FBI Beat Tor Anonymity Via Academic Research, According to Revelations from "Silk Road 2.0" Prosecution
Tor Project insists those vulnerabilities are not longer exploitable by law enforcement.
Some grim news snuck out from the "Silk Road 2.0" prosecution last week. Andy Greenberg of Wired gets right to the terrible point:
the FBI was able to bypass the anonymity software Tor—the central tool used by the Silk Road 2 and its buyers and sellers to evade the cops—with information they obtained from a subpoena to Tor-focused security researchers at Carnegie Mellon University's Software Engineering Institute.
In a ruling, judge Richard Jones of the Western District of Seattle wrote that Farrell's IP address was obtained through a subpoena to Carnegie Mellon while the university researchers were running an experiment on the Tor network designed to show how its anonymous users and servers could be identified.
Greenberg uses this as an object lesson in the dangers of doing that sort of info-hacking academic research; that it leaves you open to having the Feds swoop in and take what you've learned to use in criminal investigations.
What exactly is at stake is still somewhat ambiguous:
The FBI's subpoena could feasibly have even gone beyond private data to include the Carnegie Mellon's actual Tor-cracking technique…[but] exactly what the Carnegie Mellon researchers handed over to the FBI remains far from clear. But in an abstract on the website of the Black Hat hacker conference, where they planned to present their Tor-focused research in August of 2014, they described it as a serious vulnerability that would allow them to identify both Tor users and web servers that use Tor to hide their location, known as Tor hidden services. "Looking for the IP address of a Tor user? Not a problem. Trying to uncover the location of a Hidden Service? Done. We know, because we tested it, in the wild…" the abstract reads….
Weirdly, that talk was never actually given, abruptly pulled from the Black Hat conference schedule, and a couple of months later, Greenberg notes without asserting a certain connection:
the FBI and Europol together launched Operation Onymous, a purge of the dark web that took down dozens of Tor hidden services including the Silk Road and several other top drug markets.
Europol told Wired at the time it didn't want to reveal exactly how it cracked the sites.
If in fact the government subpoenaed info from Carnegie Mellon that actually revealed enough that the feds could have replicated their Tor-cracking technique, this would be analogous, Greenberg notes, to what the feds want from Apple now in the San Bernardino terrorist phone case, getting a technique "just once" that could be reused in other cases.
The Carnegie Mellon crew might not have been that apt to fight such an subpoena, Greenberg also notes, as Apple is trying to do, as they receive a ton of Department of Defense funding.
The ruling in the prosecution of Brian Farrell, one of the accused operators of "Silk Road II," with the revelation.
Carnegie-Mellon does at least insist that, despite some reports, it lawfully obeys subpoenas, but isn't paid off specifically for doing so.
Vice Motherboard in reporting on the revelation reports the encouraging news that the particular vulnerabilities that Carnegie-Mellon found have been patched, according to this comment from The Tor Project:
"the Tor network is secure and has only rarely been compromised. The Software Engineering Institute ("SEI") of Carnegie Mellon University (CMU) compromised the network in early 2014 by operating relays and tampering with user traffic. That vulnerability, like all other vulnerabilities, was patched as soon as we learned about it. The Tor network remains the best way for users to protect their privacy and security when communicating online."