Tor is an encryption service that was created to keep the identity of its users hidden. However, last year, the service was compromised, revealing information on its users to an unknown party.
The non-profit Tor Project, which maintains and develops Tor, believes that it has found its culprit, namely the FBI with the help of Carnegie Mellon University researchers that were allegedly given $1 million as payment for their efforts.
The Tor Project points to the attack that it discovered last year as evidence of the incident, wherein the attackers were able to gather data regarding the users of Tor from January to July. While the Tor Project then did not know how much information the attack acquired, it was already convinced that it was the Computer Emergency Response Team of Carnegie Mellon's Software Engineering Institute that was behind the attack.
Last year, researchers from Carnegie Mellon were supposed to present at the Black Hat hacking conference last year on a new method to breach Tor, with some of the research presented last June stating that the attack had been done in real life. When the attack was discovered last July, the presentation by the Carnegie Mellon researchers was cancelled, with the researchers stopping to answer emails sent by the Tor Project.
The accusations by the Tor Project stemmed from documents used by the government in the case against Brian Richard "DoctorClu" Farrell, a staff member of Silk Road 2.0. The documents said that the involvement of Farrell with the revival of the drug marketplace was identified due to information acquired by "a university-based research institute."
In addition, a search warrant that was used on Farrell's home said that a source of information by the FBI provided data covering January 2014 and July 2014, which lines up with the time period of the attacks allegedly launched by Carnegie Mellon's CERT on Tor.
The information acquired by the Carnegie Mellon researchers was believed to have been used for Operation Onymous, which was a joint mission carried out by the FBI, the Europol, the United States Department of Homeland Security, the Eurojust, and other government agencies to crack down on dark web marketplaces. The operation led to the arrest of 17 site administrators and sellers, the shutdown of 410 services accessible only through Tor and the confiscation of Bitcoin worth $1 million.
While the attack by Carnegie Mellon researchers as commissioned by the FBI had its purpose, the Tor Project sees the move as setting a troubling precedent.
"Civil liberties are under attack if law enforcement believes it can circumvent the rules of evidence by outsourcing police work to universities. If academia uses "research" as a stalking horse for privacy invasion, the entire enterprise of security research will fall into disrepute," the Tor Project said in a blog post.