The Tor Project claimed it has learned more about an attack on its Deep Web hidden service subsystem that was detected in July of 2014. The Tor Project said that the Carnegie Mellon researchers responsible for the attempt to hack Tor’s network were hired by the FBI and paid “at least $1 million.”
According to a Tor Project blog post by Roger Dingledine, Tor Project director, the FBI paid researchers to attack hidden services users in an effort to find data that would allow the FBI to then accuse people of crimes. Dingledine said it is unlikely that a valid warrant could have been obtained for the attack because “it was not narrowly tailored to target criminals or criminal activity, but instead appears to have indiscriminately targeted many users at once.”
In July 2014, the Tor Project announced that it had found evidence that attackers were attempting to deanonymize users, and linked the servers used in the attacks to the techniques described in a cancelled talk at Black Hat 2014 by Carnegie Mellon researchers Alexander Volynkin and Michael McCord, which claimed to demonstrate such a way to hack Tor.
Carnegie Mellon refused to comment to SearchSecurity on the subject of Tor, but Ed Desautels, senior writer/editor for the public relations department of Carnegie Mellon University’s Software Engineering Institute, did not exactly deny the allegations.