Home / Internet Freedom / Tor Developer Suspects NSA Interception of Amazon Purchase

Tor Developer Suspects NSA Interception of Amazon Purchase

Andrea Shepard, a Seattle-based core developer for the Tor Project, suspects her recently ordered keyboard may have been intercepted by the NSA.

Following the purchase of a new IBM Thinkpad Keyboard from Amazon.com, Shepard discovered her package to be taking a strange detour to the East Coast, revealed by a screenshot of her shipment tracking information.

You’d think #NSA shipment ‘interdiction’ would be more subtle… pic.twitter.com/KVCscLbdgG

— Andrea (@puellavulnerata) January 24, 2014

phototrack

Instead of shipping straight towards Seattle from the Amazon storage warehouse in Santa Ana, California, Shepard’s package made its way clear across the country to Dulles, Virginia. Jumping around an area deep inside what some privacy experts refer to as America’s “military and intelligence belt,” the package was finally delivered to its new endpoint in Alexandria.

While not uncommon to see packages sent to major shipping hubs in different areas of the country, the “out for delivery” and successful “delivered” statuses clearly indicate the item’s final destination was changed without Shepard’s approval, leading privacy experts to take notice.

“Could Amazon have made a mistake in notifying Shepard about this extra journey, which was likely meant to stay a secret?” PrivacySOS asks. “If this really is an example of the TAO laptop-interception program in action, does this mean that companies like Amazon are made aware of the government’s intention to “look after” consumer products ordered by their customers? Or did Shepard receive this weird notice only after some sort of glitch in the NSA’s surveillance matrix?”

According to recently revealed internal NSA documents, the agency’s Office of Tailored Access Operations group, or TAO, is responsible for intercepting shipping deliveries of high-interest targets.

“If a target person, agency or company orders a new computer or related accessories, for example, TAO can divert the shipping delivery to its own secret workshops,” Der Speigel noted last month. “At these so-called ‘load stations,’ agents carefully open the package in order to load malware onto the electronics, or even install hardware components that can provide backdoor access for the intelligence agencies.”

Given the NSA’s deep interest in Tor, a popular online anonymity tool, some speculate Shepard’s keyboard could likely have been implanted with a TAO bug known as “SURLYSPAWN,” a small keylogging chip implanted in a keyboard’s cabling. According to NSA slides, a bugged keyboard can be monitored even when a computer is offline.

“If it ever shows, I’ll be inspecting it as closely as I’m capable of,” Shepard said on Twitter.

Other leaked documents have revealed the NSA’s repeated attempts at identifying users of Tor, which according to the agency’s “Tor Stinks” presentation has only received minor success at best.

“We will never be able to de-anonymize all Tor users all the time,” the presentation states. “With manual analysis we can de-anonymize a very small fraction of Tor users.”

Whether Shepard’s incident was the result of a simple error by Amazon, an NSA interception, or an act of intimidation is still unclear. Given the government’s history of targeting Jacob Appelbaum, Tor’s main advocate, the idea of a top Tor developer being singled out for advanced NSA surveillance is far from unlikely.

Share Button

About Mikael Thalen

Mikael Thalen is an investigative journalist covering foreign policy, information security and digital surveillance. His reports have been cited by sites such as the New York Times, Computerworld, International Business Times and the Drudge Report. How to contact Mikael securely: https://keybase.io/mikaelthalen

Check Also

Why President Trump Should Support the ‘New START’ Nuclear Treaty

In an interview with Reuters last week President Donald Trump asserted that the United States’ ...

204 comments

  1. This is a heads up to Andrea ( who received the diverted, hacked and redirected ) keyboard. Located only 2 miles from the Washington " Dulles " airport ( in Virginia ) is one of the ' 16 ' U.S. Intelligence agencies. The little know agency is called the NRO , National Reconnaissance Office. They are very closely connected to the NSA and the CIA . Their primary ( on the books ) function is designing, building and operating " SPY " equipment , primarily spy satellites. They obviously have the wherewithal to design, produce and install ( micro – sized ) electronic " surveillance / monitoring " equipment into your keyboard. By the way ( i'm sure you know, but many of the the readers may not ) they now have equipment that can CAPTURE / STEAL , your wireless information transmitted via the ( Wifi connection to your laptop ) from directional radio signal receiver equipment. Usually located in a mobile surveillance vehical. Keep up the good fight, we need all the Andrea's we can get.

  2. One company, one industry at a time…. they steal one small freedom, one small right to privacy.

    And the media pretends nothing is happening.

    This is Germany 1939.

  3. Very interesting, only a few months back I ordered a new CPU for my computer from Amazon and when I received it I found out that the AMD sticker on the side of the box had been cut meaning that someone had possibly tampered with it. Although the CPU worked fine you never know what could have have happened to it.

  4. Thanks for your nice posting.

  5. It,s a really helpful post i like it

  6. Thanks for the great sharing i like this…

  7. Thanks "Mikael" for nice and helpful post.

  8. Thx for this import information i wait yr news bro 🙂

  9. This article cleared my some confusions.. thank you for sharing

  10. Mikael Thalen your post in nice and effective

  11. i wish some expert check my thinkpad e540 for any spying by nsa, i just bought 7 days back through my roommates amazon account . My hero richard stallman personal website has blacklisted amazon and this article was linked as a reason. Here is is the link for your info https://stallman.org/amazon.html

  12. Nice and effective post for developer

  13. thanks for the cool and great post admin

  14. I like this is an amazing post.This is absolutely impressive.Thinks for sharing.

  15. thx for this information 🙂 it s very important to me thx againt

  16. Wow thanks for the information, it would be useful for us. Now we know that we are spied by them 🙁

  17. I’m satisfied that you shared this helpful information with us.
    Please keep us informed like this. Thank you for sharing.

  18. IBM Thinkpad my choice but i don't have experience with IBM

  19. Is there any proof of this ? Did you find the implant ? Is the firmware checksum different from other thinkpads of the same model. You need a bit more proof. And WTF is a Tor dev ordering from Amazon from ? Really come on. Have some sense.

  20. Almost all Virginia packages are routed through Dulles it's because of Dulles Airport and the nearby mail facility lol how did she not realize that is she new to Virginia or something? I order MANY items from many different stores every week and almost every single one of them arrives via Dulles Airport, is sent to the Dullers postal facility and then is sent to my local office in Manassas, VA.

  21. Nice and effective information thanks for share it.

  22. excellent admin so great nice and cute info has been shared so wonderful. thanks..
    remote connection software

  23. Nice articles i full read it

  24. Excellent roundup with some really great information here
    Microsoft office 2016 crack+serial key

  25. Such a Nice information i am student i search these type info for general knowledge Thank for sharing

  26. Nice news thanks for share

  27. Very great post. I just stumbled upon your blog and wanted to say tat I have truly enjoyed surfing around your blog posts.

    In any case I’ll be subscribing for your feed annd I hope you write once more very soon!

  28. Really useful info for me searching these type of
    post longer.
    Ashampoo Antivirus 2016

  29. Almost all Virginia packages are routed through Dulles it's because of Dulles Airport and the nearby mail facility lol how did she not realize that is she new to Virginia or something?

  30. Excellent roundup with some really great information here:
    Apps For PC Stop<a/>

  31. this is what i want to know.

  32. This info is very good for me.

  33. Glad to be here and to to discover such impressive post.Thanks for share thsi with us.I am so amazed to be here and to read this perfect post ever.Thanks

  34. Can't believe you really took the time to lay out these excellent points. Please maintain this kind of post quality!

  35. i am visiting your site for the second time… its nice

  36. At these so-called ‘load stations,’ agents carefully open the package in order to load malware onto the electronics, or even install hardware components that can provide backdoor access for the intelligence agencies.”

  37. Pretty interesting article. In this case I'll be subscribing for your feed and I hope you write once more very soon! Delighted so much to read this much interesting article and wanna say thanks a lot for this.

  38. hanks for share thsi with us.I am so amazed to be here and to read this perfect post ever.Thanks

  39. Thanks for sharing a nice post…

  40. Awesome Article It is an Informative Post

  41. great information i am very impressed yout work keep it up dear

  42. That’s good information Help me

  43. Really good idea sharing sir keep it up admin here at work……..

  44. nice post, thanks for sharing.

  45. nice post, thanks for sharing……

  46. lovely post thanks admin for sharing such a great post its really good one

  47. nice post thanks for sharing….

  48. very wonderful working,thanks for sharing,admin here to do work.

  49. Great post and a useful site thanks for sharing

  50. nice post keep it up and thanks for sharing keep it up

  51. Great article! Help me a lot. Thank you!

Leave a Reply

Your email address will not be published. Required fields are marked *