[tor-talk] Fwd: according to leaked XKeyScore source NSA marks all Tor users as extremists, puts them on a surveillance list

coderman coderman at gmail.com
Thu Jul 3 15:36:33 UTC 2014

On Thu, Jul 3, 2014 at 8:13 AM, -John <john at johnlgrubbs.net> wrote:
> I thought JY at cryptome.org was already doing what you suggest.

i presume you mean as below:
  (more a translation than additional QUELLCODE info though ;)



Donate for the Cryptome archive of files from June 1996 to the present


3 July 2014

NSA Hacks TOR in Germany, Calls Users Extremists


Original German: http://www.tagesschau.de/inland/nsa-xkeyscore-100.html


German named an extremist targeted by U.S. intelligence from the NSA

Published: 07.03.2014 05:00 clock

The NSA peeks specifically from German that deal with encryption on
the Internet. This emerges from a secret source, the NDR and WDR
exists. NSA victim can thus be identified by name. One of them is a
student from Erlangen.

By Lena Kampf, Jacob Appelbaum and John Goetz, NDR

[Images omitted.]

It is one of the most sensitive secrets of the NSA, the engine of the
global monitoring machine: the source code of the XKeyscore program,
the most comprehensive Ausspähprogramm of U.S. foreign intelligence.

NDR and WDR have excerpts of the source code. Parts of the collection
infrastructure ie, so-called software rules that define the
intelligence, what or who they want to investigate.

There are only a few numbers and characters to string together the
programmer. But when the program executes XKeyscore these rules, get
people and their data in their sights. The connections from computers
to the Internet are identified and stored in a database type. The
users are quasi marked. It is the dragnet of the 21st century.

Download the video file

Users of the Tor network aim of penetration

In the present source is about the spying infrastructure and the users
of the Tor network. Tor stands for "the onion router" - a program in
which Internet traffic, such as a query to a search engine, is passed
through various servers and lie encryption layers like an onion to
make the request. Thus, the origin of the request, so obscures the IP
address. The IP address is like a mailing address and reveals among
other things, the location of the computer.

There are about 5,000 Tor servers worldwide which are operated by
volunteers. It is an anonymizing infrastructure, which is often used,
especially in countries where it is dangerous to abandon the regime,
which websites you visited or where they retrieve. In Iran and Syria,
for example. Tor is used by journalists, human rights activists and
lawyers worldwide.

Popular German IP addresses in Fort Meade

The reporting of the "Guardian" on PowerPoint presentations from the
Snowden archive has shown in the past year that the Tor network the
NSA is a particular thorn in the side. The top-secret documents and
the first time published the source code show that the NSA is making
significant efforts to deanonymisieren users of the Tor network.
Search of the NDR and WDR show: German IP addresses are defined in the
source code of the NSA as a unique destination.

The IP 212 212 245 170 leads to a gray, factory-like building, whose
high walls are fenced with barbed wire. "On the Tower" is the street
in an industrial area near Nürnberg. There is a computer center with
Mietservern in long shelves. They all look the same. But one is spied
on by the NSA. Sebastian Hahn, a student and employee of the computer
science department in Erlangen has rented this server.

The program goal: TOR a thorn in the NSA.

Momentous commitment to the Internet community

In his spare time he is involved in the Tor network, as well as one of
the authors of this paper. The gate community trusts Sebastian Hahn
especially: He may run one of nine so-called "Directory Authorities".
On his server is a list, in which all Tor servers are listed. Users
who connect to the Tor network, automatically access to one of the
nine "Directory Authorities" to download the latest list. Hundreds of
thousands of hits a day there are at Sebastian Hahn.

All of these accesses are marked by the NSA and land according to
research by the NDR and WDR then in a special NSA database. In the
source code appeared even the name of the server on tap: "Gabelmoo"
had called him cock predecessor, Frankish for "fork man," as the
Bamberger call a Poseidon statue lovingly.

"This is shocking," says Hahn. Because: "The connection data of
millions of people are listed every day." Sebastian Hahn found next to
"Gabelmoo" all other names of "Directory Authorities" in Berlin, the
Netherlands, Austria, Sweden and the USA. They are also target of the

Second notably known NSA victims

Although he is only a means to an end for the NSA - finally, the
intelligence want to filter on its server who uses the Tor network -
Hahn feels violated his privacy. Because he wanted to do something
good, he random "in the focus of the intelligence agencies," he says,
visibly shocked. He is now probably after German Chancellor Angela
Merkel, the second known by name German surveillance victims of
American intelligence.

The lawyer specializing in IT law, Thomas Stadler, sees a "suspicion
of intelligence agents work". The Attorney General expressed only in
general terms: you examine all instructions. On request, the NSA
shares only generally, we consider strictly to the law: "privacy and
civil liberties always be considered in the computer monitor."

What you want to anonymize is deanonymized

Ironically, it is in accordance with the special rules that NDR and
WDR present, so just people with the desire for anonymity that are the
target of the NSA. In the eyes of the Secret Service: extremists. This
is not rhetoric, no journalistic escalation. The term is even in the
Comment column of the source text, quoted by programmers of the NSA.

Extremists? The opposite is the case, as the search point. The German
victims are politically to find not at the outer edge. Extreme they
are alone on one point: They are concerned about the security of their
data. And that's what makes them suspect in the eyes of the U.S.
Secret Service.

How quickly do you become a "Extremist"

"Tails" is an operating system that uses the Tor network to post on
the Internet any traces, but nothing saves the user on the computer
from which it is, for example, on a USB stick, booted.

Darko Medic, 18, short brown hair, sitting in front of his laptop. He
is "Tails" and "USB" in the mask its search engine. What Darko not
know: He's just so also landed in a database of the NSA. Marked as one
of the extremists, they seek the secret service so diligently.

Limitless espionage

How the NSA spying friends and enemies and the consequences of that.

Because what the rules of the source code also revealed: The NSA
observed on a large scale search queries worldwide - also in Germany.
Just the simple search for encryption software, such as "Tails" is
enough to get into the grid of the NSA. The connection of the request
with search engines makes suspicious. His search for "Tails" opens a
door, access to Darko and his world. Once in the database, any inquiry
from Darko can be accessed selectively. Darko is under observation.

This Darko has traveled in the computer-AG so he learns how to protect
themselves from the spying by the NSA. "I do not think anyone is
reading my e-mails," he says.

His seatmate has opened the website of the Tor project. His connection
to the site is now marked and stored in a database. For the entire Web
page of the Tor project is under observation. Everyone who visits
them, like the Neukölln students ends with a marker.

The NSA peeks specifically from people who deal with encryption on the Internet.

It's not just about metadata

In addition, it can be shown beyond reasonable doubt through the
source code for the first time, that the NSA is not only so-called
metadata, ie connection data reads. According programming command,
e-mails used to connect to the Tor network, then the contents of the
so-called e-mail body, analyzed and stored. The relevant quote from
the source code reads: "email_body ('https://bridges.torproject.org/':
c + + extractors"

William Binney, 70, was technical director of the NSA until he left in
2001 because the machines he invented, were directed against its own
people. Today he is testifying before the NSA Untersuchungssauschuss.
In an interview with NDR and WDR, he explains why the secret service
have calculated it apart to users of the Tor network: "There shall be
no free, anonymous rooms give," he says. "They want to know everything
about everyone."

Only a few are excluded: Registered in the source code, the NDR and
WDR exists, is the differentiation between the partner countries of
the United States, the so-called "Five Eyes", in New Zealand,
Australia, Britain and Canada, and other countries. Compounds that are
made from the "Five Eyes" countries on the Tor website, according to
the present rule should not be marked. From all other countries,
however, already. Without exception.

More on the topic tonight at Panorama, 21.45 clock in the First


More information about the tor-talk mailing list