Slashdot Mirror

← Back to Stories (view on slashdot.org)

Drug Case In Ireland Has Fingerprints of Carnegie Mellon's Attack On Tor

Posted by samzenpus on from the tainted-fruit dept.

blottsie writes: Newly released evidence shows that Irish detectives who worked the case of two convicted drug dealers may have also used data obtained through CMU's Software Engineering Institute's methods. Mannion and O'Connor were arrested on Nov. 5, 2014, according to a database of Dark Net arrests created by independent researcher Gwern Branwen. That's the same day that the owner of Silk Road 2.0, the replacement for the infamous drug marketplace Silk Road, was arrested. The IP addresses of Silk Road 2.0 were provided to the FBI by a "source of information," according to a search warrant in another case impacted by the attack on Tor, which court documents later confirmed was a university-based research institute.

3 of 72 comments (clear)

  1. Re:Silk Road? by cfalcon · · Score: 4, Insightful

    You seem off topic.

    First, I agree with you about Ulbright, DPR.
    Second, this seems to be about silk road 2.
    Third, this isn't even about jackasses acting with jackassery- this is about attacks on TOR.

  2. Re:Good for CMU. by fuzzyfuzzyfungus · · Score: 4, Insightful

    Unfortunately, what they were doing before was arguably much more useful: CERT/CC, a program heavily intertwined with CMU's software engineering side, has a relatively noble history of doing security research with the intent to make software more secure; rather than weaponize exploits for somebody's petty temporary advantage at the expense of every other user.

    There is absolutely no way that catching a few druggies could possibly be worth tainting the reputation of a respected security research institution with the suspicion of being just another malware vendor for the feds. Are there scary bad people who use software? Sure. Do all the rest of us use mostly the same software, almost all of it terrifyingly full of holes and in dire need of any and all assistance available? Also yes.

  3. Re:Good for CMU. by Krishnoid · · Score: 1, Insightful

    Maybe it played out for CMU like this:

    1. Do all the rest of us use mostly the same software, almost all of it terrifyingly full of holes and in dire need of any and all assistance available?
    2. Let's establish a relatively noble history of doing security research with the intent to make software more secure;
    3. Work diligently to do so, and time passes
    4. All the rest of us use mostly the same software, almost all of it *still* terrifyingly full of holes and in dire need of any and all assistance available
    5. re-evaluate the effectiveness of their efforts
    6. choose to weaponize exploits for somebody's petty temporary advantage at the expense of every other user.
    7. taint the reputation of a respected security research institution with the suspicion of being just another malware vendor for the feds.
    8. decide that the general population doesn't really value or understand security research anyway, and determine that their reputation in that area is of less value than being in the good graces with the US government