Tor Developer Suspects NSA Interception of Amazon Purchase

Mikael Thalen
Story Leak
Jan. 26, 2014

Andrea Shepard, a Seattle-based core developer for the Tor Project, suspects her recently ordered keyboard may have been intercepted by the NSA.

Following the purchase of a new IBM Thinkpad Keyboard from, Shepard discovered her package to be taking a strange detour to the East Coast, revealed by a screenshot of her shipment tracking information.
You'd think #NSA shipment 'interdiction' would be more subtle...

-- Andrea (@puellavulnerata) January 24, 2014

Click to enlarge

Instead of shipping straight towards Seattle from the Amazon storage warehouse in Santa Ana, California, Shepard's package made its way clear across the country to Dulles, Virginia. Jumping around an area deep inside what some privacy experts refer to as America's "military and intelligence belt," the package was finally delivered to its new endpoint in Alexandria.

While not uncommon to see packages sent to major shipping hubs in different areas of the country, the "out for delivery" and successful "delivered" statuses clearly indicate the item's final destination was changed without Shepard's approval, leading privacy experts to take notice.

"Could Amazon have made a mistake in notifying Shepard about this extra journey, which was likely meant to stay a secret?" PrivacySOS asks. "If this really is an example of the TAO laptop-interception program in action, does this mean that companies like Amazon are made aware of the government's intention to "look after" consumer products ordered by their customers? Or did Shepard receive this weird notice only after some sort of glitch in the NSA's surveillance matrix?"

According to recently revealed internal NSA documents, the agency's Office of Tailored Access Operations group, or TAO, is responsible for intercepting shipping deliveries of high-interest targets.

"If a target person, agency or company orders a new computer or related accessories, for example, TAO can divert the shipping delivery to its own secret workshops," Der Speigel noted last month. "At these so-called 'load stations,' agents carefully open the package in order to load malware onto the electronics, or even install hardware components that can provide backdoor access for the intelligence agencies."

Given the NSA's deep interest in Tor, a popular online anonymity tool, some speculate Shepard's keyboard could likely have been implanted with a TAO bug known as "SURLYSPAWN," a small keylogging chip often implanted in a keyboard's cable. According to NSA slides, a bugged keyboard can be monitored even when a computer is offline.

"If it ever shows, I'll be inspecting it as closely as I'm capable of," Shepard said on Twitter.

Other leaked documents have revealed the NSA's repeated attempts at identifying users of Tor, which according to the agency's "Tor Stinks" presentation has only received minor success at best.

"We will never be able to de-anonymize all Tor users all the time," the presentation states. "With manual analysis we can de-anonymize a very small fraction of Tor users."

Whether Shepard's incident is the result of a simple error by Amazon, an NSA interception, or an act of intimidation is still unclear. Given the government's history of targeting Jacob Appelbaum, Tor's main advocate, the idea of a top Tor developer being singled out for advanced NSA surveillance is far from unlikely.

All original InformationLiberation articles CC 4.0

About Us - Disclaimer - Privacy Policy