Leak Shows US Army and NSA Compromised Tor, I2P, VPNs and Wants to Track Monero
A photograph showing an alleged leaked Army document revealing a joint project to track anonymous cryptocurrencies seems to have come from a somewhat unlikely place. The photograph reveals some interesting things, one of which is the revelation that the National Security Agency (NSA) is conducting a joint project with the US Army’s Cyber Protection Team (CPT) from the Cyber Protection Brigade located in Fort Gordon, Georgia. The image, originally posted on 4chan’s /biz section which is their Business and Finance forum, is dated August 21st, 2017 and states:
“MEMORANDUM FOR RECORD
SUBJECT: Additional resource request for ACC project
- 2nd Battalion’s joint NSA/CPT [Cyber Protection Team] anonymous cryptocurrency project needs additional support in the form of new hires and additional funding to meet GWOT [Global War On Terror] and drug interdiction objectives outlined in July’s Command update brief.
• Requesting authorization to add additional civilian consultants to the ACC project and to initiate their SCI investigations
• Requesting additional funds for class 7 and 9, amounts indicated in attached cost analysis worksheet.
- The success we have had with Tor, I2P, and VPN cannot be replicated with those currencies that do not rely on nodes [?]. There is a growing trend in the employment of Stealth address and ring signatures that will require additional R&D. Please reference the weekly SITREP [SITuation REPort] ON SIPR for more details regarding the TTPs involved.
- BLUF [Bottom Line, Up Front]: In order to put the CPT back on track, we need to identify and employ additional personnel who are familiar with the CryptoNote code available for use in anonymous currencies.
- Include this request for discussion at the next training meeting.
- Point of contact for this memorandum is CW4 Henry, James P. at DSN (312)-780-2222.
JAMES P. HENRY
The document mentions anonymous cryptocurrencies that are based on the CryptoNote protocol and the use of stealth addresses and ring signatures, which is a reference to anonymous cryptocurrencies like Monero (XMR), Anonymous Electronic Online CoiN (AEON), DarkNet Coin (DNC), Fantomcoin (FCN), and Bytecoin (BCN). Bytecoin was the first widely used cryptocurrency to use the CryptoNote protocol. These kinds of cryptocurrencies have been monitored by the federal government for a while now and in the past officials from the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have expressed that they had an expectation that Monero would become more widely used on the darknet.
This alleged document is authored by CW4 James P. Henry, who is also the point of contact for the cryptocurrency project mentioned in the document. CW4 stands for Chief Warrant Officer of the 4th rank, an appointed technical specialist position. Some of the other abbreviations used in the document are unclear, some may refer to the US Army Signal Corp. There is a Defense Switched Network (DSN) phone number listed for James P. Henry. When this DSN phone number was converted into a phone number that can be reached from the regular commercial phone network and called, the number was in fact the US Army’s Cyber Protection Brigade located in Fort Gordon, Georgia, just as the document purported to originate from. While it is possible someone could have done a search for the Cyber Protection Brigade telephone number and used the conversion chart to recreate the DSN version of the phone number, it should be noted that the DSN phone number was not published on the internet prior to the release of this leak.
The Army’s Cyber Protection Brigade (CPB) was activated in September 2014. “The CPB is the first of its kind in the Army. Its Cyber Protection Teams, often referred to as CPTs, are part of a larger Cyber Mission Force, manned by active duty military and civilians. The Army National Guard and Army Reserve are also building CPTs to support the Army and Joint Force. All CPTs are trained to a common joint standard to perform primarily defensive cyberspace operations.
The CPB comprised of its headquarters and 20 CPTs of approximately 39 civilian and military,” an Army website explains.
When asked, a Monero developer, who spoke on condition of anonymity, said that most of the Monero developers who have seen the leak believe it to be authentic. Several sources who were formerly in the Army have also said they believe the document to be real. The contents of the document are completely plausible. An anonymous source who is currently serving in the US Army said from what they understood, that the information contained in the document was accurate. As we’ve previously reported, the United States federal government is eager to monitor and track cryptocurrency transactions. While federal law enforcement agencies and tax agencies such as the FBI, the DEA, the IRS, ICE, DHS, and others have mostly relied on private contractors like Chainalysis, the NSA and the military does not appear to have paid for blockchain analysis products or services from private contractors like Chainalysis. It is not surprising that the United States intelligence community and military is instead likely using its own resources to conduct surveillance on blockchains.
So why would someone leak an Army document announcing a project to track anonymous cryptocurrencies and in passing mentions how it has had some successes with breaking online anonymization services? It is possible this was intentionally leaked to reach a certain group of people. It may have been released, at least in part, to create Fear, Uncertainty, and Doubt. What is important to remember is that it isn’t likely that Tor, I2P, and VPNs are all completely compromised, and it is an important reminder that more people and organizations without malicious intent should run Tor nodes, if they are able to do so securely. It should be noted that sticking out above the laptop’s monitor, in the bottom right of the photograph, a Common Access Card (CAC) can be seen which displays someone’s face. A CAC is a type of smart ID card used by the Department of Defense. This was either intentionally included in the photograph, or the leaker has terrible opsec. It is hard to say which is the case, but simple mistakes like this are often made by people who should know better. Just look at the poor opsec of NSA leaker Reality Winner.
This document suggests that the Invisible Internet Project (I2P) definitely has the attention of the intelligence community and the military, and that they have had some degree of success in defeating the anonymization service by running malicious nodes. It is possible Monero’s Kovri project may be among the reasons the Army and the NSA are interested in compromising I2P. Kovri is an overlay-network for Monero which uses garlic encryption and garlic routing to send Monero transactions over the I2P network, thereby helping conceal the geographic location and actual IP address of Kovri users. The document also suggests that the NSA and the Army haven’t really had any success surveilling CryptoNote based coins.
According to NSA documents that were leaked by whistleblower Edward Snowden, it is publicly known that the NSA has compromised some VPN technology, while other VPN technology has caused problems for snoops at the NSA. VPN protocols such as PPTP have been known to have security flaws, and documents released by Snowden show that the IPSEC has been compromised to a degree thank to NSA programs such as Hammerstein and Turbine. One document released by Snowden shows the NSA is able to successfully decrypt IPSEC, PPTP, SSL, and SSH. However, VPNs which use OpenVPN may not be compromised.
While some people may think that the NSA and the Army are only interested in compromising anonymity services and anonymous cryptocurrencies to fight the war on terrorism it is important to consider that these intelligence and military resources are in some ways being used for law enforcement purposes. The document itself mentions drug interdiction, and while many people may think of drug kingpins living in foreign countries like El Chapo and Pablo Escobar, compromising things like Tor in combination with things like blockchain surveillance could be, and likely have been, used against American citizens like Ross Ulbricht, the creator of the Silk Road darknet market.
If the military or the NSA collects information that someone within the United States is committing a crime through a warrantless search of their electronic communications, that is something many privacy rights activists argue is a violation of the 4th amendment. In general, the military is supposed to be forbidden from conducting domestic law enforcement operations under the Posse Comitatus Act, as well as under Department of Defense regulation. However, the military is allowed to assist law enforcement agencies in certain ways, but that doesn’t mean they are allowed to sidestep the 4th amendment. The NSA has been authorized to share raw intelligence intercepts with domestic law enforcement agencies, and this information has been secretly used to prosecute people in America. The source of information is often covered up by law enforcement through a process known as parallel construction. It is clear the federal government is interested in mass surveillance of the private financial transactions of Americans and everyone else in the world.
Many sources were consulted to try and confirm the authenticity of this document, and in a future article we will cover the results of attempts to uncover more information regarding this document and the project it refers to. One source consulted for this article suggested that the photograph did not appear to be digitally manipulated. Like WikiLeaks, we present this document and hope others are able to confirm the authenticity of it and make use of the information. A Freedom Of Information Act request will be made to try and obtain more information.