NSA XKeyscore targets german citizen involved in Tor encryption

A 27-year-old informatics student in southern Germany was identified in news reports on Thursday as the first German citizen known to be under surveillance by the National Security Agency since Chancellor Angela Merkel. http://www.nytimes.com/2014/07/04/world/europe/german-student-under-nsa-scrutiny-reports-say.html?ref=us
The news came on the same day that two former American security officials testified to a parliamentary inquiry about reports of sweeping digital surveillance and monitoring in Germany by American intelligence, which touched off a major controversy and put strains on German-American relations.
The student, Sebastian Hahn of Erlangen in Bavaria, said he had been active for six years in the Tor network, a group that works to encrypt digital communications, and that he had rented space on a computer in Nuremburg that he said was one of several around the world that direct other computers involved in Tor. Two German state broadcasting channels reported that there was evidence that the N.S.A. was tracking the Nuremberg computer as part of an operation called “XKeyscore.” A server at the Massachusetts Institute of Technology that is used by Roger Dingledine, a well-known web activist, was also tracked in the operation, the German broadcasters reported.
After classified materials leaked by the former security contractor Edward J. Snowden indicated in June 2013 that the N.S.A. had swept up the electronic communications of millions of Germans, the government sought reassurances from Washington that no German laws had been broken. It appeared to receive such assurances and said the affair was settled, only to have it flare up anew when word of the eavesdropping on Ms. Merkel emerged in October. That news prompted lawmakers here to begin a formal inquiry, which is expected to last at least two years.
In a statement posted online, Mr. Hahn said he was “shocked by how easily innocent people can fall into the focus of surveillance, and how the intelligence services treat this as normal.”
Germany’s history of state surveillance under Nazis and Communist rule has made many Germans, though by no means all, sensitive about any sign that governments are monitoring private citizens.
Last week, John D. Podesta, a special adviser to the Obama administration, and the German foreign minister, Frank-Walter Steinmeier, opened a “cyberdialogue” to ease tensions over digital surveillance.
The two German broadcasters said in their report that merely searching the web for software that encrypts data causes the N.S.A. to mark and track the I.P. address of the person conducting the search. The agency takes notice of the users of encryption and privacy software around the world, not just in Germany, the report said.

The NSA has been targeting the Tor anonymising system to spy on its users, suggests a report.  http://www.bbc.com/news/technology-28162273

German public broadcaster ARD said two Tor servers in Germany were actively being watched by the US spy agency.

Citing information given by official sources, ARD said almost anyone searching for Tor or installing it could be watched by the NSA.

Tor hides users’ location and identity by randomly bouncing data through some of the machines making up the network.

Data is encrypted during the hops to better conceal who is visiting which page.

Information passed to ARD suggests the NSA has tapped into traffic to and from two German directory servers used by Tor to scoop up the IP addresses of people who visited it.

Data passing in and out of these servers was vulnerable because it was unencrypted. Other directory servers might also have been watched.

The addresses the NSA grabbed were monitored via an analysis system it developed called XKeyscore, said ARD. XKeyscore works by snooping on information passing through the few exchanges around the world where data hops from one ISP to another.

Data grabbed from these sources was used to build up a a profile of the web browsing habits associated with those IP addresses.

Sites offering several other anonymising and privacy tools were also watched, said the ARD report.

“XKeyscore is an analytic tool that is used as a part of NSA’s lawful foreign signals intelligence collection system,” a spokeswoman for the NSA told news site Ars Technica. “Such tools have stringent oversight and compliance mechanisms built in at several levels.

“All of NSA’s operations are conducted in strict accordance with the rule of law,” she said.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: