Part of the allure of the Black Hat USA security conference is hackers talking about and demonstrating dangerous things. Over the years, however, the conference has faced more than its fair share of controversy with vendor threats and pulled talks, and the upcoming 2014 event that gets started on Aug. 2 will be no exception.
A talk scheduled for the Black Hat USA 2014 event on the Tor anonymous network has been pulled from the conference. The talk, titled “You Don’t Have to Be the NSA to Break Tor: Deanonymizing Users on a Budget,” was set to be delivered by CERT/Carnegie Mellon researcher Alexander Volynkin.
In a statement, the Black Hat conference noted that it was informed by the legal counsel for the Software Engineering Institute (SEI) and Carnegie Mellon University that the Tor talk needed to be pulled.
“Unfortunately, Mr. Volynkin will not be able to speak at the conference since the materials that he would be speaking about have not yet been approved by CMU/SEI for public release,” Black Hat noted in its statement.
For its part, the Tor Project is claiming that it did not ask for the talk to be pulled from the Black Hat event. Roger Dingledine, one of the original developers of Tor, stated in a Tor mailing list posting that the project had questions for the CERT and Volynkin about his presentation.
“We did (and still do) have questions for the presenter and for CERT about some aspects of the research, but we had no idea the talk would be pulled before the announcement was made,” Dingledine wrote.
Dingledine added that the Tor Project was informally shown some materials from the talk but did not receive any slides on what would actually be presented. Overall, Dingledine stressed that the Tor Project encourages researchers to work with them to help find and disclose attacks about the network.
“Researchers who have told us about bugs in the past have found us pretty helpful in fixing issues, and generally positive to work with,” Dingledine wrote.
Not all researchers publicly disclose flaws to Tor. Among them is the U.S National Security Agency (NSA), which allegedly has been trying to find its way into the Tor network. In October 2013, documents from NSA whistleblower Edward Snowden revealed that the NSA is targeting Tor and has efforts under way to try to deanonymize users.
The Tor talk cancellation at Black Hat 2014 is the latest in a list of sessions that have been canceled at the security event over the years. Back in 2005, Cisco filed a lawsuit against security researcher Michael Lynn to prevent him from presenting research at Black Hat. In 2009, Juniper Networks pulled a talk from researcher Barnaby Jack on hacking into ATMs. Jack ended up presenting his ATM talk in 2010.
Also in 2010, a talk was pulled that was intended to shed light on China’s cyber-army. In 2014, information on the Chinese Army’s participation in cyber-espionage is already well-known, with the U.S Justice Department recently announcing an indictment against five members of the Chinese People’s Liberation Army (PLA).
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.