A judge’s ruling last week in connection with the case of Brian Farrell who was allegedly a staff member of Silk Road 2.0, an online illegal drug marketplace which is now defunct, brought out the fact that the work of security researchers can be subpoenaed and used as a tool for law enforcement in criminal investigations.
In this context, it is interesting to note that FBI was able obtain important information related to the case from the experimental research data provided by security researchers at the Carnegie Mellon University SEI.
Tor is the anonymity software that was used by Silk Road 2.0 and its likes to evade law enforcement.
CMU Research and Tor
Richard Jones, a District Judge of Seattle, in his ruling last week wrote that the IP address of Brian Farrell, an alleged staff member of Silk Road 2.0, was obtained when CMU researchers were conducting research on the Tor anonymous network and demonstrating that its users and servers (usually anonymous) could be identified.
Brian Farrell was charged with conspiracy to distribute dangerous drugs such as meth, heroin and cocaine through Silk Road 2.0.
In this context, security researchers perceived threat as to whether unsuspected publication of important research data that is to be used to secure system flaws can be used secretly to identify and pin down criminals.
Emerging news in this case also brings to light the allegations that CMU researchers were hired by federal officials to provide data that would unmask anonymous Tor users.
It is purported that FBI paid close to a million dollars to CMU researchers to provide information leading to the arrest of criminals that used the Tor software.
This allegation has been subsequently denied by the FBI.
Tor project officials, in the meanwhile, said that a good number of malicious nodes were operating in the Tor network in the months between January and July 2014.
The purpose of working these nodes was to unmask the Tor users.
The attack was designed to use the vulnerabilities of the Tor software and reveal hidden services and users in a short time.
A recently filed court order, however, revealed the existence of a subpoena and the name of the specific university-based research institution that carried out the work.
The filing allegedly revealed that the government funded the research which was later subpoenaed by the FBI.
The government’s Department of Defense renewed a $1.73 billion contract last summer with CMU SEI to focus on software related security issues.
That the SEI was responsible for hacking the Tor was suspected when SEI researchers’ talk was suddenly cancelled at a 2014 Black Hat hacking conference.
The conference was on the subject of de-anonymizing users of the Tor network.
Brian Farrell’s defense lawyers have requested information on the attack by CMU-SEI, and the funding relationship between DOD and SEI and important disclosures regarding the contracts.
Brian Farrell’s case does not seem to be the only one that was affected by CMU-SEI’s research attack on Tor.
Early this month saw the pinning down of Gabriel Siler, who was charged with child pornography and another drug case that came to light in Ireland as fallouts of this research.
The closing down of Silk Road 2.0 was part of a wide operation by the law enforcement authorities that shut down 27 dark web sites operating on Tor network.