McCord said he was "unable to comment on the matter." Carnegie Mellon's SEI declined comment about the canceled talk and about whether it had provided information from the research to law enforcement. If nothing else, it's highly likely the information the researchers collected about "drug dealers and child pornographers" made its way into law enforcement hands. But maybe it got pulled because the researchers were revealing a law enforcement technique that the government did not want publicized. At the time, many assumed that the university pulled the plug on the talk because of academic ethics considerations and the gray legal zone it was in, with the researchers casually intercepting Web traffic. It was clear that Tor thought the Carnegie Mellon researchers were responsible. The researchers refused to talk to the press, but a conference spokesperson told Reuters the talk was canceled because the researchers hadn't cleared the release of their work through their department, the Software Engineering Institute, which receives funding from the Defense Department. If you control enough of the Tor network, it's possible to get a kind of bird's eye view of the traffic being routed through it. The attack involved modifying Tor protocol headers to do traffic confirmation attacks. They appear to have been targeting people who operate or access Tor hidden services. On Jwe found a group of relays that we assume were trying to deanonymize users. Tor revealed that a bunch of nodes in its network had been compromised for at least 6 months, and asked users to upgrade their Tor software to patch the vulnerability the attackers used: We know because we tested it, in the wild." In a summary of the talk on the conference website, the researchers claimed that it was possible to “de-anonymize hundreds of thousands of Tor clients and thousands of hidden services within a couple of months,” and that they would discuss examples of their own work identifying "suspected child pornographers and drug dealers." In fact the indictment made it sound easy, saying the FBI "identified the server located in a foreign country," and that law enforcement went in and imaged it sometime around May 30, 2014.Īround that same time, two researchers from Carnegie Mellon, Alexander Volynkin and Michael McCord, were preparing for a presentation at hacker conference Black Hat about work they'd done to easily "break Tor." They were vague about the details but promised that their work wasn't just theoretical: "Looking for an IP address for a Tor user? Not a problem. Trying to uncover the location of a Hidden Service? Done. But the indictment is vague about how exactly the FBI got its hands on the supposedly hidden server Silk Road 2.0 was using. One of the helpful volunteers Benthall allegedly tapped to help moderate the underground drug marketplace was an undercover Homeland Security agent (who was paid over $30,000 in Bitcoin for his or her efforts). (As in, no longer "Anonymous.") In the Benthall indictment, the FBI revealed that part of its investigation was good-old fashioned undercover police work.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |