The Tor teardown, brought to you by goats, giraffes, and Thor's hammer

Don't let the silly names distract you from the bigger questions the spooks have opened in cracking the anonymous network

Remember how you used to be able to identify crazy people by how loudly they complained that the government was spying on everything they do? (Now we must rely on more subtle signs, like whether like they've been elected to Congress.)

Edward Snowden's continuing revelations about the depth and breadth of NSA spying have totally ruined paranoia for me. No matter how wacky the allegation, I am forced to concede that it might well be true; we'll just have to wait for the next set of PowerPoints to arrive.

[ Meet the new hackers: Johnny Law | For a humorous take on the tech industry's shenanigans, subscribe to Robert X. Cringely's Notes from the Underground newsletter and follow Cringely on Twitter. | For a quick, smart take on the news you'll be talking about, check out InfoWorld TechBrief -- subscribe today. ]

Today another set did, courtesy of the Washington Post and the Guardian. It seems the NSA has managed to partially crack Tor, the network set up to offer anonymity to Web surfers. Tor has long been used as a haven for political dissidents, journalists, and human rights workers who were afraid of having their online activities tracked by governments far more evil than our own.

By Tor's -- er, Thor's hammer

Using a variety of programs with truly ridiculous names, the spooks have managed to track a number of alleged terrorists as they entered the Tor network, then departed. Per the Post:

In some cases, the NSA has succeeded in blocking access to the anonymous network, diverting Tor users to insecure channels. With a tool called Mjoliner -- the name of the hammer used by Thor, the Norse god of thunder -- it has been able to monitor and control the paths of communications that are supposed to be chosen randomly as they pass through Tor. Another operation, called Mullenize, can "stain" anonymous traffic as it enters the Tor network, enabling the NSA to identify users as it exits.

When Mjoliner and Mullenize failed to do the trick, the spooks turned to programs named EgotisticalGoat, EgotisticalGiraffe, and Erroneous Identity to exploit weaknesses in the Firefox browser that forms part of the free Tor Bundle to identify anonymous users. The British equivalent of the NSA, GCHQ, has its own batch of quaint code names, including Quantum, Epicfail, and Onionbreath.

The latest slide deck also makes reference to a program called Fink Different, without explaining what it does. Maybe that's what the NSA uses to target anonymous Apple users.

Somewhere, in a dank windowless basement 27 floors underground taken from a scene in the movie "Brazil," a nameless functionary is generating the names for these programs.

1 2 Page
Mobile Security Insider: iOS vs. Android vs. BlackBerry vs. Windows Phone
Join the discussion
Be the first to comment on this article. Our Commenting Policies