Skip to main content

Tor says FBI paid Carnegie Mellon to hack them

The Carnegie Mellon University, which has been accused by Tor of hacking into the anonymous network and stealing swathes of data, was allegedly paid by the FBI to do so.

The accusations come from Tor, who in a blog post says the FBI paid Carnegie Mellon University Computer Emergency Response Team (CERT) $1 million (£660,000) for the job.

As evidence, Tor points to Carnegie Mellon’s submission to the Black Hat conference, that detailed a new way of breaking in to Tor using just $3,000 of hardware. It was even said that proposals for the presentation were collated and submitted between February and April, with researchers presenting some of the research in June, pinpointing the vulnerability and indicating that the attack had been carried out in real life.

But after the ongoing attack was discovered in early July, the talk was abruptly cancelled.

Tor also says there have been no indications that they had a warrant to crack the network, or that they had any oversight from Carnegie Mellon's Institutional Review Board.

“We think it's unlikely they could have gotten a valid warrant for CMU's attack as conducted, since it was not narrowly tailored to target criminals or criminal activity, but instead appears to have indiscriminately targeted many users at once,” Tor says in the blog post.

“Such action is a violation of our trust and basic guidelines for ethical research. We strongly support independent research on our software and network, but this attack crosses the crucial line between research and endangering innocent users.”