Court Papers Confirm US Government Paid Carnegie Mellon To Hack Tor

Court documents have confirmed that the US government funded research by Carnegie Mellon University (CMU) in order to hack Tor.

The row began last November when Tor alleged that FBI had paid “at least $1m (£675,000)” to researchers at Carnegie Mellon university in Pittsburgh. Tor made reference to an attack by the FBI in late 2014 which took down dozens of Tor sites, including the drug selling website Silk Road 2.

Tor attack

But CMU denied the Tor allegation that the FBI had outsourced a cyber attack in return for cash payment, and pointed to “a number of inaccurate media reports”.

It did admit at the time that its Software Engineering Institute was federally funded in order to research and identify vulnerabilities in software and computing networks.

And now court documents have proved that CMU was actually funded by the US Department of Defence, to try and identify users of the service.

The court documents confirm that two researchers at CMU’s Software Engineering Institute (SEI) were able to hack into Tor to unmask its users. The FBI then subpoenaed some of the resulting information, including the home IP address of a user (Brian Farrell), alleged to be on the staff of Silk Road 2.

Farrell is denying helping run Silk Road 2, which sold drugs via Tor. His trial begins in April.

The court documents actually came to light in the Silk Road 2 court case, and confirmed that Carnegie Mellon was behind the attack, and that the resulting information gained in the attack was accessed by the FBI via subpoena.

But it is unclear at this time exactly how the FBI knew that CMU had successfully hacked into Tor in the first place. For its part Carnegie Mellon is standing behind its statement made in late November, according to the Guardian newspaper.

The university certainly seems to have trodden a fine line as its statement is technically right, but there is little doubt that CMU researchers were paid by the US government to unmask Tor users.

Tor Condemnation

The Tor Project meanwhile has condemned the decision by the US judge in the Silk Road 2 case, and also the role of Carnegie Mellon University in the matter.

“We read with dismay the Western Washington District Court’s Order on Defendant’s Motion to Compel issued on February 23, 2016, in U.S. v. Farrell,” blogged the Tor Project. “The Court held “Tor users clearly lack a reasonable expectation of privacy in their IP addresses while using the Tor network.” It is clear that the court does not understand how the Tor network works.”

The entire purpose of the network is to enable users to communicate privately and securely,” said Tor. “The Tor network is secure and has only rarely been compromised. The Software Engineering Institute (“SEI”) of Carnegie Mellon University (CMU) compromised the network in early 2014 by operating relays and tampering with user traffic. That vulnerability, like all other vulnerabilities, was patched as soon as we learned about it.”

The Tor network whilst offering web users anonymity, is also widely used for criminal purposes, such as operating contraband websites. And it is increasingly being used by attackers to hide their identities as they scan for vulnerabilities or carry out attacks.

Last August IBM recommended that system administrators ban access to the network, as it was increasingly used as the point of origin of attacks on public- and private-sector organisations.

Are you a security pro? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Ericsson To Cut 1,200 Jobs in Sweden Amid ‘Challenging’ Market

Swedish telecoms giant Ericsson blamed “challenging mobile networks market” and “further volume contraction” for job…

3 hours ago

FTX’s Sam Bankman-Fried Sentenced To 25 Years In Prison For $8bn Fraud

Dramatic downfall. Sam Bankman-Fried sentenced to 25 years in prison for masterminding $8bn fraud that…

4 hours ago

Elon Musk Orders FSD Demo For Every Tesla US Sale

Fallout avoidance? Tesla buyers in the US must be shown how to use the FSD…

5 hours ago

Amazon Pumps Another $2.75 Billion Into Anthropic

Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…

6 hours ago

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

9 hours ago

Trump’s Truth Social Makes Successful Market Debut

Shares in Donald Trump’s social media company rose about 16 percent after first day of…

9 hours ago