Slashdot Mirror

← Back to Stories (view on slashdot.org)

Former Tor Developer Created Malware To Hack Tor Users For The FBI (dailydot.com)

Posted by BeauHD on from the insider-information dept.

Patrick O'Neill writes: Matt Edman is a cybersecurity expert who worked as a part-time employee at Tor Project, the nonprofit that builds Tor software and maintains the network, almost a decade ago. Since then, he's developed potent malware used by law enforcement to unmask Tor users. It's been wielded in multiple investigations by federal law-enforcement and U.S. intelligence agencies in several high-profile cases. The Tor Project has confirmed this report in a statement after being contacted by the Daily Dot, "It has come to out attention that Matt Edman, who worked with the Tor Project until 2009, subsequently was employed by a defense contractor working for the FBI to develop anti-Tor malware." Maybe Tor users will now be less likely to anonymously check Facebook each month...

31 of 72 comments (clear)

  1. Less Facebook? by Gr8Apes · · Score: 3, Insightful

    Yes, please. Anonymous or otherwise, FB needs to be removed as a main gatekeeper for the masses.

    --
    The cesspool just got a check and balance.
    1. Re:Less Facebook? by fustakrakich · · Score: 1

      Gatekeeper? What are they keeping us from?

      --
      “He’s not deformed, he’s just drunk!”
  2. Privacy by Smiddi · · Score: 1

    All your privacy are belong to us - "the" FBI

  3. Despicable traitor by ptaff · · Score: 4, Insightful

    Acting for your own paycheck instead of thinking about what's best for humanity, Matt? You're a despicable little traitor, Matt. Let's hope you like the surveillance society you contributed to, Matt, and I hope you already know you'll be stalked by the FBI for the rest of your life, Matt.

    1. Re:Despicable traitor by Anonymous Coward · · Score: 5, Interesting

      Technically, any security software should be made with the assumption, and hardened or designed against, any of it's developers working for another team. Nothing security wise can make assumptions based off human social standing.

    2. Re:Despicable traitor by TheGratefulNet · · Score: 2

      the only time I could excuse such traitorous behavior is if you had NO other choice but to go work for the enemy.

      I've been in life situations where I could not find a job (almost at that point, now, sad to say) and if I was on my last month's savings and faced homelessness, I'd do whatever I had to, to keep a roof over my head. I'm over 50 and in the software field, its now 20x as hard to get a job as it was when I was just 20 years younger. I could see myself having to take just ANYTHING to keep income flowing.

      but this guy - is he like that? is he on the 'do not hire because he's too old and expensive' list? is he of the 'wrong' race for the area of country he lives in?

      I kind of doubt that he's in my situation, having to think long and hard about taking ANY job offered, just to stay alive.

      I think of people who choose to work for evil corps as traitors (google is a shining example; google steals your info and no one knows where, exactly, it ends up). anyone working for google is helping the enemy in more ways than one. and I doubt there is a single 'hard luck case' at google who HAD to take the google job just to keep a roof over his/her head. its laughable, when you think of this example.

      but I do see people my age and of my race who simply will take any job offered since the job offers come only a handful of times a year, if even that, and the 'contract to perm' promise that is all the rage for my age group never pans out and we're always back on the job search in just a few month's time.

      my heart goes out to people like this who have no choice.

      and I dispise, deeply, those who had a choice and still chose to work for the bad guys.

      --

      --
      "It is now safe to switch off your computer."
    3. Re:Despicable traitor by inode_buddha · · Score: 1

      remember back when l0pht got bought out? Or CDC? Yeah, stuff like that is why I didn't pursue security as a career.

      --
      C|N>K
    4. Re:Despicable traitor by rmdingler · · Score: 1

      I think they worked it out in Live Free or Die Hard.

      --
      Happiness in intelligent people is the rarest thing I know.

      Ernest Hemingway

    5. Re:Despicable traitor by CaptainDork · · Score: 1

      I don't think the FBI is the big fear.

      It's a big world out there and stuff.

      --
      It little behooves the best of us to comment on the rest of us.
    6. Re:Despicable traitor by IamTheRealMike · · Score: 1

      I suspect you're overlooking a more likely possibility on the grounds that you wouldn't like it - maybe he decided to turn on Tor because he eventually realised he didn't agree with how it was being used or run. A guy with his skills could clearly get well paid work in other fields, after all.

    7. Re:Despicable traitor by DRJlaw · · Score: 1

      I think of people who choose to work for evil corps as traitors (google is a shining example; google steals your info and no one knows where, exactly, it ends up).

      You can't betray a cause that you never chose to join in the first place. Traitor is not a synonym for "people who never pretended to care about my principles."

      I could see myself having to take just ANYTHING to keep income flowing.

      Yeah... you have no business throwing stones.

      I dispise, deeply, those who had a choice and still chose to work for the bad guys.

      Well there's an inconsequential thought to start my day.

  4. Why are people willing to give up anonymity? by Anonymous Coward · · Score: 1

    Even on Slashdot, I'm startled by the people willing to give up anonymity.

    When the FBI wanted Apple to unlock the terrorist's phone, people pointed out that encryption wasn't the problem. They said that terrorists evaded detection with burner phones. The response, of course, is to require identification to use a prepaid sim card. It's trading away anonymity to retain privacy.

    I'm also disappointed at how many people would like to get rid of anonymous posting. There are people who abuse anonymity, sure, but is it worth giving up anonymity to silence trolls?

    Free speech often isn't free. The only kind of speech that needs protection is the kind of speech that offends someone. If nobody is offended, the speech won't be censored and the person speaking won't face retribution. The most threatened type of speech is the kind that benefits most from anonymity.

  5. Anonymous attack? by tezbobobo · · Score: 2, Interesting

    I wonder if he'd be less likely to continue the work is a hacker collective attacked and destroyed his personal privacy.

  6. Re:Oh please by SumDog · · Score: 2

    > Cornhusker used a Flash application to deliver a user's real Internet Protocol (IP) address to an FBI server outside the Tor network. Cornhusker—so named because the University of Nebraska's nickname is the Cornhuskers—was placed on three servers owned by Nebraska man Aaron McGrath, whose arrest sparked the the larger anti-child-exploitation operation.

    So they took control of this guy's servers somehow, and then placed a flash object on all of them. So the only people it would catch are people who proxied their standard browsers via tor or used the tor package ... and installed Flash anyway.

    This isn't .. even an exploit really. You could just put a fucking flashed based video player on a .onion and watch the logs.

  7. They would be fools not to by rmdingler · · Score: 2
    It is a pretty safe assumption that the governors have employed a crap ton of former industry specialists to their advantage in every era, and during every new wave of opportunistic technology.

    In the same vein that you have a right to employ secure encryption, the spooks have a duty to decrypt it. There really is a national security interest in this now that every nation on earth is involved in it or interested in being so.

    The trick is to constantly remind the folks with the unlimited budgets that they work for us.

    --
    Happiness in intelligent people is the rarest thing I know.

    Ernest Hemingway

  8. Compartmentalize by Anonymous Coward · · Score: 1

    Is IF/WHEN you're hired to write either ONLY interfaces OR portions of a ware (as in a subsystem) BUT NOT THE ENTIRE THING...

    * "Been there, done that" in my career & I wondered WHY things were done that way during them (& when I asked/complained since knowing the BIG PICTURE helps too? I was told I didn't need to know)...

    APK

    P.S.=> You build a piece of a larger whole but you never see the ENTIRE 'machine' (ware) @ work OR what it's for... apk

    1. Re:Compartmentalize by Anonymous Coward · · Score: 1

      No, asshole APK, you just don't work for those motherfuckers. Ever.

      I could have earned a lot more money over the last 40 decades coding for the military industrial/security complex, but I have too much self-respect. I started out during the military buildup of St. Reagan the Senile, when they were giving away massive salaries (with caviar; literally true) at the job fairs while his ilk invented the US homelessness problem to balance the budget (that they never bothered to balance).

      If you take their nickel, you're complicit. Get it?

      If that isn't clear to you, go look up "agentic state" and see if you are one of the few who can save yourself from that state. The best way is not to get there in the first place.

      "Humanity was my business!" "I wear the chain I forged in life." - Jacob Marley

  9. We are all bounty hunters now by bretts · · Score: 4, Insightful

    Whoever pays the highest rate wins our (temporary) loyalty. Welcome to society where no one agrees on a set of values.

  10. old news is old by Anonymous Coward · · Score: 1

    Tor has always been funded by the CIA/Navy.. It has been infiltrated since day 1

  11. Hang him as a traitor. by thedarb · · Score: 2

    Subject says it all.

    --
    This sig intentionally left blank.
  12. Re: Oh please by meerling · · Score: 4, Insightful

    And you're just the type of person they want to hire. Someone who believes that the ends justifies the means, just like Stalin, and Hitler, and Mao, and Pol Pot, and so many others... Sure, they were a bit more violent, but they didn't start off with murdering people they don't like in the dark, they started off by convincing people that the ends justified the means.

  13. Is Sabu still on daily dot? by zedaroca · · Score: 1

    I stopped reading the daily dot because they started paying Sabu (the anonymous snitch that put Hammond in jail). Did they kick him out? Even with adblockers I don't feel comfortable entering their domain.

    It's disgusting to see an article about a traitor in a website that has one in their payroll.

  14. Re: Oh please by Anonymous Coward · · Score: 2, Insightful

    and fucking JUDAS.

    The only way this shitstain keeps his head if I meet him is if he convinces me they were going to send his mom and sisters to federal PIMA prison if he didn't comply.

    Otherwise, there is a special circle in Hell for moral cripples like this.

    Hope those 40 pieces of silver bought you a whole lot of new shiny for your broken ego.

  15. Re:Tor users... have something to hide by CaptainDork · · Score: 1

    Said the AC.

    --
    It little behooves the best of us to comment on the rest of us.
  16. Probable Quote by ThatsNotPudding · · Score: 1

    "Yeah, it runs in the family; grandma turned in Anne Frank's family, so my decision was a no-brainer. The law is the law, you know."

  17. Former "Tox" Developer Created Malware too! by aatestaa · · Score: 1

    https://slashdot.org/submissio... https://github.com/Tox/tox.cha...

    1. Re:Former "Tox" Developer Created Malware too! by aatestaa · · Score: 1

      https://github.com/Tox/tox.cha...

  18. Despicable propaganda "story" by gweihir · · Score: 1

    First, why would any activity to break Tor cause people to use it less? Is the submitter implying that it is better to keep your mouth shut and cower in a corner? Seems to me he is.

    Second, anybody that accesses FB via Tor is already known and identified when they log in because FB knows how they are. Keeping that in mind, the last sentence of the "story" could not be any more stupid, unless the submitter is actively trying to spread fear. Again, I think he is.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  19. Re:Oh please by Dr.+Evil · · Score: 1

    "This isn't .. even an exploit really. You could just put a fucking flashed based video player on a .onion and watch the logs."

    It's entirely possible that Matt said the exact same thing to his bosses.

    It makes the ethics of what he did a bit less clear to me. He spent years telling people how to be secure on Tor, then spent a few more unmasking those who didn't listen.

  20. Re:Oh please by tlhIngan · · Score: 1

    It makes the ethics of what he did a bit less clear to me. He spent years telling people how to be secure on Tor, then spent a few more unmasking those who didn't listen.

    No, I think that's actually perfectly valid.

    Because if you want to protect your anonymity, you have to take steps to do so. Tor is not a magic bullet, it has known flaws since the beginning (e.g., exit nodes) and doing stupid things will make you readily identifiable.

    In fact, too many people are using Tor as a tool improperly - it's like using encryption improperly. You get a false sense of security when in reality you're making yourself plainly visible. Or using HTTPS and storying your passwords in plain text

    No, "just use Tor" will not make you magically anonymous, especially if you immediately go and log into Facebook and Amazon and everywhere else. But too many people believe it will and blithely continue using the 'net as if Tor magically anonymizes them.

    So demonstrating that people are stupid isn't a crime - in fact it should be published far and wide so people using it know what people can get at.

  21. Re:Oh please by bmo · · Score: 1

    This isn't .. even an exploit really. You could just put a fucking flashed based video player on a .onion and watch the logs.

    Prisons are generally full of people who aren't smart enough to cover their tracks well enough, or not run Flash.

    Catching enough low-hanging fruit as a cop makes you look efficient.

    --
    BMO