Carnegie Mellon denies Tor allegation the FBI outsourced cyber attack in return for cash payment
An American university has dismissed “inaccurate” claims by the Tor Project that it received cash from the FBI in order to attack the dark web last year.
Last week the Tor anonymisation network alleged that FBI had paid “at least $1m (£675,000)” to researchers at the Carnegie Mellon university based in Pittsburgh, so they would launch an attack on them.
At the time, the university responded vaguely to the Tor allegations, reportedly saying “You can read what you want into it.”
“The Tor Project has learned more about last year’s attack by Carnegie Mellon researchers on the hidden service subsystem,” wrote Tor. “Apparently these researchers were paid by the FBI to attack hidden services users in a broad sweep, and then sift through their data to find people whom they could accuse of crimes.”
And Tor went on to accuse the FBI of acting illegally and said the attack has created a troubling precedent.
But now the university has issued a more upfront denial, and said that while it does receive Federal money for its security research, it was not paid to conduct the attack.
“There have been a number of inaccurate media reports in recent days regarding Carnegie Mellon University’s Software Engineering Institute work in cybersecurity,” said the university in a statement.
“Carnegie Mellon University includes the Software Engineering Institute, which is a federally funded research and development center (FFRDC) established specifically to focus on software-related security and engineering issues,” it said. “One of the missions of the SEI’s CERT division is to research and identify vulnerabilities in software and computing networks so that they may be corrected.”
However it denied receiving FBI cash to conduct attacks.
“In the course of its work, the university from time to time is served with subpoenas requesting information about research it has performed,” it said. “The university abides by the rule of law, complies with lawfully issued subpoenas and receives no funding for its compliance.”
Tor provides anonymity by obscuring the real point of origin of Internet communications, and was in part created by the US government, which helps fund its ongoing development, due to the fact that some of its operations rely on the network.
However, the network is also widely used for criminal purposes, such as operating contraband websites, and it is increasingly being used by attackers to hide their identities as they scan for vulnerabilities or carry out attacks.
In August IBM recommended that system administrators ban access to the network, as it was increasingly used as the point of origin of attacks on public- and private-sector organisations.
Are you a security pro? Try our quiz!