Connect with us

Hi, what are you looking for?


Cybersecurity Funding

University Responds to Accusations of FBI Funding for Tor Hack

Carnegie Mellon University released a statement on Wednesday in response to recent allegations that the organization was paid by the FBI for help in unmasking individuals suspected of using the Tor anonymity network for illegal activities.

Carnegie Mellon University released a statement on Wednesday in response to recent allegations that the organization was paid by the FBI for help in unmasking individuals suspected of using the Tor anonymity network for illegal activities.

CMU was accused last week by the Tor Project that it received at least $1 million to help the FBI deanonymize Tor users. The Tor Project noted that the FBI was unlikely to get a valid warrant for this activity considering that many users were indiscriminately targeted.

In response to recent media reports, which it calls inaccurate, the university has admitted that it receives federal funding, but denies any wrongdoing.

“Carnegie Mellon University includes the Software Engineering Institute, which is a federally funded research and development center (FFRDC) established specifically to focus on software-related security and engineering issues. One of the missions of the SEI’s CERT division is to research and identify vulnerabilities in software and computing networks so that they may be corrected,” the university stated.

“In the course of its work, the university from time to time is served with subpoenas requesting information about research it has performed. The university abides by the rule of law, complies with lawfully issued subpoenas and receives no funding for its compliance,” CMU added.

The organization’s representatives have refused to clarify why the vulnerabilities found by its researchers in the Tor network were not properly reported to the Tor Project.

For its part, the FBI told reporters at Ars Technica that the allegation that it paid CMU $1 million to hack Tor is inaccurate, but the agency refused to provide any details.

Advertisement. Scroll to continue reading.

Everything started in January 2014 when more than 100 machines joined the Tor network as relays and attempted to deanonymize individuals who operated and accessed hidden services. These relays were only detected by the Tor Project in July 2014, when they were removed from the network and the vulnerability exploited by the attackers was patched.

It was determined at the time that the attack was likely conducted by a team of Carnegie Mellon University researchers who were working on breaking Tor anonymity. The experts had planned on disclosing their findings at the Black Hat security conference, but their talk was pulled because the university said it had not approved the content of the presentation for public release.

Last week, Tor Project Director Roger Dingledine claimed that he had learned from sources in the security community that the FBI paid Carnegie Mellon University at least $1 million to attack hidden services in an effort to find criminals. Court documents found by Vice’s Motherboard showed that at least two suspects were identified by authorities with help from “a university-based research institute” that is presumably CMU.

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybersecurity Funding

SecurityWeek investigates how political/economic conditions will affect venture capital funding for cybersecurity firms during 2023.

Cyber Insurance

Cyberinsurance and protection firm Boxx Insurance raises $14.4 million in a Series B funding round led by Zurich Insurance.

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...


Thirty-five cybersecurity-related M&A deals were announced in February 2023


Forty-one cybersecurity-related M&A deals were announced in March 2023.


Forty cybersecurity-related M&A deals were announced in January 2023.

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem