We learned last week that one of the university’s research groups in cyber security was granted $1 million to unmask users anonymously surfing the internet via Tor. But recently, Carnegie Mellon denied hacking Tor network for federal money.
It is still unclear whether academics were forced by the Federal Bureau of Investigation to hand over sensitive information on the network’s users.
According to a recent statement, the research team involved in the affair, Carnegie Mellon’s Computer Emergency Response Team (CERT), was already conducting research projects on federal money. The group told reporters that they were served with subpoenas on their current projects in the past, but they abode by the rule of law and received no funding for compliance with those subpoenas.
The statements are at odds with last week’s report issued by Tor’s head Roger Dingledine, who said that the researchers used federal funding to gain access into the network subsystem, hack user data, and identify those people that use the system to carry out various crimes.
According to Tor, the attack started in January 2014. For six months, CERT researchers reportedly collected troves of data on Tor users. Moreover, CERT were about to explain how they managed to de-anonymize Tor at a hackers annual gathering called the Black Hat. But the presentation was canceled immediately, which made many people suspect that CERT may be indeed behind the hack.
The Tor Project team learned about how much money the FBI may have put into the research from “friends in the security community.” Tor also said that CERT researchers had no warrant to perform the attack and that there was no institutional oversight from Carnegie Mellon.
What really upsets Tor is that the attacks were carried out against all its users not just criminals. As of last week, CERT declined that there was a payment .
“I’d like to see the substantiation for their claim. I’m not aware of any payment,”
said a spokesperson for the university.
Tor was eyed by the FBI for some time because criminals involved in the Silk Road 2.0 case used the network to hide their wrongdoings from law enforcement.
The federal investigators were not very convincing when they explained how they caught Silk Road criminals. So, people suspected that they used either malware or NSA to track them down.
Information from court documents revealed that one of the masterminds behind the operation was caught using hints provided by a ‘university-based research institute.’
Image Source: Wikimedia