Drug Case In Ireland Has Fingerprints of Carnegie Mellon's Attack On Tor

blottsie writes: Newly released evidence shows that Irish detectives who worked the case of two convicted drug dealers may have also used data obtained through CMU's Software Engineering Institute's methods. Mannion and O'Connor were arrested on Nov. 5, 2014, according to a database of Dark Net arrests created by independent researcher Gwern Branwen. That's the same day that the owner of Silk Road 2.0, the replacement for the infamous drug marketplace Silk Road, was arrested. The IP addresses of Silk Road 2.0 were provided to the FBI by a "source of information," according to a search warrant in another case impacted by the attack on Tor, which court documents later confirmed was a university-based research institute.

Re:Silk Road?

[cfalcon]

You seem off topic.

First, I agree with you about Ulbright, DPR.
Second, this seems to be about silk road 2.
Third, this isn't even about jackasses acting with jackassery- this is about attacks on TOR.

Re:Good for CMU.

[fuzzyfuzzyfungus]

Unfortunately, what they were doing before was arguably much more useful: CERT/CC, a program heavily intertwined with CMU's software engineering side, has a relatively noble history of doing security research with the intent to make software more secure; rather than weaponize exploits for somebody's petty temporary advantage at the expense of every other user.

There is absolutely no way that catching a few druggies could possibly be worth tainting the reputation of a respected security research institution with the suspicion of being just another malware vendor for the feds. Are there scary bad people who use software? Sure. Do all the rest of us use mostly the same software, almost all of it terrifyingly full of holes and in dire need of any and all assistance available? Also yes.

Re: Good for CMU.

[PopeRatzo]

Libertarianism doesn't require faith in that.

Libertarianism always starts with "if only". As in, "If only people were different, people would be different."

and is quite demonstrable

The part that's demonstrable is that those that act only for their own good will inevitably take advantage of those who work in the good of the commons, and eventually will poison the well. There is a reason greed has been considered a human failing, at least until the relatively recent development of libertarianism. Let's be honest: libertarianism only exists to provide a moral/social/political framework to give cover to sociopaths. Not that all libertarians are sociopaths. I don't believe that at all. But all libertarians are useful to the sociopaths.

So, where to now?

[RuffMasterD]

Looks like this genie is out of the bottle, and the temptation will simply be too great for law enforcement to let it back in. Tor is compromised. What can we do now? Can Tor be improved to mitigate such attacks, or to warn users in real time that an attack is happening? Are there alternative systems that are not known to have been compromised yet?