*Note: the code has not actually been leaked to the public. I personally wouldn’t expect it to be made public anytime soon.
Two Germany-based Tor Directory Authority servers, among others, have been specifically targeted by the National Security Agency’s XKeyscore program, according to a new report from German public broadcaster ARD. Tor is a well-known open source project designed to keep users anonymous and untraceable—users’ traffic is encrypted and bounced across various computers worldwide to keep it hidden.
This marks the first time that actual source code from XKeyscore has been published. ARD did not say how or where it obtained the code. Unlike many other NSA-related stories, the broadcaster did not specifically mention the information being part of the trove leaked by whistleblower Edward Snowden.
XKeyscore is one of the high-level NSA surveillance programs that have been revealed via Snowden over the last year. The interface allows NSA and allied intelligence agencies to search all kinds of short-term data captured directly off of various Internet Exchanges worldwide.
This new code, which was published on Thursday, appears to flag people who are believed to live outside the United States and who request Tor bridge information via e-mail or who search for or download Tor or the security-minded TAILS operating system. Those users’ IP addresses can then be tracked for further monitoring.
The report’s authors include Jacob Appelbaum, a well-known American computer security researcher who has taken up residence in Berlin. Appelbaum is also a paid employee of the Tor Project. Two others listed as authors are either contractors or volunteers to Tor.
“Their research in this story is wholly independent from the Tor Project and does not reflect the views of the Tor Project in any way,” ARD stated in a disclosure. “During the course of the investigation, it was further discovered that an additional computer system run by Jacob Appelbaum for his volunteer work with helping to run part of the Tor network was targeted by the NSA. Moreover, all members of this team are Tor users and appear to be have been targets of the mass surveillance described in the investigation.”
The code specifically cites IP addresses of the Tor Directory Authority—these servers act as the nine high-level control points that make up the backbone of the Tor Network. These authorities are what keep track of new Tor relays, and they are updated every hour.
Tor was originally developed as part of the Onion Routing project at the US Naval Research Laboratory. While today it exists as an independent nonprofit organization headquartered in Massachusetts, it still receives 60 percent of its income (PDF) from US government sources. Tor is used by journalists, law enforcement, military officers, and activists worldwide.
Another rule in the published code shows that the NSA is also targeting users of an anonymous e-mail program called MixMinion, which is hosted on a server at the Massachusetts Institute of Technology. Roger Dingledine, who is the head of the Tor Project, also runs this MixMinion server.
Vanee Vines, the spokeswoman for the NSA, responded to Ars’ request for comment with the same statement that she provided to ARD: