U.S. Defense Department, NSA did not get Tor user data

LAS VEGAS Wed Aug 6, 2014 10:31am IST

An illustration picture shows the logo of the U.S. National Security Agency on the display of an iPhone in Berlin, June 7, 2013. REUTERS/Pawel Kopczynski/Files

An illustration picture shows the logo of the U.S. National Security Agency on the display of an iPhone in Berlin, June 7, 2013.

Credit: Reuters/Pawel Kopczynski/Files

Related Topics

LAS VEGAS (Reuters) - The U.S. Department of Defense did not receive personal data on users of Internet privacy service Tor through a government-funded project to detect vulnerabilities, a Defense spokeswoman told Reuters on Tuesday.

"This particular project was focused on identifying vulnerabilities in Tor, not to collect data that would reveal personal identities of users," said Defense Department spokeswoman Lieutenant Colonel Valerie Henderson, adding that the National Security Agency also did not receive data.

The project was conducted by two researchers at Carnegie-Mellon University's Software Engineering Institute with funding from the Defense Department.

She did not rule out the FBI or other agencies obtaining the data. The FBI and Carnegie-Mellon declined to comment.

Funded in large part by other arms of the government, Tor hides the Internet protocol addresses of users by routing their traffic through multiple layers of volunteered servers.

In a note last week on Tor's website, Tor Project leader Roger Dingledine said the service had identified computers on its network that had been quietly altering Tor traffic for five months in an attempt to unmask users connecting to what are known as "hidden services," which include drug bazaars and whistleblower sites.

Dingledine said it was likely the attacking computers, which were removed on July 4, had operated on behalf of the Software Engineering Institute team.

He warned then that "users who operated or accessed hidden services from early February through July 4 should assume they were affected."

Dingledine said the physical locations where the hidden services were housed could have been exposed, although probably not which content was viewed by a visitor.

In an email to Reuters, Dingledine said that Carnegie-Mellon had stopped cooperating and would not share more information about the effort.

The researchers had planned to describe their work at the Black Hat security conference that begins Wednesday in Las Vegas but the university cancelled the talk amid the controversy.

(Reporting by Joseph Menn in Las Vegas; Editing by Lisa Shumaker)

FILED UNDER:

Online Shopping

An empty shopping cart is seen outside a Best Buy store in Westbury, New York November 28, 2014. REUTERS/Shannon Stapleton

BestBuy.com back online after second Black Friday outage

Best Buy Co Inc's retail website is back online after it was down for a second time on Black Friday, the busiest U.S. shopping day in terms of sales and traffic since 2005, according to ShopperTrak.  Full Article 

REUTERS SHOWCASE

Gold Imports

Gold Imports

India eases gold import rule in surprise move.  Article 

Indians in Iraq

Indians in Iraq

India says no contact with 39 men held by Islamic State in Iraq.  Full Article 

Sahara Issue

Sahara Issue

Sahara looks to raise $650 million loan to fund bail.  Full Article 

Bhopal Tragedy

Bhopal Tragedy

Bhopal's toxic legacy lives on, 30 years after industrial disaster.  Full Article 

Banking Sector

Banking Sector

After record deal, more India bank takeovers on cards  Full Article 

Islamic Fund

Islamic Fund

India gets new Islamic equity fund but debt market still off-limits  Full Article 

Cricket Tragedy

Cricket Tragedy

Clarke breaks down giving heartfelt Hughes tribute  Full Article 

Nigeria Violence

Nigeria Violence

Bombs, gunfire kill 81 at crowded mosque in Nigeria's Kano  Full Article 

Movie Review

Movie Review

D’Silva's “Ungli” just skims the surface  Full Article | Related Story 

Reuters India Mobile

Reuters India Mobile

Get the latest news on the go. Visit Reuters India on your mobile device  Full Coverage