Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybersecurity Funding

University Responds to Accusations of FBI Funding for Tor Hack

Carnegie Mellon University released a statement on Wednesday in response to recent allegations that the organization was paid by the FBI for help in unmasking individuals suspected of using the Tor anonymity network for illegal activities.

Carnegie Mellon University released a statement on Wednesday in response to recent allegations that the organization was paid by the FBI for help in unmasking individuals suspected of using the Tor anonymity network for illegal activities.

CMU was accused last week by the Tor Project that it received at least $1 million to help the FBI deanonymize Tor users. The Tor Project noted that the FBI was unlikely to get a valid warrant for this activity considering that many users were indiscriminately targeted.

In response to recent media reports, which it calls inaccurate, the university has admitted that it receives federal funding, but denies any wrongdoing.

“Carnegie Mellon University includes the Software Engineering Institute, which is a federally funded research and development center (FFRDC) established specifically to focus on software-related security and engineering issues. One of the missions of the SEI’s CERT division is to research and identify vulnerabilities in software and computing networks so that they may be corrected,” the university stated.

“In the course of its work, the university from time to time is served with subpoenas requesting information about research it has performed. The university abides by the rule of law, complies with lawfully issued subpoenas and receives no funding for its compliance,” CMU added.

The organization’s representatives have refused to clarify why the vulnerabilities found by its researchers in the Tor network were not properly reported to the Tor Project.

For its part, the FBI told reporters at Ars Technica that the allegation that it paid CMU $1 million to hack Tor is inaccurate, but the agency refused to provide any details.

Everything started in January 2014 when more than 100 machines joined the Tor network as relays and attempted to deanonymize individuals who operated and accessed hidden services. These relays were only detected by the Tor Project in July 2014, when they were removed from the network and the vulnerability exploited by the attackers was patched.

It was determined at the time that the attack was likely conducted by a team of Carnegie Mellon University researchers who were working on breaking Tor anonymity. The experts had planned on disclosing their findings at the Black Hat security conference, but their talk was pulled because the university said it had not approved the content of the presentation for public release.

Last week, Tor Project Director Roger Dingledine claimed that he had learned from sources in the security community that the FBI paid Carnegie Mellon University at least $1 million to attack hidden services in an effort to find criminals. Court documents found by Vice’s Motherboard showed that at least two suspects were identified by authorities with help from “a university-based research institute” that is presumably CMU.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Ransomware

US government reminds the public that a reward of up to $10 million is offered for information on cybercriminals, including members of the Hive...

Ransomware

The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.

Funding/M&A

Tenable has launched a $25 million venture fund to place bets on early-stage startups in the exposure management space.

Funding/M&A

Twenty-one cybersecurity-related M&A deals were announced in December 2022.

Cybersecurity Funding

Forward Networks, a company that provides network security and reliability solutions, has raised $50 million from several investors.