The Tor logo.
(Mirror Daily, United States) – Did the FBI pay researchers to hack Tor? Representatives of The Tor Project have claimed that the FBI has paid researchers at Carnegie Mellon University to hack into the web anonymity service and expose its user’s identities. Tor or The Onion Router is a non-profit project that offers an anonymous web browser that protects user anonymity.
A spokesperson for the FBI has denied the allegation but the statement hasn’t managed to set everyone at ease. Tor project representatives accused the FBI of having paid researchers at Carnegie Mellon University to hack Tor’s hidden services feature in order to unmask Tor users. Some cryptographers have been alarmed by the possibility of something like this happening and questions are now being raised about the relationship between security researchers and law enforcement.
Matthew Green, a computer scientist and cryptography professor at Johns Hopkins University, has stated that the alleged hiring of CMU researchers by the FBI crosses the line of accepted collaborations between computer specialists or academicians and representatives of the government. He went on to say that researchers are usually very careful about what it is they choose to do as part of their university research, regardless of what their activities might be outside of the university.
But there is some indication that such collaborations between researchers and government institutions in order to prosecute individuals with hidden identities may have happened before.
Some court documents made public by Motherboard state that a member of the now disbanded illegal online bazaar Silk Road 2.0 as well as a man that was charged with possessing child pornography were identified and as a consequence later prosecuted with the help of a university-based research institute which operated its own computers to navigate on the anonymous network used by the Silk Road 2.0 website.
Representatives of the Tor Project now say that the research institute cited in those court documents is CMU’s Software Engineering Institute and that it accepted a payment of $1 million from the FBI in order to specifically target Tor users. They have supported their allegation by pointing out the similarity between the recent attack on Tor users and a presentation made by two researchers from the institute.
The presentation had been made by researchers in the CERT division of the institute and had been initially submitted to Black Hat but had later been withdrawn. In a blog post from the Tor Project representatives go on to explain that they consider it unlikely that the FBI could have gotten a valid warrant for CMU’s attack as it was not tailored to target criminal activity or criminals but appears to have targeted many users at once indiscriminately. The FBI has denied having paid CMU.
Security experts claim that there is a real risk that the attack has exposed many innocent Tor users.
Image source: www.wikipedia.org