Tor Project: US government paid university $1m bounty to hack our networks

[Batu69]

How far did the Feds get into Tor?

The Tor Project is claiming that researchers at Carnegie Mellon University (CMU) were paid a hefty bounty by the FBI to stage an attack last year aiming to unmask the operators of the network's hidden servers.

"We have been told that the payment to CMU was at least $1 million," the group said in a blog post.

In July 2014 the Tor Project revealed that it had been the victim of a six-month hacking campaign which sought to flood the network with relays that modified Tor protocol headers to track hidden servers. Within a week Tor updated its software and pushed out new versions of code to block similar attacks in the future.

The attack was limited in that it didn't monitor entry and exit nodes to the Tor network, but could have been used to trace traffic patterns to hidden sites by the academics-for-hire. But the Tor Project is fuming that the FBI used the university to circumvent federal hacking laws.

"Such action is a violation of our trust and basic guidelines for ethical research. We strongly support independent research on our software and network, but this attack crosses the crucial line between research and endangering innocent users," said the group.

"This attack also sets a troubling precedent: civil liberties are under attack if law enforcement believes it can circumvent the rules of evidence by outsourcing police work to universities. If academia uses 'research' as a stalking horse for privacy invasion, the entire enterprise of security research will fall into disrepute."

CMU's role in trying to hack the Tor network – an anonymizing internet network that was partially funded by the US Office of Naval Research – has been well known ever since researchers from the university pulled a talk from last year's Black Hat security conference about how they could break through its privacy protections.

According to the Black Hat presentation's precis, some Tor traffic could be tracked using a few powerful servers and some fiber-speed connections. The researchers said that with a $3,000 budget they could use Tor design flaws to deanonymize traffic to hidden servers within a few months.

Two months after the briefing was scheduled to occur, US and European cybercops announced the successful conclusion of Operation Onymous – a huge raid against dark net operators that took down Silk Road 2.0 and Cannabis Road. Police netted over $1m in Bitcoin, €180,000 (£141,200, $223,800) in cash, drugs, gold and silver, shut down 414 websites, and made 17 arrests.

For Tor to go on the record with such a claim indicates pretty strong evidence, but CMU has yet to respond to comment on the matter at time of publication.

News source

[emerglines]

LOL! Isn't the US gov who made the project ?

Less and less people will use their shity project.

[steven36]

Tor's use is intended to protect the personal privacy of users, as well as their freedom and ability to conduct confidential communication by keeping their Internet activities from being monitored. An extract of a Top Secret appraisal by the National Security Agency (NSA) characterized Tor as "the King of high-secure, low-latency Internet anonymity" with "no contenders for the throne in waiting",^[and the Parliamentary Office of Science and Technology deemed it, with approximately 2.5 million users daily "by far the most popular anonymous internet communication system." Furthermore, a July 2015 NATO analysis opines that "the use of anonymisation technologies such as Tor will continue to thrive. Despite the attention that Tor has received worldwide, the technical and legal questions surrounding it remain relatively unexplored."

https://en.wikipedia.org/wiki/Tor_%28anonymity_network%29

2.5 million users a day don't sound like no one is using it . i never used TOR for the darknet no ways . When I use it I use it using a vpn as a extra layer of privacy or too access some site that was not working for me . If you use it with a vpn then its still very effective . All by itself it can be cracked at least hosting a website on it can be. Not no normal tor user is going to be using the same tor ip for the months it took them to do this. So why were these people who run darknet business trusting just it with there lives to began with? Sooner or latter you knew some Government were going to bust them staying on the same ip all the time. If you don't use nothing at all you have no chance at all of any privacy . You're freely not only giving the government you're whereabouts . but every webmaster , hacker , etc info and you don't even make it hard on them . :P

This don't have nothing to do with normal users of tor who change IP all the time .It takes them months to get a websites ip locale that use the same ip all the time. A normal user of tor ip changes all the time.

[Holmes]

Not the us government the FBI supposedly paid carnegie mellon university security researchers one million and I say supposedly why the researchers said there not aware of any money.

[jamesDDI]

Not the us government the FBI supposedly paid carnegie mellon university security researchers one million and I say supposedly why the researchers said there not aware of any money.

Shameless <_<