Carnegie Mellon University Responds to Allegations it Took $1m to Take Down Tor

Last week, The Onion Router team claimed that Carnegie Mellon University had taken $1 million from the FBI to compromise its Tor browser. The University has now spoken out about the allegations, with a statement denying that it receives any money for information it provides police and intelligence organisations.

In a world of increasing online surveillance, Tor aims to provide its users with anonymous internet browsing, and as such it has been the bane of law enforcement agencies across the globe. The FBI specifically has been lobbying for more powers to see through Tor’s layers for some time, and it is known to have a relationship with Carnegie Mellon University.

While Carnegie Mellon dismisses any notion that it has taken money from any agency, it does not deny that it works with law enforcement organisations, nor does it specifically address its dealings FBI or its involvement in compromising Tor.

The statement reads:

“There have been a number of inaccurate media reports in recent days regarding Carnegie Mellon University’s Software Engineering Institute work in cybersecurity.

Carnegie Mellon University includes the Software Engineering Institute, which is a federally funded research and development center (FFRDC) established specifically to focus on software-related security and engineering issues. One of the missions of the SEI’s CERT division is to research and identify vulnerabilities in software and computing networks so that they may be corrected.

In the course of its work, the university from time to time is served with subpoenas requesting information about research it has performed. The university abides by the rule of law, complies with lawfully issued subpoenas and receives no funding for its compliance.”

While it doesn’t say outright that the University gave the FBI information regarding Tor due to a subpoena it received, it is heavily implied. In denying taking money and affirming that any dealings were law enforcement were legally obliged, Carnegie Mellon appears to be indirectly absolving itself of blame by assigning all responsibility to the FBI.

FBI Allegedly Paid Carnegie Mellon University $1m to Break Tor

The Onion Network (or Tor), a free browser designed to allow anonymous, encrypted internet communication, has been the bane of law enforcement and intelligence agencies since its inception (though the NSA reportedly peeled back Tor’s layers years ago), with the FBI keen on acquiring powers to see through both Tor and VPN networks for some time.

Tor was seriously compromised during the Summer of 2014 by unknown assailants, but now the Tor Project has revealed that it thinks it has determined the culprit: the FBI. According to the Tor Project, the FBI paid researchers from Carnegie Mellon University $1 million to crack Tor’s encryption.

“On July 4 2014 we found a group of relays that we assume were trying to deanonymize users,” the Tor Project wrote on its blog at the time. “They appear to have been targeting people who operate or access Tor hidden services. The attack involved modifying Tor protocol headers to do traffic confirmation attacks.”

In a follow-up post yesterday (11th November), the team writes, “The Tor Project has learned more about last year’s attack by Carnegie Mellon researchers on the hidden service subsystem. Apparently these researchers were paid by the FBI to attack hidden services users in a broad sweep, and then sift through their data to find people whom they could accuse of crimes.”

“There is no indication yet that they had a warrant or any institutional oversight by Carnegie Mellon’s Institutional Review Board,” the post adds. “We think it’s unlikely they could have gotten a valid warrant for CMU’s attack as conducted, since it was not narrowly tailored to target criminals or criminal activity, but instead appears to have indiscriminately targeted many users at once.”

The Tor Project brands the alleged actions of the FBI as an attack on “civil liberties” and “a violation of our trust and basic guidelines for ethical research.”

Carnegie Mellon University has worked with the FBI in the past, most recently to catch Silk Road 2.0 users sharing child pornography.

Computer Could Learn Common Sense In The Near Future

According to a an article from Fudzilla, scientists at Carnegie Mellon University have built a software that can search the web on a non-stop basis and learn common sense.

A normal human that browses the internet daily can learn a handful of information. However the software, dubbed the Never Ending Image Learner (NEIL), was designed to search for images and do its best to understand these images on its own. The program runs on two clusters of computers that include 200 processing cores, way beyond the ability to process information for a normal individual. As NEIL grows a visual database it is expected to gather common sense on what is being called as “massive scale”.

The designers have already shown some unique findings that could relate to common sense, such as “Deer can be a kind of / look similar to Antelope,” and “Trading Floor can be / can have Crowded”. The results so far are not really spectacular, but it is sign of progress. Computers do not have the ability to comprehend, that’s why software is based on conditions and functions.

Abhinav Gupta, assistant research professor in Carnegie Mellon’s Robotics Institute said that images were the best way to learn visual properties. People learn this by themselves and, with NEIL, computers could gain that ability as well.

Thank you Fudzilla for providing us with this information
Image courtesy of ComputerBasicsEbook