Academic Hackers
Tor de-anonymized
Last year the FBI gave computer-security academics an interesting lesson.
When researchers at Carnegie Mellon's Software Engineering Institute were poking around at the popular anonymity software Tor, they found vulnerabilities that allowed them to identify some Tor users who didn't want to be identified. At least one of them, Brian Farrell, was involved with a website known as "Silk Road 2.0" that arose after the feds took down the old Silk Road in 2013. Like its predecessor, this site served as an online black market.
That became more than academic, as revealed in a ruling from Judge Richard Jones during Farrell's subsequent prosecution. The FBI obtained Farrell's I.P. address via subpoena to Carnegie Mellon, Judge Jones revealed. That should put some fear into computer security researchers who would rather not help the government nab people striving for online anonymity.
Some have wondered if money the university received from the Department of Defense might have reduced its willingness to fight the subpoena. Carnegie Mellon wants the world to know that while it lawfully obeys subpoenas, despite the rumors, it does not get paid off by the government for doing so.
The Tor Project announced that the vulnerability discovered by the Carnegie Mellon team "was patched as soon as we learned about it."
This article originally appeared in print under the headline "Academic Hackers."
Hide Comments (0)
Editor's Note: As of February 29, 2024, commenting privileges on reason.com posts are limited to Reason Plus subscribers. Past commenters are grandfathered in for a temporary period. Subscribe here to preserve your ability to comment. Your Reason Plus subscription also gives you an ad-free version of reason.com, along with full access to the digital edition and archives of Reason magazine. We request that comments be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of reason.com or Reason Foundation. We reserve the right to delete any comment and ban commenters for any reason at any time. Comments may only be edited within 5 minutes of posting. Report abuses.
Please
to post commentsMute this user?
Ban this user?
Un-ban this user?
Nuke this user?
Un-nuke this user?
Flag this comment?
Un-flag this comment?