Just day before yesterday, the Tor Project Director Roger Dingledine accused the FBI of paying the Carnegie Mellon University (CMU) at least $1 Million to disclose the technique they had discovered to unmask Tor users and reveal their IP addresses.
However, the Federal Bureau of Investigation has denied the claims.
In a statement, the FBI spokeswoman said, “The allegation that we paid [CMU] $1 Million to hack into Tor is inaccurate.”
The Tor Project team discovered more than hundred new Tor relays that modified Tor protocol headers to track online people who were looking for Hidden Services, and the team believes that it belongs to the FBI in order to reveal the identity of Tor-masked IP addresses.
One such IP address belongs to Brian Richard Farrell, an alleged Silk Road 2 lieutenant who was arrested in January 2014.
The attack on Tor reportedly began in February 2014 and ran until July 2014, when the Tor Project discovered the flaw. Within few days, the team patched the vulnerability and updated its software, thereby rolling out new versions of code to block similar attacks in the future.
This week, Motherboard reviewed a new court filing in Farrell’s case that proved the FBI had indeed recruited a “university-based research institute” to uncover the identity of Farrell by running systems on the Tor network.
The FBI spokeswoman didn’t provide any further statement on the Tor Project claims, and it’s still unclear which part of the FBI’s statement is inaccurate – The Payment Amount or The FBI’s Involvement Entirely.