The German spy agency BND developed a system to monitor the anonymity network Tor and warned federal agencies that its anonymity is “ineffective”. This is what emerges from a series of secret documents published by the German Netzpolitik blog. The spies handed a prototype of this technology over to the US National Security Agency (NSA), in expectation of a favour in return.

The story begins a few weeks prior to the annual SIGINT Development Conference in 2008 when BND hackers “developed the idea of how the Tor network could be monitored relatively easily”, according to internal BND documents. In March 2008, the spy agency filled in its partners from the US and UK. During a visit of a foreign delegation to Munich, a BND unit presented “the anonymity network Tor and a possible disbandment of the anonymity feature”. In order to implement the plan, the BND hoped for “an international cooperation with several foreign intelligence agencies”.

Both NSA and the UK Government Communications Headquarters (GCHQ) expressed “a high interest” and offered support. The three secret services decided on further meetings and the creation of a project group. The BND hackers told the NSA about “a possibility to penetrate the Tor network”, a term commonly used for the infiltration of IT systems. In this case, the data suggests that the spy agencies wanted to exploit a design decision Tor publicly specified.

Because of a lack of interest in the project within the BND, it was stated that “further development is primarily geared to the needs of the partner”, meaning the NSA. The proof of concept was already “a good status to talk to the experts of the Yanks”. While the BND hoped that their analysts could be “pushed” to work on Tor, their true goal was bigger. The BND wanted something from the NSA: a technology from the “field of cryptanalysis”, to decipher encrypted communication.

On 20 February 2009, a 16-page “concept for tracking internet traffic, which has been anonymized with the Tor system” was finalised. The cover is far from modest: a vegetable chopper over the logo – an onion – of the Tor network. Precisely how the BND planned to “chop” Tor is unfortunately described in the redacted parts of the document Netzpolitik obtained. But to implement the attack, it is probable that the BND ran its own servers in the Tor network pointing to passive snooping servers, which are presumably operated by the NSA, and emphasises the “protection of the anonymity” of the spy agencies.

Three weeks after the concept paper, the GCHQ was “very interested in the [BND’s] access to the Tor network”, the internal report of a meeting at the BND headquarters says. Both parties agreed to arrange further technical discussions and a “joint workshop on possible technical and operational procedures”. Five days afterwards the Americans accepted the offer of the concept paper by the BND – the NSA and GCHQ took over the project. Whether the BND received the compensation it hoped for, remains unknown. When Netzpolitik confronted the BND with a set of specific questions, they received only the boilerplate answer: “As a matter of principle, the BND talks about operational aspects of its work only with the Federal Government and the competent authorities of Parliament.”

One and a half years later, the BND warned German federal agencies not to use Tor. The hacker unit “IT operations“ entitled its report: “The anonymity service Tor does not guarantee anonymity on the internet”. According to the executive summary, Tor is “unsuitable” for three scenarios: “obfuscating activities on the internet”, “circumventing censorship measures” and “computer network operations for intelligence services” – spy agency hacking. The BND assumes “a very high level of surveillance within the network”, including the possibility that anyone can “set up their own so-called exit nodes for monitoring”.

According to the BND, “Tor is predominantly used to conceal activities, where users are not convinced of the legality of their actions. The number of Tor users who aim at preserving anonymity out of mere privacy considerations is relatively small.” The BND bases this statement on “several pieces of intelligence”, but does not underpin it with any facts.

Netzpolitik reached out to several people from the Tor project, but nobody had any idea how the BND came up with this hypothesis. “That sounds like nonsense,” said IT security advisor Jens Kubieziel, who is a system administrator for the Tor project and runs large Tor exit nodes.

Spy agencies and other agencies worldwide “have ways to counter anonymity. One of them is to set up own Tor nodes and monitor those intensively to gather intelligence and evidence”. The spy agencies do not treat this as a secret: “Some agencies have already reported about installing their own Tor nodes and using the logged data for different projects and criminal investigations.”

Looking at the activities of the NSA and GCHQ, the BND’s concern might just be justified. Two years after the Germans presented their gift, the spy agencies continued their work on breaking Tor. The efforts of the British team is documented in the GCHQ’s internal wiki, published by German magazine Der Spiegel from the Snowden archive.

Well-funded international spy agencies continue to refine their attacks. But the Tor community also continues to improve the project and fight off attacks – in close collaboration with the privacy research community. Project leader Roger Dingledine is skeptical as to whether spy agencies are able to make their attacks “work at scale”. Nevertheless, the documents show that “we need to keep growing the Tor network so it’s hard for even larger attackers to see enough Tor traffic to do these attacks.”

However, according to Dingledine that is not enough: “We as a society need to confront the fact that our spy agencies seem to feel that they don’t need to follow laws. And when faced with an attacker who breaks into internet routers and endpoints like browsers, who takes users, developers, teachers, and researchers aside at airports for light torture, and who uses other‚ classical measures – no purely technical mechanism is going to defend against this unbounded adversary.”