Article Lead Image

Drug case in Ireland has fingerprints of Carnegie Mellon’s attack on Tor

Did the FBI share CMU’s methods with Irish police?


Joseph Cox


Two Irish men arrested for drug charges may be the latest known case of law enforcement using Carnegie Mellon University’s sophisticated research to crack the Tor anonymity network.

At least two criminal cases rely on data that researchers at CMU’s Software Engineering Institute provided to the FBI: that of a suspected staffer to the online black market Silk Road 2.0, and an alleged pedophile. 

That list may have just expanded.

Newly released evidence shows that Irish detectives who worked the case of two convicted drug dealers may have also used data obtained through SEI’s methods.

On Monday, Neil Mannion, 34, and Richard O’Connor, 24, were jailed for possession of LSD, amphetamine, and cannabis resin with intent to supply. They were arrested back in October 2014 after a raid on a property in Dublin. 

Mannion, whom presiding Judge Martin Nolan deemed the “brains of the operation,” received six-and-half years in prison, while O’Connor received three years.

Little information is available on how these two men were caught. But according to the Irish Times, a detective working on the case told the court that Mannion was placed under surveillance “after receiving confidential information about a computer IP address.”

Interestingly, that is the same sort of information that led to the arrests of other Dark Net crime suspects. In November, legal documents revealed that a “university-based research institute” had provided IP addresses to the FBI. Experts already suspected CMU of being involved in attacks on the Tor network during January and June 2014. Shortly after the news of a research institute’s involvement broke, the Tor Project, the nonprofit that maintains the Tor software, claimed that the FBI paid researchers CMU’s SEI $1 million for the information.

Previously, the Tor browser had been widely praised as a relatively safe way for anyone to hide their Internet presence and activities. Former National Security Agency contractor Edward Snowden, who in 2013 leaked a cache of classified NSA documents to journalists while on the run from the U.S., had touted its use.

The mere presence of IP address evidence alone is not enough to link the case of Mannion with the attack on Tor over a year earlier. But other details point to the bust of the Irishmen being dependent on information obtained by CMU’s SEI.

Firstly, Mannion and O’Connor were arrested on Nov. 5, 2014, according to a database of Dark Net arrests created by independent researcher Gwern Branwen. That’s the same day that the owner of Silk Road 2.0, the replacement for the infamous drug marketplace Silk Road, was arrested. The IP addresses of Silk Road 2.0 were provided to the FBI by a “source of information,” according to a search warrant in another case impacted by the attack on Tor, which court documents later confirmed was a university-based research institute.

The shuttering of Silk Road 2.0 was part of Operation Onymous, a multi-agency effort that also seized a number of other Dark Net sites.

Brendan English, a spokesperson for the Irish police, confirmed to the Daily Dot that the arrests of Mannion and O’Connor were also part of Operation Onymous. But he said “we are not in a position to comment” when asked about where the IP addresses provided to Irish authorities came from. The FBI declined to comment.

Regardless, the FBI’s source of information also provided the agency with 78 individual IP addresses that accessed the vendor section of Silk Road 2.0, according to the same search warrant. The vendor section of the site was, naturally, only supposed to be known to, and accessed by, those selling products on the marketplace. Thus, Mannion was, presumably, a regular visitor to this section of the site, as he is a confessed Dark Net drug dealer.

Although the evidence is largely circumstantial, the most likely way Irish investigators obtained the IP address of Mannion was via the work of CMU’s SEI. But only as more information about current cases becomes available, and charges are brought forward to other individuals, can the full extent of the attack on Tor be realized.

Illustration by Jason Reed

The Daily Dot