The security researchers from Carnegie Mellon University (CMU) were hired by the federal officials to discover a technique that could help the FBI Unmask Tor users and Reveal their IP addresses as part of a criminal investigation.
Yes, a federal judge in Washington has recently confirmed that the computer scientists at CMU's Software Engineering Institute (SEI) were indeed behind a hack of the TOR project in 2014, according to court documents [PDF] filed Tuesday.
In November 2015, The Hacker News reported that Tor Project Director Roger Dingledine accused the Federal Bureau of Investigation (FBI) of paying the CMU, at least, $1 Million for providing information that led to the criminal suspects identification on the Dark Web.
After this news had broken, the FBI denied the claims, saying "The allegation that we paid [CMU] $1 Million to hack into TOR is inaccurate."
Meanwhile, the CMU also published a press release, saying the university had been subpoenaed for the IP addresses it obtained during its research.
The revelation came out as part of the ongoing case against Brian Richard Farrell, an alleged Silk Road 2 lieutenant who was arrested in January 2014. It has emerged that the federal officials recruited a "university-based research institute" that was running systems on the Tor network to help authorities uncover the identity of Farrell.
University Researchers Helped FBI Hack TOR
Now, a recent filing in one of the affected criminal cases has confirmed both the name of the "university-based research institute" and the existence of a subpoena.
Some earlier allegations by the TOR project seem to be wrong. The research was funded by the Department of Defense, which was later subpoenaed by the FBI.
Become an Incident Response Pro!
Unlock the secrets to bulletproof incident response – Master the 6-Phase process with Asaf Perlman, Cynet's IR Leader!Don't Miss Out – Save Your Seat!
Here's what the Tuesday court order, by US District Judge Richard Jones, filed in the case of Farrell reads:
"The record demonstrates that the defendant's IP address was identified by the Software Engineering Institute (SEI) of Carnegie Mellon University (CMU) when SEI was conducting research on the Tor network which was funded by the Department of Defense (DOD)."
"Farrell's IP address was observed when SEI was operating its computers on the Tor network. This information was obtained by law enforcement pursuant to a subpoena served on SEI-CMU."
Farrell is charged with conspiracy to distribute drugs like cocaine, heroin, and methamphetamine through the Silk Road 2.0 dark web marketplace.
$1.73 Billion to UnMask TOR Users?
Last summer, the DoD renewed a contract worth over $1.73 Billion with the SEI, which according to CMU, is the only federally funded research center that focus on "software-related security and engineering issues."
Carnegie Mellon University's SEI came under suspicion for the TOR hack due to the sudden cancellation of the talk from SEI researchers Michael McCord and Alexander Volynkin on de-anonymizing Tor users at Black Hat 2014 hacking conference.
More details on the matter are still unclear, but the judge confirmed few facts about the TOR and stated that "Tor users clearly lack a reasonable expectation of privacy in their IP addresses while using the Tor network."