Cyber spies from the U.S. National Security Agency (NSA) and the U.K. Government Communications Headquarters (GCHQ) have leaked security flaws in Tor.
Tor is a free software that allows users to remain anonymous and censored in their online activities. It continues to receive funding from the U.S. State Department and is used by the military, activists, businesses and people performing illegal activities and transactions. Like any other software, it is also vulnerable to security flaws. Tor is regularly informed of these flaws on a monthly basis by spies from the NSA and GCHQ.
In an interview with BBC, Tor project director Andrew Lewman admitted that agents from the alleged international security agencies tipped off these security flaws. These reports were left unconfirmed because they came from anonymous sources.
"There are plenty of people in [the NSA or British intelligence agency GCHQ] who can anonymously leak data to us to say - maybe you should look here, maybe you should look at this to fix this," Lewman told the BBC. "And they have."
Lewman added that whoever is tipping off the flaws have highly-technical knowledge of the Tor browser and have enough resources to review the source code of the browser "for hours, for weeks, for months." The danger here is that since the two agencies were aware of the flaws, it also strongly indicates that the users' activities are not really anonymous and censored after all. Tor has an average of 2.5 million daily users, mostly from the United States and Europe, and some from Russia, Iran, Vietnam, and China.
Tor remains to be a target by various cybercriminal groups because of the anonymity and the number of data that can be extracted from the browser. In addition, the GHCQ is highly-dependent on Tor for their operations.
"So you can imagine one part of GCHQ is trying to break Tor, the other part is trying to make sure it's not broken because they're relying on it to do their work. So, it's typical within governments or even within large agencies that you have two halves of the same coin going after different parts of Tor. Some protect it, some try to attack it," Lewman added.
Meanwhile, the NSA and GHCQ refused to comment on the security allegations.