The NSA targeted users of the 'hidden Internet' by manipulating a flaw in an old version of the Firefox browser, documents leaked by Edward Snowden reveal.
The US intelligence organisation had no success in revealing communications between criminals on the encrypted Internet service, Tor, the reports said, due to difficulties in undermining the levels of encryption .
Instead the group 'stained' web traffic on The Onion Router - as Tor is also known - as it enters and leaves, said the Washington Post, - by allegedly infecting computers to identify them at both ends of their Tor path, as the path itself was too difficult to decode.
The agency used links with US telecoms firms to find Tor users in vast amounts of internet data, then reportedly using secret internet servers to infect the computers with malicious software called FoxAcid.
The NSA also used software called EgotisticalGiraffe to attack an older version of the Firefox browser, Firefox 17, according to the documents.
The US claims Tor is used by criminals and terrorists to have untraceable conversations, but it was initially set up for internet users living under repressive regimes.
The NSA has been revealed to be behind various spying activities by Snowden including XKeyScore, which gives the US government access to millions of people's emails, online chats and browsing histories.
A Firefox flaw was used to try and track paedophiles' use of Tor to share and distribute images of child abuse in August.