The NSA creates “fingerprints” that detect http requests from the Tor network to particular servers. These fingerprints are loaded into NSA database systems like XKeyscore, a bespoke collection and analysis tool which NSA boasts allows its analysts to see “almost everything” a target does on the internet.
Using powerful data analysis tools with codenames such as Turbulence, Turmoil and Tumult, the NSA automatically sifts through the enormous amount of internet traffic that it sees, looking for Tor connections.
After identifying an individual Tor user on the internet, the NSA uses its network of secret internet servers to redirect those users to another set of secret internet servers, with the codename FoxAcid, to infect the user’s computer. FoxAcid is an NSA system designed to act as a matchmaker between potential targets and attacks developed by the NSA, giving the agency opportunity to launch prepared attacks against their systems.
Privacy and technology concerns set way aside, I like the program naming schemes, in part because I visualize the NSA computer-geek staffers saying them aloud, soberly, around the office.
Many journalists have been concerned about the safety of the anonymizing Tor network when they are researching for stories. Perhaps the Guardian article will shed some light on the issue.