Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Tracking & Law Enforcement

University’s Tor Hacking Research Funded by DoD

In response to a motion filed by the defense in the case of an alleged Silk Road 2.0 administrator, a judge has confirmed that US authorities funded Carnegie Mellon University to conduct research on the Tor anonymity network.

In response to a motion filed by the defense in the case of an alleged Silk Road 2.0 administrator, a judge has confirmed that US authorities funded Carnegie Mellon University to conduct research on the Tor anonymity network.

In November 2015, the Tor Project accused the FBI of paying Carnegie Mellon University at least $1 million to deanonymize Tor users suspected of conducting criminal activities. It turns out that the research conducted by the university was actually funded by the United States Department of Defense (DoD) and the FBI obtained the information on alleged criminals after serving a subpoena to Carnegie Mellon’s Software Engineering Institute (SEI).

When the news broke in November, court documents showed that an academic institution had helped the FBI identify criminals that had been using Tor to hide their activities. One of the suspects was Brian Richard Farrell from Seattle, who has been charged with conspiracy to distribute cocaine, heroin and methamphetamine through his role as an administrator of the underground drug bazaar Silk Road 2.0.

Authorities said they identified Farrell and other suspects based on IP addresses obtained by a university-based research institute that operated its own computers on the Tor network. Farrell’s defense filed a motion asking the prosecution to provide additional information on the relationship between this research institute and the government, and the methods used to identify the defendant on what was supposedly an anonymous website.

A federal judge denied the motion this week, arguing that since the suspect was identified based only on his IP address, the search of the Tor network had not violated any of his Fourth Amendment rights. The judge pointed out that Tor users should not expect their IP address to remain private considering that the Tor network has vulnerabilities and that users connect with their real IPs to the Tor nodes that should help them remain anonymous.

One important aspect revealed by the judge is that the FBI wasn’t funding the SEI research. Instead, it was funded by the DoD, and the FBI obtained the IPs of crime suspects based on a subpoena.

This is in line with a statement released by Carnegie Mellon University in November in response to accusations that it was paid by the FBI. The law enforcement agency also denied paying the university at the time.

Researchers unmask Tor users

Advertisement. Scroll to continue reading.

Tor helps users maintain their anonymity online by routing their traffic through a series of relays operated by individuals and organizations across the world. In January 2014, more than 100 devices joined Tor as relays and attempted to deanonymize users who operated and accessed hidden services.

The attack relays were identified by the Tor Project in July 2014 and removed from the network. The Tor Project concluded that these attacks were likely conducted by a group of Carnegie Mellon University researchers who had planned to disclose their findings at the Black Hat USA conference in August 2014.

The results of the research were never made public because the Black Hat talk was canceled due to the fact that the university had not approved the content of the presentation for public release.

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

Daniel Kelley was just 18 years old when he was arrested and charged on thirty counts – most infamously for the 2015 hack of...

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Ransomware

The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.

Privacy

Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...

CISO Strategy

The SEC filed charges against SolarWinds and its CISO over misleading investors about its cybersecurity practices and known risks.

Cybercrime

A global cyber espionage campaign has resulted in the networks of many organizations around the world becoming compromised after the attackers managed to breach...

Ransomware

US government reminds the public that a reward of up to $10 million is offered for information on cybercriminals, including members of the Hive...