Rogue National Security Agency specialists are helping the creator of an anonymous Internet browsing platform fix vulnerabilities that would otherwise allow fellow agents to spy on online users, according to one man behind the project.
While there are a handful of spies at the NSA and the British equivalent GCHQ working to find exploits in all Internet products for purposes of espionage, the head of the Tor Project says some analysts are going behind their managers’ backs to help fix bugs and holes in the anonymizing web browser.
“There are plenty of people in both organizations who can anonymously leak data to us to say maybe you should look here, maybe you should look at this to fix this,” Andrew Lewman of the Tor Project told the BBC in an August interview. “And they have.”
When pressed further, Lewman told the BBC he could not definitively show that NSA and GCHQ agents were providing the anonymous tips, saying it was a “hunch” based on the level of expertise and time spent analyzing Tor’s lengthy source code for “super-subtle bugs,” which Lewman says could take “weeks” or “months.”
Both agencies did not respond to media requests for comment.
The Tor Project has been the target of domestic and international law enforcement for its purported , drug traffickers and so-called “hacktivist” organizations, with some agencies suspecting the platform could also be used for terrorism.
The platform is thought to be a target of NSA and GCHQ analysts because of its anonymizing attributes, though some have said both agencies have made very little progress against it. Tor has popped up in some recent criminal indictments against suspected users, though the end was usually the result of a slip-up by an alleged criminal in the real world (like receiving bomb-making materials through the mail), not online.
The U.S. government’s relationship with Tor is complicated: It sees the anonymizing software as both a target and a valuable tool. According to the Washington Post, the U.S. Department of State donated to the Tor Project’s development as did the National Science Foundation.
The Department of Defense has also donated a sizable chunk of cash to the development of Tor, leading some to question whether the platform can be trusted at all. Lewman rejects those suspicions.
“The parts of the U.S. and Swedish governments that fund us through contracts want to see strong privacy and anonymity exist on the Internet in the future,” Lewman wrote in an e-mail to the Washington Post. “Don’t assume that [the U.S. government] is one coherent entity with one mindset.”
To that, add NSA and GCHQ agents. Maybe.