, ISA, EOD, Oscor, Merlin, NTT, SL-1, Rolm, TIE, Tie-fighter, PBX, SLI, NTT, MSCJ, MIT, 69, RIT, Time, MSEE, Cable & Wireless, CSE, Embassy, ETA, Porno, Fax, finks, Fax encryption, white noise, pink noise, CRA, M.P.R.I., top secret, Mossberg, 50BMG, Macintosh Security, Macintosh Internet Security, Macintosh Firewalls, Unix Security, VIP Protection, SIG, sweep, Medco, TRD, TDR, sweeping, TELINT, Audiotel, Harvard, 1080H, SWS, Asset, Satellite imagery, force, Cypherpunks, Coderpunks, TRW, remailers, replay, redheads, RX-7, explicit, FLAME, Pornstars, AVN, Playboy, Anonymous, Sex, chaining, codes, Nuclear, 20, subversives, SLIP, toad, fish, data havens, unix, c, a, b, d, the, Elvis, quiche, DES, 1*, NATIA, NATOA, sneakers, counterintelligence, industrial espionage, PI, TSCI, industrial intelligence, H.N.P., Juiliett Class Submarine, Locks, loch, Ingram Mac-10, sigvoice, ssa, E.O.D., SEMTEX, penrep, racal, OTP, OSS, Blowpipe, CCS, GSA, Kilo Class, squib, primacord, RSP, Becker, Nerd, fangs, Austin, Comirex, GPMG, Speakeasy, humint, GEODSS, SORO, M5, ANC, zone, SBI, DSS, S.A.I.C., Minox, Keyhole, SAR, Rand Corporation, Wackenhutt, EO, Wackendude, mol, Hillal, GGL, CTU, botux, Virii, CCC, Blacklisted 411, Internet Underground, XS4ALL, Retinal Fetish, Fetish, Yobie, CTP, CATO, Phon-e, Chicago Posse, l0ck, spook keywords, PLA, TDYC, W3, CUD, CdC, Weekly World News, Zen, World Domination, Dead, GRU, M72750, Salsa, 7, Blowfish, Gorelick, Glock, Ft. Meade, press-release, Indigo, wire transfer, e-cash, Bubba the Love Sponge, Digicash, zip, SWAT, Ortega, PPP, crypto-anarchy, AT&T, SGI, SUN, MCI, Blacknet, Middleman, KLM, Blackbird, plutonium, Texas, jihad, SDI, Uzi, Fort Meade, supercomputer, bullion, 3, Blackmednet, Propaganda, ABC, Satellite phones, Planet-1, cryptanalysis, nuclear, FBI, Panama, fissionable, Sears Tower, NORAD, Delta Force, SEAL, virtual, Dolch, secure shell, screws, Black-Ops, Area51, SABC, basement, data-haven, black-bag, TEMPSET, Goodwin, rebels, ID, MD5, IDEA, garbage, market, beef, Stego, unclassified, utopia, orthodox, Alica, SHA, Global, gorilla, Bob, Pseudonyms, MITM, Gray Data, VLSI, mega, Leitrim, Yakima, Sugar Grove, Cowboy, Gist, 8182, Gatt, Platform, 1911, Geraldton, UKUSA, veggie, 3848, Morwenstow, Consul, Oratory, Pine Gap, Menwith, Mantis, DSD, BVD, 1984, Flintlock, cybercash, government, hate, speedbump, illuminati, president, freedom, cocaine, $, Roswell, ESN, COS, E.T., credit card, b9, fraud, assasinate, virus, anarchy, rogue, mailbomb, 888, Chelsea, 1997, Whitewater, MOD, York, plutonium, William Gates, clone, BATF, SGDN, Nike, Atlas, Delta, TWA, Kiwi, PGP 2.6.2., PGP 5.0i, PGP 5.1, siliconpimp, Lynch, 414, Face, Pixar, IRIDF, eternity server, Skytel, Yukon, Templeton, LUK, Cohiba, Soros, Standford, niche, 51, H&K, USP, ^, sardine, bank, EUB, USP, PCS, NRO, Red Cell, Glock 26, snuffle, Patel, package, ISI, INR, INS, IRS, GRU, RUOP, GSS, NSP, SRI, Ronco, Armani, BOSS, Chobetsu, FBIS, BND, SISDE, FSB, BfV, IB, froglegs, JITEM, SADF, advise, TUSA, HoHoCon, SISMI, FIS, MSW, Spyderco, UOP, SSCI, NIMA, MOIS, SVR, SIN, advisors, SAP, OAU, PFS, Aladdin, chameleon man, Hutsul, CESID, Bess, rail gun, Peering, 17, 312, NB, CBM, CTP, Sardine, SBIRS, SGDN, ADIU, DEADBEEF, IDP, IDF, Halibut, SONANGOL, Flu, &, Loin, PGP 5.53, EG&G, AIEWS, AMW, WORM, MP5K-SD, 1071, WINGS, cdi, DynCorp, UXO, Ti, THAAD, package, chosen, PRIME, SURVIAC
[ link to this | view in chronology ]
So wait
[ link to this | view in chronology ]
Oldie, but a Goody
(will this put the MPAA on the extremist list?)
http://www.imdb.com/title/tt0066473/
[ link to this | view in chronology ]
Kafka called...
-------------
Fowler, Geoffrey A. (17 December 2012). Tor: An Anonymous, And Controversial, Way to Web-Surf. Wall Street Journal. Retrieved 3 July 2014
[ link to this | view in chronology ]
Re: Kafka called...
[ link to this | view in chronology ]
Re: Kafka called...
Next they'll be arguing in court that because it's so government-funded, users have no expectation of privacy!
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
So curiosity suicide-bombed the cat then?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
So what makes a citizen a terrorist, anything and everything these days.
If you visit sites that preach dissent against any form of government misconduct congrats your a terrorist. If you protest anything peaceful or violent, your a terrorist. If you question your government over anything again your labelled a terrorist.
Just look at the NDA to see extreme examples of how "national security" trumps the constitution.
[ link to this | view in chronology ]
Extremely extremist sensitive
[ link to this | view in chronology ]
Re: Extremely extremist sensitive
[ link to this | view in chronology ]
From now on I will make TOR my landing site, and TAILS my Main O/S
From now on I will make TOR my landing site, and TAILS my Main Linux O/S.
Now Good luck NSA be my daily guest!
[ link to this | view in chronology ]
jokers.....
this is not the xkeyscore code. everyone who works with this kind of data knows, this is only a selector for something but nothing more.
do you realy believe the sourcecode for xkeyscore is somewhere on the table ? even, this short piece of code is never ever "The xkeyscore sourcecode".
.....
over and out
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Not just interested in encryption...
Well, according to the code snippet at NSA Targets the Privacy-Conscious for Surveillance, it goes just a bit beyond that...
In fact, NSA captures every web search containing one of these words: "linux", "USB", "CD", "IRC" (Internet Relay Chat). They also capture anyone who goes to any article whatsoever that begins with "http://linuxjournal.com/content/linux". Does that sound like "interested in encryption" to you?
This fits right in with my ideas of the NSA: When they claim they want x, they just capture everything and keep it all. If challenged, they say something like, "No, really, we were only interested in 'x'."
Should we believe that? When, in this case, they capture every web search that contains the words above, whether it involves encryption or not?
[ link to this | view in chronology ]
Re: Not just interested in encryption...
It is sensitive to all the linuxjournal.com articles matching the lead-in, though.
[ link to this | view in chronology ]
hay
Isn't Germany where NewsCorp found someone to make code to help folks download card codes for their competitors' TV satellite services? So that's sort of like tor, passing around the pirated shite, but hoping it kills the competition at the same time.
Did you catch that criminal activity, NSA? Have you redeployed it?
[ link to this | view in chronology ]
David Cameron's email in Rebekah Brooks' BlackBerry was reported to the Leveson court to have lost its content after spending three weeks in police custody. The other email had text, so my bet is that's David's Tempora file well passed it's sellbuy date, gone meta after 30 days. Who's the Rose Mary Woods this time? Home Secretary. GCHQ, you silly beans.
Give Cameron what he deserves, a big BlackBerry Pie in the facebook, Germany! Your pastry is vastly superior to his.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
boss
I am a security enthusiastic and most importantly I AM A MUSLIM.
move along kids Boss is here ;)
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]