Tor break talk axed from Black Hat conference

A proposed talk by two Carnegie Mellon University researchers demonstrating how to de-anonymise Tor users on a budget of US$3,000 has been axed from the Black Hat USA 2014 conference in Las Vegas next month.

The talk, 'You don’t have to be the NSA to Break Tor: Deanonymizing Users on a Budget' by speakers, Alexander Volynkin and Michael McCord, from Carnegie Mellon University's Computer Emergency Response Team, had reportedly been highly anticipated by punters.

However, the talk was scrapped from the program because it had not been approved by the legal counsel with the university's Software Engineering Institute, according to a statement on the Black Hat website this week.

"Late last week, we were informed by the legal counsel for the Software Engineering Institute (SEI) and Carnegie Mellon University that: 'Unfortunately, Mr. Volynkin will not be able to speak at the conference since the materials that he would be speaking about have not yet been approved by CMU/SEI for public release'," the statement said.

The Black Hat conference, scheduled for August 6-7, is one of the longest-running security trade shows in the world.

Volynkin, a research scientist, and McCord, a software vulnerability analyst, had not revealed specifics of their proposed talk, but had released an abstract — since removed from the Black Hat website — which said that, "In this talk, we demonstrate how the distributed nature, combined with newly discovered shortcomings in design and implementation of the Tor network, can be abused to break Tor anonymity," according to a report on The Daily Dot.

The Tor Project is an independent, open-source, anonymous software and browsing network that directs traffic through its free, worldwide, volunteer network to conceal users' locations and usage from surveillance.

Tor is an acronym for 'The Onion Router', in reference to its application layers of encryption. The network's anonymity offering is known to be popular with cyber-criminals, along with legitimate users who are keen to preserve their privacy online.

According to Tor co-founder, Roger Dingledine, the organisation did not request that the Black Hat talk be scrapped, and in fact had questions for the researchers.

"We did not ask Black Hat or CERT to cancel the talk. We did (and still do) have questions for the presenter and for CERT about some aspects of the research, but we had no idea the talk would be pulled before the announcement was made,” said Dingledine, in a mailing list post on Monday.

The Tor network has reportedly been targeted by the United States National Security Agency (NSA), with at least two German Tor Directory Authority servers found to be under surveillance by the government agency earlier this month.

According to a report by German public broadcaster, ARD, leaked NSA source code indicated that the German Tor servers are just two among a number of servers that have been targeted by the NSA for surveillance, under its XKeyscore program. The code cited a number of specific IP addresses of the Tor Directory Authority.