Carnegie Mellon denies taking money from FBI to hack TOR

Carnegie Mellon University has denied it was paid US$1 million by the Federal Bureau of Investigation (FBI) to break into The Onion Router (TOR) anonymising network.

Ross Ulbricht, founder of Silk Road.

In a statement, the university said it had received no money from law enforcement, suggesting instead it was compelled to do the work through a subpoena.

"In the course of its work, the university from time to time is served with subpoenas requesting information about research it has performed. The university abides by the rule of law, complies with lawfully issued subpoenas, and receives no funding for its compliance," Carnegie Mellon said.

Last week, Motherboard alleged Carnegie Mellon had helped the FBI to attack and enable surveillance of the underground Silk Road 2.0 marketplace to uncover illegal activities.

Two Carnegie Mellon researchers were supposed to present fndings on how to break TOR last year at the Black Hat security conference.

However, the presentation was pulled from Black Hat by the university, leading to speculation that the work by the researchers was used by the FBI to unmask TOR users.

Roger Dingledine, director of the TOR Project, said he had been told CMU had been paid US$1 million to engineer the attack. Dingledine did not produce any evidence of the payment.

Carnegie Mellon denied it had been paid money, but did not deny it had been working with the FBI on hacking Silk Road 2.0. The FBI investigation led to Silk Road founder Ross Ulbricht being sentenced to life in prison and forfeiting US$183.9 million in May this year.

The university said its software engineering institute is a federally funded research and development centre, established to focus on IT security and engineering. Funding comes mostly from the US Department of Defence.

Among the tasks of its computer emergency response team (CERT) is to research and identify software and network vulnerabilities.