“It has come to our attention that Matt Edman, who worked with the Tor Project until 2009, subsequently was employed by a defense contractor working for the FBI to develop anti-Tor malware,” Tor confirmed in a statement to The DailyDot.
Edman got with the Tor Project in 2008 to work on software meant to make Tor easier for normal users, called Vidalia. Edman started as a graduate student while he worked for Tor, and was working towards his Ph. D. in computer science.
Upon graduation from Baylor University Matt became part of a pro privacy community, and attended developer meetings, and continued to contribute to the development and progress of Vidalia. According to Tor, “Vidalia was the only Tor software to which Edman was able to commit changes.”
Tor stopped Vidalia in 2013. It was replaced by other tools designed to make user experience easier. Matt Edman and Jacob Appelbaum joined the Tor Project the same day. Appelbaum was a hacker and journalist famous for his work with WikiLeaks and Edward Snowden.
Edman starting working at Mitre Corp. in 2012 as a senior cybersecurity engineer assigned to the Remote Operations Unit of the FBI to build or buy custom hacks and malware for spying on potential criminals. With skills that outmatched any of the competition he built working with Tor, Edman became a contractor with the FBI; who made him a key operative in Operation Torpedo which was established to hack three dark net child porn sites.
“This is the U.S. government thats hacking itself, at the end of the day,” ACLU technologist Chris Soghoian told the DailyDot in a phone interview. “One arm of the U.S. government is funding this thing, and the other is tasked with hacking it.”
“They’re supposed to play this important and trusted role in the cybersecurity community,” Sogohain said.”On the other hand they’re developing malware which undermines their trusted role.”
During his time at Mitre, Edman worked alongside Special Agent for the FBI Steven A. Smith. They customized, tested, and fine-tuned malware they refered to as “Cornhusker”. Its main duty was to collect information to help identify users of Tor. While commonly known as a “Torsploit”. Cornhusker utilized a flash application to obtain users actual I.P. address so the FBI could track and trace users of the three sites they were targeting.
Cornhusker got its name due to the University of Nebraska’s nickname being the cornhuskers and was placed on three servers owned by Aaron McGrath of Nebraska whose arrest sparked a larger anti-child exploitation operation. The three servers were known to run multiple anonymous child porn sites.
Cornhusker targeted the Flash Player built inside the Tor Browser; which Tor has warned about using flash inside the Tor Browser because its unsafe. Apparently this warning isn’t heeded by Tor users.
Operation Torpedo landed 19 convictions so far, and resulted in at least 25 de-anonymized users. At his trial, a 45 year old New York man plead guilty to receiving and having accessed one or multiple sites to view child porn. The defense attorneys asked to see the source code of cornhusker, which the FBI kindly replied that they lost it. Special Agent Smith insisted he never gave instruction to anyone to destroy the code. Fortunately for the FBI, the judge who presided over the case ruled the loss of the code unfortunate, but also said it was of little matter to the courts.
Since the retirement of cornhusker, the FBI has put newer, FBI funded malware into use targeting a wider scope of Tor users in they’re investigations.
Edman also helped the FBI work on the case against Silk Road, and the conviction of Ross Ulbricht. The testimony in the Silk Road case stated that it was Edman who did the majority of the work tracing the 13.4 million in BTC from Silk Road to Ulbricht’s laptop.
“He has been recognized within law enforcement and the United States Intelligence Community as a subject matter expert on cyber investigations related to anonymous communication systems, such as Tor, and virtual currencies like Bitcoin. As part of his work, he assembled and led an interdisciplinary team of researchers that developed a state of the art network investigative technique that was successfully deployed and provided critical intelligence in multiple high profile law enforcement cyber investigations,” notes his company biography for Berkley Research Group.
My apologies to Patrick Howell O’Neil, who originally wrote this article.