Say it ain’t so!
EVER SINCE A Carnegie Mellon talk on cracking the anonymity software Tor was abruptly pulled from the schedule of the Black Hat hacker conference last year, the security community has been left to wonder whether the research was silently handed over to law enforcement agencies seeking to uncloak the internet’s anonymous users. Now the non-profit Tor Project itself says that it believes the FBI did use Carnegie Mellon’s attack technique—and paid them handsomely for the privilege.
The Tor Project on Wednesday afternoon sent WIRED a statement from its director Roger Dingledine directly accusing Carnegie Mellon of providing its Tor-breaking research in secret to the FBI in exchange for a payment of “at least $1 million.” You can now read the full statement on the Tor Project’s blog.1 And while Carnegie Mellon’s attack had been rumored to have been used in takedowns of dark web drug markets that used Tor’s “hidden service” features to obscure their servers and administrators, Dingledine writes that the researchers’ dragnet was larger, affecting innocent users, too.
“Apparently these researchers were paid by the FBI to attack hidden services users in a broad sweep, and then sift through their data to find people whom they could accuse of crimes,” Dingledine writes. “Such action is a violation of our trust and basic guidelines for ethical research. We strongly support independent research on our software and network, but this attack crosses the crucial line between research and endangering innocent users.”
Read the Remainder at Wired