Tor claims that FBI paid $1 million to academics to unmask Dark Web users
The so-called Dark Web is innocuous and is considered as a haven for criminal activity for those wary of the prying eyes of law enforcement and government agencies. It’s objective is to hide the identities of the users who visit them and operators of websites.
However, the Tor Project, a non-profit that maintains a privacy-minded web browser that is responsible for maintaining the Tor anonymizing network in one of the most shocking blogs has claimed the FBI paid Carnegie Mellon University security researchers atleast $1 million to reveal the identities of Dark Web users. The Tor Project is best-known for Web browser software, which is widely used to cruise the Dark Web.
The Tor Project wrote in a blog post that the academics made changes to some of the technical protocols used to obscure peoples’ locations and crafted an attack. Their work reportedly swept up data about a vast number of users, allowing the FBI to later accuse some of them of crimes.
Indiscriminately targeting so many users “is a violation of our trust and basic guidelines for ethical research,” the blog post stated.
“Civil liberties are under attack if law enforcement believes it can circumvent the rules of evidence by outsourcing police work to universities. If academia uses ‘research’ as a stalking horse for privacy invasion, the entire enterprise of security research will fall into disrepute.”
Nor did the FBI or the Carnegie Mellon University immediately respond to a request for comment.
It all started early last year with an attack on the Tor network. The attack reportedly began in February, after its instigators created more than a hundred new relays on the Tor network in late January, and ran until July 4th, when the team discovered the vulnerability. This is the same time period for which the FBI’s source provided IP addresses of dark web sites, as well as apparent users.
On July 30 2014, the Tor Project announced in a blog post it had “found a group of relays that we assume were trying to deanonymize users.” Relays are nodes of the Tor network that route traffic, and can be set up by anyone. “They appear to have been targeting people who operate or access Tor hidden services”.
It’s unclear how the Tor Project came to conclusion that the FBI paid the Carnegie Mellon researchers.
This indicates that the FBI’s Source of Information was whoever was behind this attack; an attack that may have swept up perfectly innocent users of Tor and hidden services, as well as those using the network for illegal purposes.
“If you’re doing an experiment without the knowledge or consent of the people you’re experimenting on, you might be doing something questionable—and if you’re doing it without their informed consent because you know they wouldn’t give it to you, then you’re almost certainly doing something wrong. Whatever you’re doing, it isn’t science,” Nick Mathewson, co-founder of the Tor Project, told Motherboard in a statement.
The Tor Project’s accusations comes in the wake of the documents obtained by the news organization related to the arrest of Brian Richard “DoctorClu” Farrell, an alleged operator of Silk Road 2.0 — a Dark Web e-commerce site where users primarily bought and sold drugs. Thanks to information obtained by “a university-based research institute”, the documents directly state that Farrell’s involvement with the second iteration of the infamous drug marketplace was identified.
In the search warrant used to search Farrell’s home in January 2015, Special Agent Michael Larson pointed to an FBI source of information that gave “reliable IP addresses for TOR and hidden services such as [Silk Road 2.0]” between January 2014 and July 2014 — lining up with the dates of the suspected Carnegie Mellon’s Computer Emergency Response Team (CERT) attack.
Tor’s statement all but confirms that Carnegie Mellon’s attack was used in the late 2014 law enforcement operation known as Operation Onymous, carried out by the a joint mission against dark web marketplaces and sellers, carried out by Europol, Eurojust, the FBI, the US Department of Homeland Security, and other governmental agencies. That operation was responsible for the shutting down of dozens of Tor hidden services, including arrest of 17 sellers and site administrators, and many of the most popular Tor-based black markets for drugs that included Silk Road 2. For its part, Tor has made efforts to subsequently block the attack.
When contacted by WIRED, Carnegie Mellon did not deny Tor Project’s accusations, but pointed to a lack of evidence. “I’d like to see the substantiation for their claim,” said Ed Desautels, a staffer in the public relations department of the university’s Software Engineering Institute. “I’m not aware of any payment,” he added, declining to comment further.