Security Experts:

Connect with us

Hi, what are you looking for?


Tracking & Law Enforcement

University’s Tor Hacking Research Funded by DoD

In response to a motion filed by the defense in the case of an alleged Silk Road 2.0 administrator, a judge has confirmed that US authorities funded Carnegie Mellon University to conduct research on the Tor anonymity network.

In response to a motion filed by the defense in the case of an alleged Silk Road 2.0 administrator, a judge has confirmed that US authorities funded Carnegie Mellon University to conduct research on the Tor anonymity network.

In November 2015, the Tor Project accused the FBI of paying Carnegie Mellon University at least $1 million to deanonymize Tor users suspected of conducting criminal activities. It turns out that the research conducted by the university was actually funded by the United States Department of Defense (DoD) and the FBI obtained the information on alleged criminals after serving a subpoena to Carnegie Mellon’s Software Engineering Institute (SEI).

When the news broke in November, court documents showed that an academic institution had helped the FBI identify criminals that had been using Tor to hide their activities. One of the suspects was Brian Richard Farrell from Seattle, who has been charged with conspiracy to distribute cocaine, heroin and methamphetamine through his role as an administrator of the underground drug bazaar Silk Road 2.0.

Authorities said they identified Farrell and other suspects based on IP addresses obtained by a university-based research institute that operated its own computers on the Tor network. Farrell’s defense filed a motion asking the prosecution to provide additional information on the relationship between this research institute and the government, and the methods used to identify the defendant on what was supposedly an anonymous website.

A federal judge denied the motion this week, arguing that since the suspect was identified based only on his IP address, the search of the Tor network had not violated any of his Fourth Amendment rights. The judge pointed out that Tor users should not expect their IP address to remain private considering that the Tor network has vulnerabilities and that users connect with their real IPs to the Tor nodes that should help them remain anonymous.

One important aspect revealed by the judge is that the FBI wasn’t funding the SEI research. Instead, it was funded by the DoD, and the FBI obtained the IPs of crime suspects based on a subpoena.

This is in line with a statement released by Carnegie Mellon University in November in response to accusations that it was paid by the FBI. The law enforcement agency also denied paying the university at the time.

Researchers unmask Tor users

Tor helps users maintain their anonymity online by routing their traffic through a series of relays operated by individuals and organizations across the world. In January 2014, more than 100 devices joined Tor as relays and attempted to deanonymize users who operated and accessed hidden services.

The attack relays were identified by the Tor Project in July 2014 and removed from the network. The Tor Project concluded that these attacks were likely conducted by a group of Carnegie Mellon University researchers who had planned to disclose their findings at the Black Hat USA conference in August 2014.

The results of the research were never made public because the Black Hat talk was canceled due to the fact that the university had not approved the content of the presentation for public release.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.


The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.


Spanish Court agreed to extradite Joseph James O’Connor to he U.S., who allegedly took part in the July 2020 hacking of Twitter accounts of...


US government reminds the public that a reward of up to $10 million is offered for information on cybercriminals, including members of the Hive...


A hacker who reportedly posed as the CEO of a financial institution claims to have obtained access to the more than 80,000-member database of...


Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...


Russian Vladislav Klyushin made tens of millions of dollars by hacking into U.S. computer networks to steal insider information.