Tor developer helps spooks hack Tor

tor-sheepA former Tor Project developer is making a living creating malware for the Federal Bureau of Investigation that allows agents to unmask users of the anonymity software.

Matt Edman is a cybersecurity expert who worked as a part-time employee at Tor Project, the non-profit that builds Tor software and maintains the network, almost a decade ago.

Apparently he has developed some killer malware which is being used by the Untouchables to unmask Tor users. It’s been wielded in multiple investigations by federal law-enforcement and U.S. intelligence agencies in several high-profile cases.

The Tor Project has announced that it came to its attention that Matt Edman, who worked with the Tor Project until 2009, subsequently was employed by a defence contractor working for the FBI to develop anti-Tor malware.

Edman was only with Tor for a year. In 2008 he joined and worked on Vidalia, a piece of software meant to make Tor easier for normal users by implementing a simple user interface. He was a graduate student then, pursuing a Ph.D. in computer science that he would obtain in 2011 from Rensselaer Polytechnic Institute.

Of course there was a few fears that had Edman been considering his future he could have been installing backdoors into Tor. However Vidalia was the only Tor software to which Edman was able to commit changes and that software was dropped in 2013.

By 2012, Edman was working at Mitre as a senior cybersecurity engineer assigned to the FBI’s Remote Operations Unit, the bureau’s little-known internal team tapped to build or buy custom hacks and malware for spying on potential criminals. Edman became an FBI contractor tasked with hacking Tor as part of Operation Torpedo, a sting against three Dark Net child pornography sites that used Tor to cloak their owners and patrons.

At Mitre, Edman worked closely with FBI Special Agent Steven A. Smith to customize, configure, test, and deploy malware he called “Cornhusker” to collect identifying information on Tor users. More widely, it’s been known as Torsploit.

Cornhusker used a Flash application to deliver a user’s real Internet Protocol (IP) address to an FBI server outside the Tor network. The malware targeted the Flash inside the Tor Browser. The Tor Project has long warned against using Flash as unsafe but many people enough people made security mistakes and Operation Torpedo netted 19 convictions.

According to court documents, Cornhusker is no longer in use. Since then, newer FBI-funded malware has targeted a far wider scope of Tor users in the course of investigations.