BEACON TRANSCRIPT – CM denies receiving $1 million from the FBI to hack Tor after an earlier accusation that arose from the Tor project. The Carnegie Mellon University has responded to allegations made by the Tor Project representatives in which they claimed that the Internet anonymity service had been subject to a hack from the university’s computer security specialists earlier this month.
The university has denied having received a $1 million payment from the FBI in order to hack into the Tor service. But the Tor Project representatives substantiated their claims by showing proof that scientists at the Carnegie Mellon University’s Software Engineering Institute submitted a paper describing a hack very similar to the one used on Tor for the Back Hat hacking conference.
The paper was later withdrawn from the presentation but the Tor Project representatives produced a copy of the document submitted for the presentation. While such research is useful for making secure networks be on the watch for potential hacker attacks and must sometimes be performed without the knowledge of the system that is being evaluated, this particular attack put user’s actual data at risk of being exposed.
Tor accused the Carnegie Mellon University of having received $1 million from the FBI in order to perform the hack and obtain user’s information. Tor representatives maintained that the hack was intended to obtain data about users in order to help FBI investigators to gather information about the Silk Road black market on the Deep Web.
They went on to state that civil liberties are under attack if law enforcement believes itself to have the right to circumvent the rules of evidence by outsourcing police work to universities. Several computer security specialists have stated that security experts usually keep the work that they perform as part of their university research projects and grants very clear and specific, in relation to the subject that they are researching.
Some experts consider this to be a dangerous precedent, if what the Tor Project claims is true. So far both the FBI and Carnegie Mellon University have denied any sum of money having been paid for the university’s research in exchange for the hack.
While the CM University has very carefully denied having been paid, it has not denied the attack itself, stating that part of their research involves identifying vulnerabilities in computing networks and software in order to help developers correct them. But the statement also said that when it is served with subpoenas it does have to provide the information it has discovered.
Image source: https://commons.wikimedia.org