Black Hat presentation on Tor suddenly cancelled

The presentation revolved around a low-budget method to de-anonymize users of the privacy tool

A presentation on a low-budget method to unmask users of a popular online privacy tool, Tor, will no longer go ahead at the Black Hat security conference early next month.

The talk was nixed by the legal counsel with Carnegie Mellon's Software Engineering Institute after a finding that materials from researcher Alexander Volynkin were not approved for public release, according to a notice on the conference's website.

[ It's time to rethink security. Two former CIOs show you how to rethink your security strategy for today's world. Bonus: Available in PDF and e-book versions. | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. ]

It's rare but not unprecedented for Black Hat presentations to be cancelled. It was not clear why lawyers felt Volynkin's presentation should not proceed.

Volynkin, a research scientist with the university's Computer Emergency Response Team (CERT) was due to give a talk entitled "You Don't Have to be the NSA to Break Tor: Deanonymizing Users on a Budget" at the conference, which take places Aug. 6-7 in Last Vegas.

Tor was previously an acronym for The Onion Router, which is a network of distributed nodes that provide greater privacy by encrypting a person's browsing traffic and routing that traffic through random proxy servers. Although originally developed by the U.S. Naval Research LaboraTory, it is now maintained by The Tor Project.

Tor is widely used by both cyber criminals and those with legitimate interests in preserving their anonymity, such as dissidents and journalists. Although Tor masks a computer's true IP address, advanced attacks have been developed that undermine its effectiveness.

Some of Volynkin's materials were informally shared with The Tor Project, a nonprofit group that oversees the Tor, wrote Roger Dingledine, a co-founder of the organization, in mailing list post on Monday.

The Tor Project did not request the talk to be canceled, Dingledine wrote. Also, the group has not received slides or descriptions of Volynkin's talk that go beyond an abstract that has now been deleted from Black Hat's website.

Dingledine wrote that The Tor Project is working with CERT to do a coordinated disclosure around Volynkin's findings, possibly later this week. In general, the group encourages researchers to responsibly disclose information about new attacks.

"Researchers who have told us about bugs in the past have found us pretty helpful in fixing issues and generally positive to work with," Dingledine wrote.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

From CIO: 8 Free Online Courses to Grow Your Tech Skills
Join the discussion
Be the first to comment on this article. Our Commenting Policies