Did the FBI Pay Carnegie-Mellon to Hack Tor?

Roger Dingledine (Americanization of the German Dingeldein) is his real name. He's not a hacker--he's a computer scientist:

Master of Engineering in Electrical Engineering and Computer Science, MIT, June 2000.
Bachelor of Science in Computer Science and Engineering, MIT, June 2000.
Bachelor of Science in Mathematics, MIT, June 2000.

Don't forget that for a long time Bobbies were unarmed.

I would guess that any encripted communication will eventually be decrypted if anyone is willing to spend enough resources to complete the task. It's just a matter of time.

I don't usually read these posts in detail, but this one definitely caught my eye. I got a notification from my computer security provider recently identifying an attempted breach of my e-mail by an entity closely affiliated with or using physical space VERY close to Carnegie Mellon University.
Now I know I am on someone's watch list (Lol), since I tend to be quite vocal on Facebook regarding the inept and wrong-headed actions of my representatives in Congress, but I certainly wasn't expecting to learn that this "delightful" group would be interested in me.
I don't think I'm into the "dark web", but ...

It is all in the digits. Anything is eventually breakable or hackable. Might as well opt for safety.

The government are forward thinking and looking for the real bad guys who are threatening our Western society, this is for real, they are not tracking the the muppet fiddling the meter.
When the bombs go off in New York and London as they did in Boston and Paris, people will ask why are we not safe? and the reason will be spy paranoia

Dear Bob

A very interesting post.

Two little problems, in the phrase:
'the flaunting of its “researchers’ guidelines” '
a) I am fairly sure you mean 'flouting' - 'ignoring, disregarding, disdaining' or 'holding in contempt', rather than 'showing off in a proud or gaudy manner' which is what is meant by 'flaunt'

b) I at first thought 'its "researchers guidelines" ' meant that TOR had actually asked CERT/SEI to study its procedures, which left me confused about who had initiated this hack. I had to read through the references you give to grasp that TOR welcomed academic research as long as it did not injure TOR's users but had in no way invited CERT/SEI to conduct the study they did.

I write this just to help - I know personally how hard it is to make one's meaning clear - at which you generally excel; and I am not asking for this to be posted.

EDITOR'S NOTE: You are quite right, thanks. I've changed my "flaunt" to a "flout." It reminds me of a favorite poem that uses the word.

"They drew a circle to keep me out.
Heretic, rebel, a thing to flout.
But Love and I had the wit to win.
We drew a circle that took them in."

I think the SEI is operated by Carnegie Mellon based on this from the FAQ page at CERT:

"How is the CERT Division related to Carnegie Mellon University? the Software Engineering Institute?
Carnegie Mellon operates the Software Engineering Institute."

I don't really care about TOR's outrage. While private and secure communications between law abiding citizens which remain free of government scrutiny could be of importance at a societal level on occasion, criminals and terrorists do not deserve such protection. TOR does no screening or vetting of participants in their open network and as such is allowing their systems to be used as a conduit for extreme antisocial behaviors which have potential for great public harm. Until TOR comes up with a method of preventing their networks from harming innocent parties, let them be hacked by the government or a third party. In addition, TORS' network admins already know they they are constantly subject to surreptitious analysis and attack on their networks, so beware TOR.

Anonymous meet TOR. TOR meet Anonymous.

Re Robert's comment about spy paranoia: just because you have nothing to hide today doesn't mean you won't be on the wrong side of an oppressive government next year.
Would you have supported McCarthyism (the witch hunt for communists in the '50s)?
Those who are willing to trade freedom for security wind up with neither.

Yes Sherman I remember McCarthyism and I take your point, its a valid one, but personally feel safer knowing that our governments are actually doing something because I have nothing to hide.

@ Sherman

The fact that leftists still try to obfuscate anout 'McCarthyism' is that, if anything, Senator McCarthy was understating the degree of soviet penetration of US (and other western) governmental and cultural institutions. After the USSR fell apart, the KGB's archives were opened up to historians and the full extent of spying and interference with policy decisions became known. Look up the 'Venona' transcripts.

I would like to respond to Robert and others who dismiss opposition to domestic spying by the NSA, FBI, and other agencies as "spy paranoia". A lot of information about someone can be obtained through scanning just the meta data of someone's activity such as the person's political beliefs, religious beliefs, etc. This surveillance program hasn't been able to prevent attacks and violates the rights of innocent everyday US Citizens who are doing nothing wrong. Just look at the Boston marathon bombers who seemed to not raise a single eyebrow within the NSA or other US agencies even though intelligence sources from Russia and other countries warned the United States to watch one of the brothers since he seemed to have Anti-American views and intentions of attacking the US in some way. Add to this, the phone calls that this person made to his mother back in Russia talking about starting a holy war in the United States should have raised eyebrows by the
US intelligence community. Right after the Boston Marathon bombings a family was terrorized by fully armed Department of Homeland Security agents who raided their house after noticing one family member looking at pressure cookers online, another family member was reading news coverage of the Boston Marathon online, and another family member was looking up backpacks online in what was described as a "perfect storm" of information
gathering. Looking up information on pressure cookers online, looking up information on backpacks online, and reading news coverage of the Boston Marathon online are perfectly legal for this family to do but because the attackers used a pressure cooker style bomb in a backpack
and decided to attack during the Boston Marathon this family was visited by DHS and treated as potential terrorists when they did nothing
wrong. Even before the Patriot Act and other mass surveillance activities the US Government had plenty of tools to find potential terrorists
planning an attack on the United States of America. For example, prior to the September 11, 2001 attacks federal agents received tips from
concerned flight instructors who told them that there were middle eastern students taking flight lessons who seemed interested in flying
airliners but didn't seem interested in taking all the classes and seemed to be taking flight lessons for smaller aircraft to learn the basics
of flying hoping they can use this information to fly much larger airliners. US and foreign intelligence obtained information that Al Qaeda had plans on carrying out some kind of attack in the United States involving hijacked airliners months before September 11, 2001. Al Qaeda also
was believed to be the mastermind behind a previous attack on the World Trade Towers in the 1990s involving truck bombs. For some reason they
never acted on this information. If you are doing nothing wrong you can still find yourself the target of law enforcement for doing things perfectly legal. For example you may go to a bar to enjoy drinks but not get intoxicated and try to drive home, you could be a designated driver for a group of friends who plan to drink, or you could be going to a bar to pick up a friend who called you for a ride home. The police can set up a license plate reading camera in bar parking lots and decide that since you were at a bar that you must be a drunk driver. Like going to a bar using TOR itself isn't illegal but the government could decide that a TOR user is doing something illegal because they are using TOR when they may be someone trying to contact the press to report corruption by the government to the press, speaking to a lawyer regarding a confidential case that the US government is a party involved in, speaking to a physician about confidential personal health information, etc. This information can easily be abused or used against someone who is doing nothing wrong.

Bob Rankin said, "Nobody really knows if the FBI, NSA, paid hackers or skilled researchers have the tools to decode encrypted messages. The fact that governments are asking for "back door" capabilities in popular encryption tools tells me the answer is no, at least for now..."
Whether the self-labeled "security community" actually owns the tools is almost beside the point-- clearly enough, the agencies already have technical means to secure access. What the NSA and others want now is legal authority to use those tools with impunity, in the name of "national security".
In 2014, when Sen. Feinstein and others on the US senate intelligence oversight committee made critical remarks about abusive US agency activity, the CIA, itself, spied on privileged communications between committee staff members-- apparently to determine what the committee had discovered, and from whom and how they had discovered it.
Conclusion-- Despite assurances from McCarthyite forum posters a "national security" rationale keeps us safe, there is little or no evidence for their claim. In contrast, violation of constitutional protections is, itself, the very erosion of a government of laws our constitution is designed to protect. After cynically trading "security" for legality, we are left with a surveillance state equal to Russia or China.