The university refused to confirm the rumors when they surfaced last fall.
Computer scientists at Carnegie Mellon University (CMU) were indeed behind a hack of the Tor project, according to court documents filed yesterday, Vice News reports.
The revelation comes several months after the university denied reports that its Software Engineering Institute (SEI) was paid by the FBI to identify criminal suspects. SEI’s carefully worded statement, however, only denied receiving money for cooperating with “lawfully issued subpoenas.” It did not directly address whether it hacked the Tor network at the behest of the FBI in order to uncover the identities of the people behind Silk Road 2.0.
One of those suspects is Brian Farrell, who is charged with conspiracy to distribute cocaine, heroin, and methamphetamine via Silk Road 2.0.
An order filed yesterday in the case specifically names SEI as the organization that identified Farrell’s IP address.
“Farrell’s IP address was observed when SEI was operating its computers on the Tor network,” the filing reads. “This information was obtained by law enforcement pursuant to a subpoena served on SEI-CMU.”
The Tor project, which provides free anonymity software to conceal Internet users’ location and browsing activities, accused CMU of attacking it last November.
In a blog post, Tor representatives said researchers from the university of accepting $1 million from the FBI to identify Tor users.
While the issue of the money is still up in the air, SEI came under suspicion for the Tor hack because SEI researchers were scheduled to give a presentation at Black Hat 2014 about weaknesses within the Tor network.
That presentation was cancelled on the eve of the conference with little explanation.
The description of the talk, however, “bore a startling resemblance” to the attack on Tor, Vice said at the time.
Yesterday’s order largely denies a motion filed by Farrell’s defense lawyers, who are attempting to uncover more details about the relationship between law enforcement agencies and Carnegie Mellon.
The Department of Defense renewed a contract with SEI last summer worth up to $1.73 billion.
The university says its institute is the only federally funded research center to focus on “software-related security and engineering issues.”
CMU, the Department of Defense, the FBI, and Farrell’s defense team did not immediately respond to PCMag’s requests for comment.
But CMU told Vice that it is not commenting beyond its November statement.