Did the FBI pay Carnegie Mellon $1 million to identify and attack Tor users?


Documents published by Vice News: Motherboard and further reporting by Wired News suggest that a team of researchers from Carnegie Mellon University who canceled their scheduled 2015 BlackHat talk identified Tor hidden servers and visitors, and turned that data over to the FBI.

No matter who the researchers and which institution, it sounds like a serious ethical breach.

First, from VICE, a report which didn't name CMU but revealed that a U.S. University helped the FBI bust Silk Road 2, and suspects in child pornography cases:

An academic institution has been providing information to the FBI that led to the identification of criminal suspects on the dark web, according to court documents reviewed by Motherboard. Those suspects include a staff member of the now-defunct Silk Road 2.0 drug marketplace, and a man charged with possession of child pornography.

It raises questions about the role that academics are playing in the continued crackdown on dark web crime, as well as the fairness of the trials of each suspect, as crucial discovery evidence has allegedly been withheld from both defendants.

Here's a screenshot of the relevant portion of one of the court Documents that Motherboard/Vice News published:

Later today, a followup from Wired about discussion that points the finger directly at CMU:

The Tor Project on Wednesday afternoon sent WIRED a statement from its director Roger Dingledine directly accusing Carnegie Mellon of providing its Tor-breaking research in secret to the FBI in exchange for a payment of “at least $1 million.” And while Carnegie Mellon’s attack had been rumored to have been used in takedowns of dark web drug markets that used Tor’s “hidden service” features to obscure their servers and administrators, Dingledine writes that the researchers’ dragnet was larger, affecting innocent users, too.

Read the rest

HOWTO use Tor Messenger, the new, super-secure/private chat app


It's still in beta, but Tor Messenger from the Tor Project has security and privacy baked in by design, and it's the easiest method yet devised to use OTR (Off the Record), the gold standard in secure communications. Read the rest

Kilton Library's Tor node is back online


Kilton, New Hampshire's public library was the first library in the USA to offer an Tor node on its computers, giving its patrons a technological assist in maintaining their privacy and anonymity -- until the DHS sent them a letter demanding that they switch it off.

Now, ninja librarian Alison Macrina has tweeted the good news: "WE'VE DONE IT. THE KILTON LIBRARY WILL TURN THEIR #TOR RELAY BACK ON!!!"

(Image: Tor Project) Read the rest

Free six-part course on encrypting email and securing your network sessions against snooping

Jeff sez, "Tuts+ has made my six part introduction to PGP encryption, email and networking privacy available to readers for free." Read the rest

What happened when we got subpoenaed over our Tor exit node

We've run a Tor exit-node for years. In June, we got the nightmare Tor operator scenario: a federal subpoena (don't worry, it ended surprisingly well!)

The Tor Project is hiring a new executive director

So, an EFF activist gig isn't for you and neither is deputy director of the Free Software Foundation: how about executive director of the Tor Project, which maintains The Onion Router, a crucial piece of anonymity and privacy technology? Read the rest

John Scalzi and Tor Books sign 13 book, 10 year, $3.4M deal

A decade after Tor published his first novel, Scalzi's committed to writing 10 adult and 3 young adult novels for Tor over the next ten years. Read the rest

Hacktivist sees too much, FBI lock him up on child-porn charges, produce no evidence

Matthew DeHart, a veteran from a multi-generational military/intelligence family, ran a Tor hidden service server for his Wow guildies, members of his old army unit, and whistleblowers. Read the rest

Automating remote BIOS attacks

Legbacore's upcoming "digital voodoo" presentation will reveal an automated means of discovering BIOS defects that are vulnerable to remote attacks, meaning that your computer can be compromised below the level of the OS by attackers who do not have physical access to it. Read the rest

Crypto-Santa: use onion routing to anonymize gifts at your Xmas party

Dmytri writes, "Add a crypto wrinkle to your Kris Kringle! Make your Secret Santa even more secret with the magic of Onion Wrapping!" Read the rest

Tor Project declares solidarity with harassed colleague

Roger Dingledine from the Tor Project writes, "One of our colleagues has been the target of a sustained campaign of harassment for the past several months. We have decided to publish this statement to publicly declare our support for her, for every member of our organization, and for every member of our community who experiences this harassment. Read the rest

Random Darknet Shopper: Internet art randomly spends $100/wk of Bitcoin in darknet

It's part of a Swiss gallery exhibit called The Darknet: From Memes to Onionland, where all the random junk the algorithm buys (from ecstasy to fire brigade master-keys to boxed Tolkien sets) are displayed. Read the rest

Which crowdfunded privacy routers are worthy of your trust?

After the spectacular rise and fall of Anonabox, a kickstarted $45 router that was supposed to protect your privacy but had its campaign yanked for not being entirely forthright with backers, a spate of shady, silly, and even serious projects have sprung up to fill the demand that Anonabox's $615,000 Kickstarter near-win demonstrated. Read the rest

Tor Browser goes 4.0

The 4.0 version of the secure, anonymized, private browser disables SSL3 (in deference to the POODLE attack) and uses new transports that are intended to defeat the Great Firewall of China and other extremely restrictive firewalls. Read the rest

Comcast blocks Tor (updated)

"Users who try to use anonymity, or cover themselves up on the internet, are usually doing things that aren’t so-to-speak legal; we have the right to terminate, fine, or suspend your account at anytime due to you violating the rules -- Do you have any other questions? Thank you for contacting Comcast." Read the rest

Honorable spies anonymously leak NSA/GHCQ-discovered flaws in Tor

Andrew Lewman, head of operations for The Onion Router (TOR), an anonymity and privacy tool that is particularly loathed by the spy agencies' capos, credits Tor's anonymous bug-reporting system for giving spies a safe way to report bugs in Tor that would otherwise be weaponized to attack Tor's users. Read the rest

EFF unveils secure, sharing-friendly, privacy-minded router OS

As promised, the Open Wireless Movement's new sharing-friendly, privacy-minded router operating system was unveiled at HOPE X in New York last weekend. Read the rest

More posts