NSA using Browser Cookies to track Tor Users

The NSA had a very hard time while tracking down all Tor users and monitoring their traffic, especially since Tor servers are all over the world, but they make tracking easier by adopting  the following techniques:

Tor access node tracking is not new and the Document says that both the NSA and GCHQ run Tor nodes themselves. In order to trace traffic back to a particular Tor user the NSA needs to know the 'entry, relay and exit' nodes in the anonymizer cloud between the user and the destination website.

So for tracking purpose they used self-hosted nodes, that is able to trace a very small number of Tor users in comparison to the whole system. Also, It is much difficult for the intelligence community to run enough nodes to be useful for tracking.

In the second method, NSA targeted the Tor users, using a zero-day vulnerability in Firefox browser, bundled with Tor, that allowed them to get the real IP address of Tor user. Using same technique FBI was able to track the Owner of 'Freedom Hosting', the biggest service provider for sites on the encrypted Tor network, hosted many child pornography sites. Mozilla has now fixed that Firefox flaw.

^ed