An American judge has confirmed that US authorities hired computer researchers from Carnegie Mellon University (CMU) to hack Tor, a software that allows its users to anonymously browse the Internet.
Allegations that
in 2014 CMU’s Software Engineering Institute had helped American law
enforcement breach the technology— in order to recover information
on people committing illicit acts shielded by Tor’s anonymity—
circulated last year. However, so far no clear confirmation has been given
by either the University or the FBI, as the agency believed
to be behind the case.
Now, a federal judge hearing the case against Brian
Farrell — an American citizen charged with being one the masterminds
of Tor-based drug marketplace Silk Road 2:0 — has acknowledged what happened.
"The record demonstrates that the defendant's IP address was
identified by the Software Engineering Institute ("SEI")
of Carnegie Mellon University ("CMU") when SEI was
conducting research on the Tor network,
which was funded by the Department of Defense
("DOD")," a court order filed last Tuesday
in Seattle reads.
The document seems to confirm previous reports, although it suggests that the research had been independently commissioned by the Department of Defense, rather than by the FBI.
The
document also says that Farrell’s IP information, which led to his
identification and arrest, "was obtained by law enforcement pursuant
to a subpoena served on SEI-CMU". This comes with CMU’s
previous comments, which strongly denied they had been paid one million dollars
by FBI, as it had been reported by some outlets.
In other words, it appears that CMU had collected some users’ information in the framework of a research on Tor vulnerabilities in 2014— and that they had not planned to disclose such information until the feds requested it.
War on Encryption
The news is far from surprising. US authorities have been waging a fierce war on encryption and anonymity since 2013’s Edward Snowden revelations, which triggered a mass use of these technologies.
As more and more people adopt encryption, law enforcement agencies in the US and elsewhere are increasingly at odds with technology companies that make a point of protecting their users' privacy.
The
latest instance of this struggle is Apple’s decision
to oppose FBI’s order to create a
"backdoor" to an iPhone of one of San Bernardino’s
shooters.
If anything, the Tor’s penetration case is bad news for thousands of activists — and, to be sure, criminals— that use its "relay technology" to avoid being spied on and located by people monitoring online traffic.
Funnily enough, Tor was first spawned as a US military’s project — its foundations were laid by the US Naval Research Lab and then perfected by Defense Advanced Research Projects Agency in the 1990s. Now US authorities are hiring experts to undo their own doings.