[tor-talk] Bruce Schneier's Guardian Article about N_S_A and Tor.

[williamwinkle at openmailbox.org]

I recently read a Guardian article from last October 
(www.theguardian.com/world/2013/oct/04/tor-attacks-cnsa-users-online-anonymity) 
by Bruce Schneier about the N_S_A and Tor. His story was based on the 
"Tor Stinks" and "Egotistical Giraffe" presentations.

My understanding of the article is that if individual(s) are requesting 
http://www.target_website.com then, once the request leaves the exit 
node, the N_S_A can use their Quantum servers on the Internet's 
backbones to redirect the request to their FoxAcid servers in order to 
compromise the requester.

I don't understand what Schneier means by this:

"After identifying an individual Tor user on the internet, the NSA uses 
its network of secret internet servers to redirect those users to 
another set of secret internet servers, with the codename FoxAcid, to 
infect the user's computer."

Surely the whole point of Tor is that the requester of 
http://www.target_website.com cannot be identified based on the traffic 
which leaves the exit node. Since the N_S_A would only know the IP 
address of the exit node and the destination 
http://www.target_website.com, how can the client be identified even if 
the traffic is redirected to the FoxAcid servers?

Indeed, the previous paragraph appears to contradict the paragraph 
quoted above:

"The very feature that makes Tor a powerful anonymity service, and the 
fact that all Tor users look alike on the internet, makes it easy to 
differentiate Tor users from other web users. On the other hand, the 
anonymity provided by Tor makes it impossible for the NSA to know who 
the user is, or whether or not the user is in the US."

Therefore, the N_S_A can redirect traffic that leaves the exit node to 
the FoxAcid servers but how could they send back a response to a 
specific Tor user?  Or have I misunderstood the article?