The wizards of Tor are being fed bug reports by anonymous sources inside the agencies normally seen as trying to break its security, the NSA and GCHQ, the Project’s executive director Andrew Lewman has claimed in a BBC interview.
“There are plenty of people inside both organisations who can anonymously leak data to us to say ‘maybe you should look here’ or ‘maybe you should fix this,” he said.
“We’re been totally impressed at the level of bug reports we get both on the coding side or…on the design side, he added. “You have to think through the type of people who would be able to do this and have the expertise and time to read Tor source code.”
It’s an extraordinary claim even if Lewman was quick to admit that he had no direct evidence that friendly spooks might be behind some of the well-informed bug reporting.
“It’s a hunch,” he said.
Unlike other open and closed source projects, Tor accepts anonymous flaw reporting.
And their motivation for leaking information on how Tor could make itself less hackable? Lewman referred to conversations with NSA whistleblower William Binnie, who had suggested to him that some inside the NSA were upset about Government spying.
That is a problem with basing a theory on Binnie – he resigned from the organisation in 2001 and hails from an era in which discussion of the NSA’s power was confined to a small number of security experts and the odd journalist. It’s hard to believe but pre-Snowden theories about NSA snooping were conversation killers.
As to the importance of Tor, “if your only adversary is the NSA or GCHQ you’ve probably already lost that battle because they’re multi-billion agencies with fantastic capabilities,” said Lewman. “You need a whole toolbox to be able to defeat adversaries like that.”
People are trying to break from within into Tor and the suspicion is that one quite sophisticated attempt detected and publicised by the Project some weeks ago was connected to “irresponsible” researchers acting on behalf of the US Government.
Without doubt, other Governments around the world would love to find a way in too. As Tor’s use grows, so does its importance on the privacy frontline.