430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

The DoD funded the Carnegie Mellon University’s research on Tor Hacking

A judge has confirmed that US Departement of Defense funded the Carnegie Mellon University to conduct research on the Tor hacking. In November 2015, the researchers at the Tor Project publicly accused the FBI of paying the experts at the Carnegie Mellon University to deanonymize Tor users. The experts at the Tor Project collected information about the […]

The DoD funded the Carnegie Mellon University’s research on Tor Hacking

A judge has confirmed that US Departement of Defense funded the Carnegie Mellon University to conduct research on the Tor hacking.

In November 2015, the researchers at the Tor Project publicly accused the FBI of paying the experts at the Carnegie Mellon University to deanonymize Tor users.

The experts at the Tor Project collected information about the attack technique elaborated in 2014 by Carnegie Mellon researchers on the popular anonymizing system.

In January 2014, the attackers used more than 100 Tor relays in an attempt to deanonymize suspects. Fortunately the researchers at the Tor Project removed from the network in July 2014.

Tor Network Presentation Black hat

The Director of the Tor Project Roger Dingledine accused the FBI of commissioning to the Carnegie Mellon boffins a study on methods to de-anonymize Tor users. The FBI has paid at least $1 million track Tor users and to reveal their IP addresses as part of a large criminal investigation.

“Apparently these researchers were paid by the FBI to attack hidden services users in a broad sweep, and then sift through their data to find people whom they could accuse of crimes. We publicized the attack last year, along with the steps we took to slow down or stop such an attack in the future:
https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack/

Here is the link to their (since withdrawn) submission to the Black Hat conference:
https://web.archive.org/web/20140705114447/http://blackhat.com/us-14/briefings.html#you-dont-have-to-be-the-nsa-to-break-tor-deanonymizing-users-on-a-budget
along with Ed Felten’s analysis at the time:
https://freedom-to-tinker.com/blog/felten/why-were-cert-researchers-attacking-tor/

We have been told that the payment to CMU was at least $1 million.” reads a blog post published by the Tor Project.

The FBI has paid at least $1 million to the researchers to find a way to de-anonymize users under investigations of law enforcement.

The research was funded by the Department of Defense (DoD) and the FBI obtained the information on alleged criminals after serving a subpoena to Carnegie Mellon’s Software Engineering Institute (SEI).

This means that the SEI research was funded by the DoD and not by the FBI.

Court documents confirmed that the experts at the Carnegie Mellon university had helped the law enforcement to de-anonymize suspects.

The evidence of the collaborations between the FBI and the Carnegie Mellon University has emerged also in a stand trial in federal court in Seattle in November 2015. The court was discussing the case of Brian Farrell, an alleged Silk Road 2 lieutenant, under investigation of the law enforcement that discovered his IP addresses belong to the suspect. A new filing in Farrell’s case states that a “university-based research institute” supported the investigation and helped the feds to de-anonymize Farrell.

Tor Project court case

According to a Homeland Security search warrant, between January 2014 and July 2014 a “source of information” provided law enforcement “with particular IP addresses” that had accessed the vendor side of Silk Road 2.

The Farrell’s advocates filed a motion asking the prosecution to provide further information on the involvement of the Carnegie Mellon researchers in the investigation and the hacking technique used to de-anonymize suspects.

The response of a federal judge was negative, the magistrate denied the motion this week explaining that authorities had not violated the Fourth Amendment rights identifying the suspects via their IP addresses.

“SEI’s identification of the defendant’s IP address because of his use of the Tor network did not constitute a search subject to Fourth Amendment scrutiny. “

The judge confirmed that the identity of the suspects was identified by exploiting security vulnerabilities in the Tor network.

The Carnegie Mellon University always denied having received money for their research.

Pierluigi Paganini

Security Affairs –  (Tor Network, Tor hacking)