Judge's ruling confirms CMU engineers hacked TOR network


A recent ruling by U.S. District Court Judge Richard Jones reveals what many in the Internet business have known for some time—namely that the U.S. Department of Defense paid researchers at Carnegie Mellon University's Software Engineering Institute to look into ways of subverting the TOR network's ability to hide user IP addresses, and that the FBI subsequently forced SEI to hand over data (and possibly technical details) via subpoena, which led to the arrest of Brian Farrell, a man accused of using the TOR network to carry out a host of crimes anonymously.

The disclosure of the details that led to the arrest of Farrell, whose lawyer's are attempting to clear their client by suggesting that the actions taken by SEI and the FBI were illegal, opens up yet another can of worms regarding Internet privacy. News of this latest incident comes on the heels of the widely publicized case of the U.S. Government attempting to force Apple Computer to bypass the security codes on a phone used by one of the San Bernardino shooters last December. In this new case, the representatives of the TOR network argue that SEI engineers accessing their network and pulling out the IP address of one of its clients was not only illegal (which if true could spell legal trouble for the researchers at SEI) but immoral, as its network is used by more than just criminals trying to hide their activities—it is also used very heavily by dissidents in other countries, or people who are under other forms of duress. They claim their network helps undermine dictatorships and other authoritarian governments, which in turn, helps move the world towards freedom and tolerance.

Jones's ruling also sent shudders though the dark net, as he declared that users on the TOR network "clearly lack a reasonable expectation of privacy in their IP addresses.." because such users voluntarily give up their addresses to TOR operators in order to gain access to the network. That means that the FBI is free to use all the data it obtained from SEI to go after other TOR users, which could include people using the network to illegally download software, movies or music. And that is not the end of it—it is not clear just yet, but it appears that the FBI might have also obtained information, tools and/or software via their subpoena regarding the means by which the engineers at SEI hacked the TOR network, which means the FBI could use what SEI learned, to hack the TOR network, or others like it, on their own.

Explore further

What is the dark web?

© 2016 Tech Xplore

Citation: Judge's ruling confirms CMU engineers hacked TOR network (2016, February 26) retrieved 22 September 2019 from https://techxplore.com/news/2016-02-cmu-hacked-tor-network.html
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only.

Feedback to editors

User comments

Feb 26, 2016
Any open vpn system is fair game for exploitation by legal and illegal groups simply because access is not restricted. The good and bad of this situation is that opportunity exists! Carnegie Mellon University's Software Engineering Institute (SEI) did such work on a DoD contract. The ... "FBI subsequently forced SEI to hand over data (and possibly technical details) via subpoena," The data was not "howto hack TOR". It was records based on reasonable suspicion of communications transactions by a suspected criminal. Tech details could only be the vpn addressing/date/time/etc. between the user, the TOR router(s) and the target connection(s). TOR is not accused of being an illegal service, so the SEI subpoena had to specify that withholding information made SEI "an accessory to the fact". Unlike the Apple case, this was FBI pursuit vs "fishing". I agree the pursuit method is immoral, but it looks legal. The FBI/Apple case is immoral and illegal. Fishing for info is against the law.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more