The arrest of two Irishmen for drug charges had led to suspicions that this may be another sign that the FBI is using knowledge from Carnegie Mellon University’s research project that aimed to hack the Tor network.
Tor, which stands for “The Onion Router,” is a volunteer run service that is made up of a group of servers that allow an Internet user to improve their security.
Rather than a user transferring data through a direct connection, the Tor network allows it to pass through several virtual tunnels before reaching its destination.
Using Tor browser enables online users use the Internet without being tracked and access hidden sites.
Tor is also a project that supports access to the dark web, letting users host websites that is impossible to trace their source or location.
There has been suspicion for a while that the Carnegie Mellon University was responsible for a large previous cyber-attack on Tor.
This is now the third case which seems to have been solved using expert research that CMU has provided the FBI.
The first involved a man in relation to the online black market Silk Road 2.0 that lurks in the dark web secured by Tor and the second involved a suspected pedophile.
Now a pattern seems to be emerging as two Dublin drug dealers seem to have been arrested on account of more data from this project.
Interestingly, both the drug dealers and the owner of Silk Road 2.0 were arrested on the same day, with strengthens the argument that the crimes are linked by the provision of information from CMU’s research.
After their property was raided the man were found possessing several illegal substances including cannabis and LSD in amounts that suggested they were intending to supply.
One of the criminals, named Mannion, received a six and a half year sentence, and the other, O’Connor, is to serve a shorter sentence of three years.
There is next to no information available for how these men were caught in this covert operation.
However, it is alleged that Mannion had been monitored for a period of time previous to the arrest.
The FBI had information regarding his IP address, which has been the vital piece of the puzzle in previous investigations for dark web criminals.
Tor claims that the FBI paid a handsome sum to CMU for the IP addresses and potentially other information – possibly $1 million.
This accusation from Tor fits neatly with the legal documents that were exposed recently that stated that a “university-based research institute” had passed on IP information to the FBI.
Both the FBI and Irish Police gave no comment as to whether the arrests of the two Dublin men happened due to an IP address being supplied in this way.
It should also be noted that criminals are not the only people who make use of Tor’s services. Many everyday computer users benefit from Tor’s privacy and security measures.
Over a period of at least six months, the big attack on Tor has compromised the anonymity of its users.
The attack took place in 2014 and compromised the identity of many people who use Tor on a daily basis, the vast majority of which are not criminals.
CMU orchestrated this attack by taking over numerous relay points in the Tor network. This is known as a Sybil attack, and works using the concept that as the data travels from point to point, if many of these points are overseen by one party, the origin and destination of the data becomes increasingly easy to determine.
The reasons for this attack on Tor are still unknown, and the researchers at Carnegie Mellon University certainly are not giving anything away.
What started out as a research project to explore the security of Tor seems now to be the reason that some people are being prosecuted and imprisoned.
The risk has now spread to the thousands of volunteers who keep Tor running as questions are asked about their ability to maintain their tight security on the network.
Having been compromised once, it certainly would not be absurd to think it could happen again.
Tor allegedly foresaw the attack but failed to avoid it.
This story leaves us with many questions. Is Tor still safe for privacy-conscious users?
Should such research projects in universities be allowed to go ahead? And should it be legal for law enforcement to use such information in their investigations?
Latest posts by Richard (see all)
- Top 10 Dark Web Warning Signs of Data Breach - August 15, 2018
- Reddit Hit by Security Breach, User Data Exposed - August 8, 2018
- Murder-For-Hire Charge Dismissed Against Ross Ulbricht - August 7, 2018