Home » Articles » Former Tor Dev. Turned Government Contractor behind Tor Malware
Click Here To Hide Tor

Former Tor Dev. Turned Government Contractor behind Tor Malware

As it was originally published by Patrick Howell O’Neil on The Daily Dot. Matt Edman is a cyber security expert who went from helping develop The Tor Project, to helping the FBI hack The Tor Project.

“It has come to our attention that Matt Edman, who worked with the Tor Project until 2009, subsequently was employed by a defense contractor working for the FBI to develop anti-Tor malware,” Tor confirmed in a statement to The DailyDot.


Edman got with the Tor Project in 2008 to work on software meant to make Tor easier for normal users, called Vidalia. Edman started as a graduate student while he worked for Tor, and was working towards his Ph. D. in computer science.

Upon graduation from Baylor University Matt became part of a pro privacy community, and attended developer meetings, and continued to contribute to the development and progress of Vidalia. According to Tor, “Vidalia was the only Tor software to which Edman was able to commit changes.”

Tor stopped Vidalia in 2013. It was replaced by other tools designed to make user experience easier. Matt Edman and Jacob Appelbaum joined the Tor Project the same day. Appelbaum was a hacker and journalist famous for his work with WikiLeaks and Edward Snowden.

Edman starting working at Mitre Corp. in 2012 as a senior cybersecurity engineer assigned to the Remote Operations Unit of the FBI to build or buy custom hacks and malware for spying on potential criminals. With skills that outmatched any of the competition he built working with Tor, Edman became  a contractor with the FBI; who made him a key operative in Operation Torpedo which was established to hack three dark net child porn sites.

“This is the U.S. government thats hacking itself, at the end of the day,” ACLU technologist Chris Soghoian told the DailyDot in a phone interview. “One arm of the U.S. government is funding this thing, and the other is tasked with hacking it.”

“They’re supposed to play this important and trusted role in the cybersecurity community,” Sogohain said.”On the other hand they’re developing malware which undermines their trusted role.”

During his time at Mitre, Edman worked alongside Special Agent for the FBI Steven A. Smith. They customized, tested, and fine-tuned malware they refered to as “Cornhusker”. Its main duty was to collect information to help identify users of Tor. While commonly known as a “Torsploit”. Cornhusker utilized a flash application to obtain users actual I.P. address so the FBI could track and trace users of the three sites they were targeting.

Cornhusker got its name due to the University of Nebraska’s nickname being the cornhuskers and was placed on three servers owned by Aaron McGrath of Nebraska whose arrest sparked a larger anti-child exploitation operation. The three servers were known to run multiple anonymous child porn sites.

Cornhusker targeted the Flash Player built inside the Tor Browser; which Tor has warned about using flash inside the Tor Browser because its unsafe. Apparently this warning isn’t heeded by Tor users.

Operation Torpedo landed 19 convictions so far, and resulted in at least 25 de-anonymized users. At his trial, a 45 year old New York man plead guilty to receiving and having accessed one or multiple sites to view child porn. The defense attorneys asked to see the source code of cornhusker, which the FBI kindly replied that they lost it. Special Agent Smith insisted he never gave instruction to anyone to destroy the code. Fortunately for the FBI, the judge who presided over the case ruled the loss of the code unfortunate, but also said it was of little matter to the courts.

Since the retirement of cornhusker, the FBI has put newer, FBI funded malware into use targeting a wider scope of Tor users in they’re investigations.

Edman also helped the FBI work on the case against Silk Road, and the conviction of Ross Ulbricht. The testimony in the Silk Road case stated that it was Edman who did the majority of the work tracing the 13.4 million in BTC from Silk Road to Ulbricht’s laptop.

“He has been recognized within law enforcement and the United States Intelligence Community as a subject matter expert on cyber investigations related to anonymous communication systems, such as Tor, and virtual currencies like Bitcoin. As part of his work, he assembled and led an interdisciplinary team of researchers that developed a state of the art network investigative technique that was successfully deployed and provided critical intelligence in multiple high profile law enforcement cyber investigations,” notes his company biography for Berkley Research Group.

My apologies to  Patrick Howell O’Neil, who originally wrote this article.


  1. What a scumbag hope his wife had a miscarriage.

  2. They call the latest tor malware cornhole since that is what they are doing to people.
    Matt Doucheman should include on his resume: plays both sides, open to the highest bidder, questionable morality.

  3. All the fuckhead has done is to make Tor stronger; this website is a testimony to his work. Yes, Flash is unsafe; we all KNEW that, and we have ALWAYS known that! And, the flash exploit has only been successful against Windows machines using JavaScript, not Debian Linux, the O/S used in Tails. So, here’s the rub:

    1) Use public, anonymous Wi-Fi, Goddammit! You need this “last hop” to keep you safe against a zero-day exploit. Also, use Tor bridges and spoof your MAC address! After all, what’s a few extra minutes (or, even hours) versus a few decades?

    2) Use Tails, or at least a Linux-based O/S. Windows is a “big, big NO, NO!” It’s worse than a leaky sieve and it CAN NOT be trusted, ever!

    3) Use TrueCrypt; it works, even in Tails. Just see their documentation. Use the triple-cascading algorithm and store it in a Tails persistent storage. Keyfiles are an absolute must; keep them on the hard drive of the machine (preferably, a tablet with a screen shield to keep “prying eyes” from looking at your screen) that you are using. Just set an Admin password to access them, which you will need anyway to mount your TrueCrypt volume!

    4) Choose LONG passphrases, easy for you to remember, impossible for others to guess! At least 25 to 50 characters, which means throwing in some “garbage” (Upper & lower case letters, numbers, punctuation & special characters); a sequence of 8 characters of pure nonsense, along with keyfiles, is sure to make your passphrase uncrackable against a brue-force attack!

    5) If you are going to run a hidden server, run it OUTSIDE of the United States and Europe; countries in Africa, southeast Asia, or, perhaps, India, seem to be good choices.

    6) Don’t dox yourselves!! Goes without saying; use translator software (translated your language into another and then back, vary here and there with different languages.) Keep your online presence to an absolute minimum; make some “off the cuff” remarks that you would only hear in a country other than your own from time to time.

    7) Keep your mouth shut!! Goes without saying; how many individuals end-up in jail out of confessing to a crime for which they have not yet even been charged?! “Silence is golden”.

    8) Use the highest security settings available in the Tor Browser, even if you are using Tails. Disable JavaScript completely and check every security box provided.

    9) Encrypt & spoof! Goes without saying; if you are raided, give the TLA/LE a few dozen to over a hundred “choices” as to what they are going to try to hack. So, create some bogus TrueCrypt containers which have passphrases that are complete gobbledygook. Maybe have a single text file stored in them with a “fun & entertaining” message if they are ever cracked!

    Stay smart, stay safe!!!

  4. It’s great that he used his skills to take down child porn websites, but what else was that malware used for? Taking down political opponents? Whistleblowers? Where do they draw the line?

    He has no loyalty to any side, I reckon if another party paid him more than the FBI he would switch sides without a heartbeat.

Leave a Reply

Your email address will not be published. Required fields are marked *


Captcha: *