TECH TUESDAY: Carnegie Mellon Engineers Hack Tor Network. (So, what’s the good news?)

Girl in mask dressed in black old-fasioned clothes posing in the empty room


Online anonymity and privacy, on the surface, would appear to be a completely cut-and-dry-black-and-white issue, but the argument for encryption of your online location and identity does come multi-layered. Much like an onion. Speaking of an onion, in 2002, developers at the United States Naval Research Laboratory unveiled what they believed would be a safer solution to maintaining your privacy online. The Onion Router, or Tor, directs online traffic through a global network of over seven thousand relays. By doing so, Tor conceals users’ locations as well as cloaks the whereabouts of users from surveillance or analytics software. The original intent of Tor was protection of privacy, being praised for preserving anonymity to users in high-risk professions such as investigative journalism and political activism. Tor’s ease of use also made itself available to average web users wanting unfiltered information, or who wish to remain hidden from abusers or stalkers. This all sounds great in theory, but also taking advantage of Tor was Silk Road, the notorious online black market synonymous with the illegal drug trade. Pirated media also found a friend in Tor, as well. The association between Dark Net and Tor had grown so close that those charged with the preservation of the Tor Project hired a PR firm to improve their image.

Now, even though partially funded by the very government trying to crack it, various institutions are dedicating resources to heck the “unhackable” Tor.

FBI agent with badgeCarnegie Mellon University (CMU) is looking into ways of subverting the Tor network. The primary problem with hacking Tor is in its encryption which was designed exceptionally well, so well in fact that in 2014 the US Department of Defense paid researchers at Carnegie Mellon to look into ways to break into the network. Subsequently the FBI subpoenaed the data CMU collected, and that led to the FBI’s arrest of Silk Road’s Brian Farrell.

Here’s where the debate about what Tor was intended to be and how it is being used slips into a grey area…

In this case the representatives of the Tor network argued CMU’s Software Engineering Institute (SEI) accessed the network and pulled out the IP addresses of one of its clients. This action was not only illegal but also immoral because as the Tor network is used by more than just criminals trying to hide their activities. Tor argues that journalists, activists, and law abiding citizens use their network to remain anonymous and remain safe while accessing and posting online data. Still, this ruling sent shock waves through the Dark Net; and for a good reason as Dark Net is usually reserved for transactions best practiced in secret.

U.S. District Judge Richard Jones declared that users on Tor clearly lacked any reasonable expectation of anonymity in their IP address because users give up this information voluntarily to its operators. This granted the FBI freedom to use all the data obtained from SEI to go after all Tor users, including those using the network for media piracy, harassment, and unlawful activity. All this seems well and good—after all, this is what the FBI needs to do, right? Crack down on cybercrime.

However, it appears that the FBI might have obtained information, tools and software via their subpoena regarding the means by which the software engineers hacked Tor. Think about that for a second: The FBI potentially have the same tools the SEI used to hack Tor, and now possess the ability to access the secure network themselves, without provocation.  This is bad news for people in high-risk, whistleblowing, or completely law-biding situations hoping to use the Internet anonymously. Much like what Edward Snowden warned of and what Apple insisted on doing in not hacking a terrorist’s iPhone, the FBI not have unchecked access to Tor.

Should this give us all pause? Is the possible compromising of Tor for the greater good, or access the FBI does not need? What do you think?



shurtz.jpgA research physicist who has become an entrepreneur and educational leader, and an expert on competency-based education, critical thinking in the classroom, curriculum development, and education management, Dr. Richard Shurtz is the president and chief executive officer of Stratfdord University. He has published over 30 technical publications, holds 15 patents, and is host of the weekly radio show, Tech Talk. A noted expert on competency-based education, Dr. Shurtz has conducted numerous workshops and seminars for educators in Jamaica, Egypt, India, and China, and has established academic partnerships in China, India, Sri Lanka, Kurdistan, Malaysia, and Canada.

Leave a Reply

Your email address will not be published. Required fields are marked *