A leaked memo indicates that the United States Army, in conjunction with National Security Agency, was able to compromise various anonymity tools including Tor, I2P and Virtual Private Networks (VPNs).
Apart from that, the security agencies are also working on strategies to trace cryptocurrency users, particularly users of Monero, from the transactions made.
The memo, which is an image dated August 21 of last year, was posted in the Biz section of 4Chan.
It reveals that the operation is a joint effort between the two security agencies.
Given the size of the federal organizations, specific departments are tasked with high-level activities such as this one.
In the case for the U.S. Army, the department involved is the Cyber Protection Team (CPT) which is part of the larger Cyber Protection Brigade.
Measures in Place
Among the most crucial items stated in the memo is the acknowledgement that the 2nd Battalion Joint NSA/CPT is in need of new experltise and additional funding, which are critical pillars in the Global War Against Terror (GWAT) as well as drug interdiction.
The expertise acquired will be gained through seeking the services of civilian consultants who will have access to Sensitive Compartmented Information (SCI).
For one to be granted SCI, it is paramount that they undergo a Single Scope Background Investigation (SSBI). The personnel needed are individuals who are experienced with cryptocurrency coding, particularly CryptoNote Code.
The document further indicates that the levels of success they have recorded in compromising anonymity tools like Tor is not the same for altcoins, which operate entirely different since they do not rely on nodes.
Though not all VPN Protocols have been compromised, a majority of them have proven to be vulnerable.
VPNs rely on Diffie-Hellman Encryption to initiate a secure connection by interchanging cryptographic keys and passing them through an algorithm only known to the receiver and sender.
Challenge with Cryptocurrency
The main challenge with cryptocurrency, and Monero in particular, is the use of Ring Signatures and Stealth Addresses. The process of identifying vulnerabilities with these two technologies requires advanced research and development to determine if they can be compromised, just like some of the anonymity tools mentioned in the leak.
Stealth Addresses provide layers of security to both the receiver and sender of cryptocurrencies by generating unique addresses each time one wants to initiate a transaction.
So, if one intends to keep check of operations of a single address on the blockchain, it becomes impossible since the funds are sent to a different Stealth Address.
From this, it is notable that there is no relationship between transactions from one stealth address to another from a different address.
Therefore, users who carry out various types of illegal operations work comfortably knowing that by providing their Stealth Address, it is impossible to get tracked. However, if one knows the public address, then it is possible to identify how the funds sent to that particular address are used.
On the other hand, a Ring Signature is a particular form of the digital signature given to a group of people.
Any member in the group that has the keys can be able to sign a message. With Ring Signatures, each member has a different key that performs the same function.
For illustration purposes, consider a message from source A-then any person in the group can sign the message using Ring Signatures and no one will be able to tell who exactly signed. Evidently, Ring Signatures assure anonymity since no outsider can examine what is going on inside.
The cryptocurrency Monero particularly employs both of the above techniques to ensure the users are safe and no transactions can be monitored.
The Leak
As it is, it is still unclear who leaked the highly confidential memo revealing the federal agencies' efforts to compromise anonymity tools like Tor. But it seems someone took an image of the content and circulated it until it entered 4Chan.
This is not the first event of its kind to transpire recently. The U.S. security agencies such as the Central Intelligence Agency (CIA) are well known to develop hacking tools which end up getting leaked to third parties.
Once this happens, the third party-which can be a government or hacker-can use it for the same purpose as the developer.
The move has seen hackers modifying codes that have led to the creation and spread of ransomware programs on both government and private agencies.
A good example is last year's widespread ransomware attacks, notably , and
In one of the most infamous leaks in recent times is a dossier implicating the CIA of being involved with the data published by WikiLeaks.
Disclaimer:
You need to enable JavaScript to vote
