Tor launches serious allegations against the FBI and CMU.
Tor accuses the two of privately joining forces to find a way to hack the Tor network and deanonymize it’s users.
The project’s blog claims the FBI paid $1 million for research that would allow them to unmask Tor users. This research was done at Carnegie Mellon scientists earlier this year and was the topic of a small controversy despite never being actually published.
In January 2014 115 Tor relays from CMU were added to the network. These relays were the catalyst to launch an attack on the Tor network; This was all documented in a research paper that scientists wanted to present at the Black Hat 2014 conference.
The Tor project discovered the research ina short abstract description on the conference website. They contacted researchers for more details and they declined to comment. After more email exchanges the scientists were a bit careless and provided hints about the upcoming presentation.
The Tor project used the aforementioned clues and data logs from the attacks to patch their Tor software on July 30th, just days before the Black Hat presentation – which researchers eventually cancelled.
The cancellation reason given was the CMU leadership did not approve of the public release of this research.
The NSA has tried to crack Tor before, but the creators say “Such action is a violation of our trust and basic guidelines for ethical research. We strongly support independent research on our software and network, but this attack crosses the crucial line between research and endangering innocent users,” the Tor Project wrote. “If this kind of FBI attack by university proxy is accepted, no one will have meaningful 4th Amendment protections online and everyone is at risk.”
Speaking to Wired, CMU said that Tor has no evidence for its claims. “I’d like to see the substantiation for their claim,” a PR representative for the University’s Software Engineering Institute said. “I’m not aware of any payment.” Roger Dingledine, director of the Tor Project, said the $1 million figure was quoted by “friends in the security community.”
As of this moment the Tor Project hasn’t provided any tangible proof of the “alleged” $1 million FBI payment to CMU researchers.