Academic Hackers

Tor de-anonymized


Last year the FBI gave computer-security academics an interesting lesson.

When researchers at Carnegie Mellon's Software Engineering Institute were poking around at the popular anonymity software Tor, they found vulnerabilities that allowed them to identify some Tor users who didn't want to be identified. At least one of them, Brian Farrell, was involved with a website known as "Silk Road 2.0" that arose after the feds took down the old Silk Road in 2013. Like its predecessor, this site served as an online black market.

That became more than academic, as revealed in a ruling from Judge Richard Jones during Farrell's subsequent prosecution. The FBI obtained Farrell's I.P. address via subpoena to Carnegie Mellon, Judge Jones revealed. That should put some fear into computer security researchers who would rather not help the government nab people striving for online anonymity.

Some have wondered if money the university received from the Department of Defense might have reduced its willingness to fight the subpoena. Carnegie Mellon wants the world to know that while it lawfully obeys subpoenas, despite the rumors, it does not get paid off by the government for doing so.

The Tor Project announced that the vulnerability discovered by the Carnegie Mellon team "was patched as soon as we learned about it."