NSA and GCHQ agents leak Tor bugs [350]

The Tor Project's's executive director has alleged members of the NSA and GCHQ regularly leak it details of flaws the agencies have discovered in its code.

By fixing these flaws, the project can protect users' anonymity, he explained.

The agencies declined to comment.

The allegations were made in an interview given to the BBC by Andrew Lewman, who is responsible for all the Tor Project's's operations.

"There are plenty of people in both organisations who can anonymously leak data to us to say - maybe you should look here, maybe you should look at this to fix this," he said.

"And they have."

Mr Lewman is part of a team of software engineers responsible for the Tor Browser - software designeded to prevent it being possible to trace users' internet activity. The programs involved also offer access to otherwise hard to reach websitessites - some of which are used for illegal purposes.

Mr Lewman said that his organisation received tips from security agency sources on "probably [a]monthly" basis about bugs and design issues that potentially could compromise the service.

However, he acknowledged that because of the way the Tor Project received such information, he could not prove who had sent it.

"It's a hunch," he said.

"Obviously we are not going to ask for any details.

"You have to think about the type of people who would be able to do this and have the expertise and time to read Tor source code from scratch for hours, for weeks, for months, and find and elucidate these super subtle bugs or other things that they probably don't get to see in most commercial software.

"And the fact that we take a completely anonymous bug report allows them to report to us safely."

He added that he had been told by William Binney, a former NSA official turned whistleblower, that one reason NSA workers might have leaked such information was because many were "upset that they are spying on Americans".

In response, a spokesman from the NSA's public affairs office said: "We have nothing for you on this one."

A spokesman for GCHQ said: "It is long-standing policy that we do not comment on intelligence matters. Furthermore, all of GCHQ's work is carried out in accordance with a strict legal and policy framework, which ensures that our activities are authorised, necessary and proportionate."

The BBC understands, however, that GCHQ does attempt to monitor a range of anonymisation services in order to identify and track down suspects involved in the online sexual exploitation of children, among other crimes.

The reporter Glenn Greenwald has also published several articles, based on documents released by the whistleblower Edward Snowden, alleging that both agencies have attempted to crack Tor as part of efforts to prevent terrorism.

A security expert who has done consultancy work for GCHQ said he was he was amazed by Mr Lewman's allegation, but added that it was not "beyond the bounds of possibility".

"It's not surprising that agencies all over the world will be looking for weaknesses in Tor," commented Alan Woodward.

"But the fact that people might then be leaking that to the Tor Project so that it can undo it would be reallyly very serious.

"So if that is happening, then those organisations are going to take this very seriously."

Tor was originally designeded by the US Naval Research Laboratory, and continues to receive funding from the US State Department.

It is used by the military, activists, businesses and others to keep communications confidential and aid free speech.

But it has also been used to organise the sale of illegal drugs, host malware, run money laundering services, and traffic images of child abuse and other illegal pornography.

Mr Lewman said that his organisation provided advice to law enforcement agencies, including the FBI and the UK's Serious Crime Agency (Soca), to help them understand how Tor worked in order to aid their investigations.

But he criticised cyberspies who carried out orders to undermine Tor's protections.

"We are around 30 people in total, and think of the NSA or GCHQ with their tens of thousands of employees and billions of pounds of budget," he said.

"The odds there are obviously in their favour.

"It's sort of funny because it also came out that GCHQ heavily relies on Tor working to be able to do a lot of their operations.

"So, you can imagine one part of GCHQ is trying to break Tor, the other part is trying to make sure it's not broken because they're relying on it to do their work.

"So, it's typical within governments, or even within large agencies, that you have two halves of the same coin going after different parts of Tor. Some protect it, some to try to attack it."

He added that the Tor browser had been downloaded 150 million times in the past year, and that it currently supported about 2.5 million users a day.

"Hundreds of millions of people are now relying on Tor," Mr Lewman said.

"In some cases in life and death situations. And that's what we pay attention to.

"We would be very sad if anyone was arrested, tortured and killed because of some software bug or because of some design decision we made that put them at risk."

Mr Lewman will deliver the keynote speech at the Broadband World Forum event in Amsterdam in October.

You can read a full transcript of the interview here.

The Government Communications Headquarters (GCHQ) employs about 5,000 people and has two key roles:

It dates back to 1919, when it was called the Government Code and Cypher School. It adopted its current name in 1946. The foreign secretary is answerable in Parliament for GCHQ's work.

The National Security Agency (NSA) is the US agency tasked with gathering intelligence for the country's government and military leaders.

It is also tasked with preventing foreign adversaries from gaining access to classified national security information.

It employs about 35,000 workers, both civilians and military.