A talk elaborating on how to break Tor will not be pushing through at the Black Hat security conference scheduled next month.
Based on a study done by Carnegie Mellon University researchers Alexander Volynkin and Michael McCord, the talk was supposed to discuss how the Tor network can be broken without breaking the bank. According to the abstract that was published on the Black Hat website prior to the cancellation, it was possible for a "determined adversary" to unlock the identities of thousands of Tor users and services within the network for less than $3,000.
Straight to the point with the title "You don't have to be the NSA to Break Tor: De-Anonymizing Users on a Budget," the abstract attracted the attention of many in the communities involving security and privacy. And for good reason, as it is, breaking the Tor network is an attractive topic no matter what side of the fence you're on. Say it can be done on a budget and definitely more will be paying attention. After the scheduled appearance was cancelled, the abstract was also taken down from the Black Hat site.
The Black Hat conference is one of the longest running security trade shows as well as one of the best-attended in the world. Attorneys for Carnegie Mellon informed conference organizers that Volynkin will not be able to deliver the talk because he has not received approval from the Software Engineering Institute (SEI) or the university to publicly release information from the research.
SEI is located within Carnegie Mellon University and receives funding from the Defense Department. The institute is also in charge of CERT (previously known as the Computer Emergency Response Team) which works on major cybersecurity concerns with the Department of Homeland Security.
Tor is of interest to the Defense Department because it shelters many cybercriminals as well, aside from simply providing additional cover for anyone looking to legitimately protect their privacy on the internet. The network was developed originally by the U.S. Naval Research Laboratory but today The Tor Project is in charge of maintaining it.
Responding to inquiries if the organization had anything to do with the cancellation of the talk, The Tor Project has said it did not know of it until Black Hat made the announcement. "We did not ask Black Hat or CERT to cancel the talk. We did (and still do) have questions for the presenter and for CERT about some aspects of the research, but we had no idea the talk would be pulled before the announcement was made," assured Roger Dingledine, Tor co-founder.