Former Tor developer created malware for the FBI to hack Tor users

source: http://www.dailydot.com/politics/government-contractor-tor-malware/

How does the U.S. government beat Tor, the anonymity software used by millions of people around the world? By hiring someone with experience on the inside.

A former Tor Project developer created malware for the Federal Bureau of Investigation that allowed agents to unmask users of the anonymity software.

Matt Edman is a cybersecurity expert who worked as a part-time employee at Tor Project, the nonprofit that builds Tor software and maintains the network, almost a decade ago.

Since then, he's developed potent malware used by law enforcement to unmask Tor users. It's been wielded in multiple investigations by federal law-enforcement and U.S. intelligence agencies in several high-profile cases.

"It has come to our attention that Matt Edman, who worked with the Tor Project until 2009, subsequently was employed by a defense contractor working for the FBI to develop anti-Tor malware," the Tor Project confirmed in a statement after being contacted by the Daily Dot.

In 2008, Edman joined the Tor Project as a developer to work on Vidalia, a piece of software meant to make Tor easier for normal users by implementing a simple user interface. He was a graduate student then, pursuing a Ph.D. in computer science that he would obtain in 2011 from Rensselaer Polytechnic Institute.

The Baylor University graduate became part of the close-knit pro-privacy community, attending the developer meetings and contributing significantly to Tor's codebase. He wrote and contributed to research papers with the creators of Tor and helped other members in their work building privacy tools. According to the Tor Project, however, "Vidalia was the only Tor software to which Edman was able to commit changes."

Tor dropped Vidalia in 2013, replacing it with other tools designed to improve the user experience.

Edman joined the project the same day as Jacob Appelbaum, the hacker and journalist famous for his work with WikiLeaks and Edward Snowden, the former NSA contractor who leaked a trove of documents to the press in 2013, as well as Tor.

By 2012, Edman was working at Mitre Corporation as a senior cybersecurity engineer assigned to the FBI's Remote Operations Unit, the bureau's little-known internal team tapped to build or buy custom hacks and malware for spying on potential criminals. With an unparalleled pedigree established from his time inside the Tor Project, Edman became an FBI contractor tasked with hacking Tor as part of Operation Torpedo, a sting against three Dark Net child pornography sites that used Tor to cloak their owners and patrons.

Tor works by encrypting Internet traffic so that users can hide their identity when accessing the open and free Web. It is also used to visit Dark Net sites, like those targeted by Operation Torpedo, that are inaccessible with standard browsers. Tor is used by millions of people, including soldiers, government officials, human rights activists, and criminals. FBI agents also work closely with the Tor Project and even use the software themselves.

Tor is widely considered one of the most important and powerful Internet privacy tools ever made. The project has received the majority of its funding from the U.S. government.

"This is the U.S. government that's hacking itself, at the end of the day," ACLU technologist Chris Soghoian told the Daily Dot in a phone interview. "One arm of the U.S. government is funding this thing, the other is tasked with hacking it."

Mitre Corporation, where Edman did at least some of his work for the FBI, is a private nonprofit that makes nearly $1.5 billion annually, according to its annual reports, from its work on security with the U.S. Department of Defense and a host of other federal agencies.

Mitre occupies a paradoxical space in the cybersecurity world. It maintains the industry-standard list of Common Vulnerabilities and Exposures (CVE), meant to help share transparent security data to beat hackers across the tech world. But it's also being paid by the federal government to develop and deploy hacks.

That seeming contradiction hasn't gone unnoticed. "They're supposed to play this important and trusted role in the cybersecurity community," Sogohian said. "On the other hand they're developing malware which undermines their trusted role."

At Mitre, Edman worked closely with FBI Special Agent Steven A. Smith to customize, configure, test, and deploy malware he called "Cornhusker" to collect identifying information on Tor users. More widely, it's been known as Torsploit.

Cornhusker used a Flash application to deliver a user's real Internet Protocol (IP) address to an FBI server outside the Tor network. Cornhusker--so named because the University of Nebraska's nickname is the Cornhuskers--was placed on three servers owned by Nebraska man Aaron McGrath, whose arrest sparked the the larger anti-child-exploitation operation. The servers ran multiple anonymous child pornography websites.

The malware targeted the Flash inside the Tor Browser. The Tor Project has long warned against using Flash as unsafe but many people--including the dozens revealed in Operation Torpedo--often make security mistakes, just as they do with all types of software.

Operation Torpedo netted 19 convictions and counting, and it resulted in at least 25 de-anonymized individuals.

During the trial of Kirk Cottom, a 45-year-old from Rochester, New York, who would plead guilty to receiving and accessing with intent to view child pornography, the defense asked to see the source code--the human-readable code written by programmers that makes the software tick--behind Cornhusker. The defense wanted a look at the tool that pointed the finger at Cottom. The FBI said it lost the source code. Special Agent Smith insisted he never instructed anyone to destroy the code. The judge said the loss was "unfortunate" but "ultimately of little consequence."

According to court documents, Cornhusker is no longer in use. Since then, newer FBI-funded malware has targeted a far wider scope of Tor users in the course of investigations. Both Cornhusker and newer techniques, dubbed bulk hacking, have been criticized for their lack of congressional or public oversight.

In addition to working on Operation Torpedo, Edman also did dozens of hours of work on the federal case against Silk Road, the first major Dark Net marketplace, and its convicted creator Ross Ulbricht. According to testimony, it was Edman who did the lion's share of the job tracing $13.4 million in bitcoins from Silk Road to Ulbricht's laptop, which played a key role in Ulbricht being convicted and sentenced to two life terms in federal prison. Edman worked as a senior director at FTI Consulting at the time.

The Tor malware Edman developed in Operation Torpedo for the FBI has been used in multiple "high-profile" investigations, according to a biography of Edman.

"He has been recognized within law enforcement and the United States Intelligence Community as a subject-matter expert on cyber investigations related to anonymous communication systems, such as Tor, and virtual currencies like Bitcoin," notes his company biography for Berkley Research Group, where Edman works as director in New York. "As part of his work, he assembled and led an interdisciplinary team of researchers that developed a state-of-the-art network-investigative technique that was successfully deployed and provided critical intelligence in multiple high-profile law enforcement cyber investigations."

Edman's résumé also includes a stint as a senior vulnerability engineer at Bloomberg L.P. in New York City, where he did penetration testing of the firm's network. According to his biography, he also offers special expertise on subjects like Tor and Bitcoin.

Today, at Berkeley Research Group, Edman works next to former federal prosecutor Thomas Brown as well as three former FBI agents, all of whom worked on the Silk Road case directly with Edman: Thomas Kiernan, Ilhwan Yum, and Christopher Tarbell.

Edman did not respond to a request for comment.


Comments


[157 Points] None:

A snitch niggaaa thats the shit i don like


[67 Points] HereBeDragonsSupport:

The defense wanted a look at the tool that pointed the finger at Cottom. The FBI said it lost the source code.

Is that seriously the best excuse they could find not to hand over the code? Dem feds really know how to make a convincing story.


[22 Points] lamoustache:

Matthew Edman is also part of the FBI New York crew that busted Ross Ulbricht.

Source: http://www.thinkbrg.com/newsroom-news-cyber-security-investigations-brown.html


[17 Points] BlackGoatSemen:

BooooooQ!!!! 👎👎👎.

Fuckin traitor!! Sellout!! Jabroni!!


[9 Points] stickykitty1:

He probably thinks he's a good guy, with no idea he is working for the Empire. "I stopped child-porn, drug dealers, etc" Well if drugs were not illeagal and if there was adequate access to treatment for addictions and compulsive behaviour, then we wouldn't have to have to hide oursleves when doing things that don't harm others. Sure nail the pedos and bad actors, but if you clamp down on all privacy with draconian practices you're just going to create more criminals then you had before. IMHO.


[6 Points] TripAddict:

[deleted]


[6 Points] None:

FBI agents also work closely with the Tor Project and even use the software themselves.

Tor is widely considered one of the most important and powerful Internet privacy tools ever made. The project has received the majority of its funding from the U.S. government.

This always makes me wonder.


[6 Points] None:

Thanks for the info. Assholes. Also good to see you.

Heard anything about VJ? Did he make it to NY?


[4 Points] droppingwhen:

What an asshole.


[4 Points] AttalusPius:

Matt Edman has dedicated his life to exposing people who are are hiding their private information from the public.

Hmm, does that mean he wouldn't mind if someone returns the favor and exposes all the private information of him, his family, his friends, and his coworkers? Addresses, license plates, medical conditions, criminal histories, social security numbers, daily schedules, browser histories, etc.


[3 Points] tenderwingz:

Hmmmffffffff I smell a massacre, seems to be the only way to back these bastards up


[3 Points] wizardswrath00:

What a cocksucker. Also, an interesting factoid. Mitre Corp. is the front company that Jack Ryan did work for before working at the CIA full time in the Tom Clancy novels.


[2 Points] None:

So if I decide to deploy malware against the FBI and prove that they are using illicit measures to gather information, if they ask for the source, I lost it would suffice --- and Comey would rot in prison for decades? Seemslegit.jpg


[2 Points] Illdieforthefunk:

That son of a bitch


[2 Points] lovelylittlegangster:

PSA: Disable javascipt + all plugins (inc flash) in tor

Javascipt:

Open up tor
type "about:config" in the address bar
search for "javascript.enabled"
double click the entry to change it to "false"

Plugins (inc flash):

Open up "about:config"
Find: "plugin.scan.plid.all"
Change it to false
Next type "about:plugins" into your address bar and check no plugins are loaded

Essential information for all.


[0 Points] UDGHT:

/u/GeronimoHero this is where i am getting it from.
Flash is the "best method" where as java and javascript are secondary methods. https://www.documentcloud.org/documents/2124281-fbi-tor-busting-227-1.html


[0 Points] None:

In case you aren't aware, the FBI and CIA know EVERYTHING we do. It's a matter of hiding in plain sight, not trying to hide altogether.


[-7 Points] None:

So now we have proof that Tor is compromised... uhhhggg I mean was compromised.

Some of us here have been saying it all along but get down voted to hell because someone wants an actual source (agents).

Those who weren't agents will get your source when the secret police get you in the middle of the night.

Others... you have been warned.


[-11 Points] None:

Bitcoin = fail Tor = fail