Talk on cracking Internet anonymity service Tor canceled

Discussion in 'Security, Privacy & Anonymity' started by pumpingiron22, Sep 14, 2014.

  1. pumpingiron22

    pumpingiron22 Member Supporter

    Talk on cracking Internet anonymity service Tor canceled

    SAN FRANCISCO Mon Jul 21, 2014 6:21pm EDT

    (Reuters) - A highly anticipated talk on how to identify users of the Internet privacy service Tor was withdrawn from the upcoming Black Hat security conference, a spokeswoman for the event said on Monday.

    The talk was canceled at the request of attorneys for Carnegie Mellon University in Pittsburgh, where the speakers work as researchers, the spokeswoman, Meredith Corley, told Reuters.

    Tor is a double-edged sword that has given dissidents living under repressive regimes a way of communicating safely. But it also has enabled criminals to take advantage of its cloak of anonymity.

    The Black Hat conference, one of the longest-running and best-attended security trade shows in the world, is scheduled for Las Vegas August 6-7.

    Corley said a Carnegie Mellon attorney informed Black Hat that one of the speakers could not give the Tor talk because the materials he would discuss have not been approved for public release by the university or the Software Engineering Institute (SEI).

    It was unclear what aspects of the research concerned the university.

    The institute, based at the university, is funded by the Defense Department. SEI also runs CERT, historically known as the Computer Emergency Response Team, which works with the Department of Homeland Security on major cybersecurity issues.

    Spokesmen for Carnegie Mellon and the Defense Department did not comment on the cancellation. One official said DHS had played no role in pulling the talk.

    Its abstract, titled “You don’t have to be the NSA to Break Tor: De-Anonymizing Users on a Budget,” had attracted attention within the security and privacy communities. The abstract had been published on Black Hat's website but has since been removed.

    The U.S. government funded the creation and much of the operation of Tor as a communications tool for dissidents in repressive countries. But Tor has frustrated the U.S. National Security Agency for years, according to documents released by former agency contractor Edward Snowden.

    That revelation has helped increase adoption by those seeking privacy for political reasons, as well as criminals, researchers say.

    Some criminal suspects on Tor have been unmasked by the U.S. Federal Bureau of Investigation and other law enforcement or intelligence agencies using a variety of techniques, including tampering with software often used alongside Tor.

    In their now-vanished Black Hat abstract, researchers Alexander Volynkin and Michael McCord, said "a determined adversary" could “de-anonymize hundreds of thousands Tor clients and thousands of hidden services within a couple of months,” all for less than $3,000. Neither man responded to a request for comment.

    Their summary said they had tested their techniques and that they would discuss dozens of successes, including cases where suspected child pornographers and drug dealers had been found.

    In the best-known Tor case, U.S. authorities in October shut down online drug bazaar Silk Road, a so-called hidden service reachable only via Tor.

    Tor Project President Roger Dingledine, lead developer of the software, told an online mailing list that the project had not requested the talk be canceled.

    Dingledine said the nonprofit group was working with CERT to coordinate disclosure of details on the researchers' attack on the network.

    He also said he had questions "about some aspects of the research." In years past, other researchers studying Tor traffic have been criticized for intruding on users' privacy.

    This would not be the first time a talk has been canceled at Black Hat. Presentations have been pulled from it and other conferences under pressure from software makers or for other reasons.

    (Reporting by Joseph Menn; Additional reporting by Jim Finkle; Editing by Chris Reese,Jonathan Oatis and Dan Grebler)
    kawilt likes this.
  2. MythotiK

    MythotiK Member Supporter

    Mess with Tor and death will find you :)

    Sic Semper Tyrannis

    pumpingiron22 likes this.
  3. Millard Baker

    Millard Baker Member

    The decision to censor the researchers who were going to present the abstract doesn't sound like it was done in the interest of protecting TOR users. If there are security issues involving TOR, it should be made public so that they can be fixed.

    Keep in mind that the feds fund the lab where those researchers work. If the NSA knows the secret to de-anonymizing TOR users, perhaps they just want to keep the secret to themselves.
    Masters Power and pumpingiron22 like this.
  4. Millard Baker

    Millard Baker Member

    A blog post on the TOR Project website said the CERT researchers were not forthcoming in sharing the information to have been presented in the Black Hat conference. (Note that this blog post was made in July 2014 after the presentation was cancelled. I don't know if CERT researchers eventually ended up sharing additional info.)


    Based on hints provided by CERT researchers, TOR took steps to stop what it thinks were the de-anonymizing hacks that were the subject of the Black Hat 2014 talk:

    TOR never received confirmation from CERT on the matter
    pumpingiron22 likes this.
  5. Millard Baker

    Millard Baker Member

    Some experts are speculating that it was the government-funded research at Carnegie Mellon University that helped the feds locate and take down Silk Road 2 (and other darknet marketplaces):

    pumpingiron22 likes this.
  6. naturalkon

    naturalkon Member

    Interesting stuff