Carnegie Mellon: We Didn't Get $1M to Hack Tor

Posted by Collin_O on Nov 19, 2015 5:50 PM EDT
pcmag.com; By Stephanie Mlot
Mail this story
Print this story

Carnegie Mellon University this week denied reports it was paid by the FBI to help identify criminal suspects on the Dark Web.

Carnegie Mellon University this week denied reports it was paid by the FBI to help identify criminal suspects on the Dark Web.

"There have been a number of inaccurate media reports in recent days regarding [our] Software Engineering Institute work in cybersecurity," the university said in a statement.

"In the course of its work, the university from time to time is served with subpoenas requesting information about research it has performed," it continued. "The university abides by the rule of law, complies with lawfully issued subpoenas, and receives no funding for its compliance."

At issue is a blog post from The Tor Project, which accused Carnegie Mellon researchers of accepting "at least $1 million" to attack Tor and uncover details about those trafficking in illegal goods on Silk Road 2.0.

"Such action is a violation of our trust and basic guidelines for ethical research," the Tor Project wrote. "We strongly support independent research on our software and network, but this attack crosses the crucial line between research and endangering innocent users."

Largely funded by the U.S. Defense Department, Carnegie Mellon's Software Engineering Institute (SEI) is tasked with researching and identifying vulnerabilities in software and computer networks. Along the way, the firm is sometimes served with federal subpoenas requesting information about its research.

In its statement, Carnegie Mellon did not address Silk Road 2.0 directly. That case made headlines again last week when Vice's Motherboard suggested that Carnegie Mellon hacked Tor and provided data to the feds that led to a 2014 FBI raid on Tor users and several arrests.

Carnegie Mellon is not specifically named in court documents, but the defense team for one of the men arrested for his involvement with Silk Road 2.0, Brian Richard Farrell, said the feds found Farrell thanks to the assistance of a "university-based research institute," Motherboard reports.

There are, of course, numerous university-based research institutes in the U.S., but Motherboard says Carnegie Mellon is at the top of that list in part because of a presentation it was scheduled to give at Black Hat 2014 about weaknesses within the Tor network.

That presentation was cancelled on the eve of the conference with little explanation. The description of the talk, however, "bore a startling resemblance" to the attack on Tor that eventually helped the FBI unmask its suspects, Motherboard says.

"This attack … sets a troubling precedent," Tor said in its blog post. "Civil liberties are under attack if law enforcement believes it can circumvent the rules of evidence by outsourcing police work to universities.

"If academia uses 'research' as a stalking horse for privacy invasion, the entire enterprise of security research will fall into disrepute," the post continued. "If this kind of FBI attack by university proxy is accepted, no one will have meaningful 4th Amendment protections online and everyone is at risk."

The FBI did not immediately respond to PCMag's request for comment.

Full Story

  Nav
» Read more about: Story Type: News Story, Security

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.