Former Tor Developer Created Malware To Hack Tor Users For The FBI (dailydot.com) 72
Patrick O'Neill writes: Matt Edman is a cybersecurity expert who worked as a part-time employee at Tor Project, the nonprofit that builds Tor software and maintains the network, almost a decade ago. Since then, he's developed potent malware used by law enforcement to unmask Tor users. It's been wielded in multiple investigations by federal law-enforcement and U.S. intelligence agencies in several high-profile cases. The Tor Project has confirmed this report in a statement after being contacted by the Daily Dot, "It has come to out attention that Matt Edman, who worked with the Tor Project until 2009, subsequently was employed by a defense contractor working for the FBI to develop anti-Tor malware." Maybe Tor users will now be less likely to anonymously check Facebook each month...
Less Facebook? (Score:3, Insightful)
Re: (Score:1)
Gatekeeper? What are they keeping us from?
Re: (Score:3)
> Cornhusker used a Flash application to deliver a user's real Internet Protocol (IP) address to an FBI server outside the Tor network. Cornhusker—so named because the University of Nebraska's nickname is the Cornhuskers—was placed on three servers owned by Nebraska man Aaron McGrath, whose arrest sparked the the larger anti-child-exploitation operation.
So they took control of this guy's servers somehow, and then placed a flash object on all of them. So the only people it would catch are peop
Re: (Score:2)
"This isn't .. even an exploit really. You could just put a fucking flashed based video player on a .onion and watch the logs."
It's entirely possible that Matt said the exact same thing to his bosses.
It makes the ethics of what he did a bit less clear to me. He spent years telling people how to be secure on Tor, then spent a few more unmasking those who didn't listen.
Re: (Score:2)
No, I think that's actually perfectly valid.
Because if you want to protect your anonymity, you have to take steps to do so. Tor is not a magic bullet, it has known flaws since the beginning (e.g., exit nodes) and doing stupid things will make you readily identifiable.
In fact, too many people are using Tor as a tool improperly - it's like u
Re: (Score:2)
This isn't .. even an exploit really. You could just put a fucking flashed based video player on a .onion and watch the logs.
Prisons are generally full of people who aren't smart enough to cover their tracks well enough, or not run Flash.
Catching enough low-hanging fruit as a cop makes you look efficient.
--
BMO
Re: Oh please (Score:5, Insightful)
Re: (Score:2, Insightful)
and fucking JUDAS.
The only way this shitstain keeps his head if I meet him is if he convinces me they were going to send his mom and sisters to federal PIMA prison if he didn't comply.
Otherwise, there is a special circle in Hell for moral cripples like this.
Hope those 40 pieces of silver bought you a whole lot of new shiny for your broken ego.
Privacy (Score:2)
Despicable traitor (Score:5, Insightful)
Acting for your own paycheck instead of thinking about what's best for humanity, Matt? You're a despicable little traitor, Matt. Let's hope you like the surveillance society you contributed to, Matt, and I hope you already know you'll be stalked by the FBI for the rest of your life, Matt.
Re:Despicable traitor (Score:5, Interesting)
Technically, any security software should be made with the assumption, and hardened or designed against, any of it's developers working for another team. Nothing security wise can make assumptions based off human social standing.
Compartmentalize (Score:1)
Is IF/WHEN you're hired to write either ONLY interfaces OR portions of a ware (as in a subsystem) BUT NOT THE ENTIRE THING...
* "Been there, done that" in my career & I wondered WHY things were done that way during them (& when I asked/complained since knowing the BIG PICTURE helps too? I was told I didn't need to know)...
APK
P.S.=> You build a piece of a larger whole but you never see the ENTIRE 'machine' (ware) @ work OR what it's for... apk
Re: (Score:1)
No, asshole APK, you just don't work for those motherfuckers. Ever.
I could have earned a lot more money over the last 40 decades coding for the military industrial/security complex, but I have too much self-respect. I started out during the military buildup of St. Reagan the Senile, when they were giving away massive salaries (with caviar; literally true) at the job fairs while his ilk invented the US homelessness problem to balance the budget (that they never bothered to balance).
If you take their nickel,
Re: (Score:2)
Re: (Score:3)
the only time I could excuse such traitorous behavior is if you had NO other choice but to go work for the enemy.
I've been in life situations where I could not find a job (almost at that point, now, sad to say) and if I was on my last month's savings and faced homelessness, I'd do whatever I had to, to keep a roof over my head. I'm over 50 and in the software field, its now 20x as hard to get a job as it was when I was just 20 years younger. I could see myself having to take just ANYTHING to keep income f
Re: (Score:1)
remember back when l0pht got bought out? Or CDC? Yeah, stuff like that is why I didn't pursue security as a career.
Re: (Score:2)
You can't betray a cause that you never chose to join in the first place. Traitor is not a synonym for "people who never pretended to care about my principles."
Yeah... you have no business throwing stones.
old news is old (Score:1)
Tor has always been funded by the CIA/Navy.. It has been infiltrated since day 1
Re: (Score:2)
I don't think the FBI is the big fear.
It's a big world out there and stuff.
Re: (Score:2)
I suspect you're overlooking a more likely possibility on the grounds that you wouldn't like it - maybe he decided to turn on Tor because he eventually realised he didn't agree with how it was being used or run. A guy with his skills could clearly get well paid work in other fields, after all.
Why are people willing to give up anonymity? (Score:1)
Even on Slashdot, I'm startled by the people willing to give up anonymity.
When the FBI wanted Apple to unlock the terrorist's phone, people pointed out that encryption wasn't the problem. They said that terrorists evaded detection with burner phones. The response, of course, is to require identification to use a prepaid sim card. It's trading away anonymity to retain privacy.
I'm also disappointed at how many people would like to get rid of anonymous posting. There are people who abuse anonymity, sure, but i
Anonymous attack? (Score:3, Interesting)
Be careful what you ask for. (Score:1)
I wonder if he'd be less likely to continue the work is a hacker collective attacked and destroyed his personal privacy.
I wonder how difficult it would be to penetrate a Slashdot alias to make life a little more miserable for the agent provocateur.
The "hacker collective" is, by the way, widely despised beyond the inbred circles of Slashdot. When one is torpedoed the sound you are mostly to hear is applause. I don't expect that to change no matter which way the elections go this fall.
The victim of the retaliation you suggest could be drawn into something like the witness protection program. That would set a precedent that c
They would be fools not to (Score:3)
In the same vein that you have a right to employ secure encryption, the spooks have a duty to decrypt it. There really is a national security interest in this now that every nation on earth is involved in it or interested in being so.
The trick is to constantly remind the folks with the unlimited budgets that they work for us.
Re: (Score:2)
Said the AC.
We are all bounty hunters now (Score:4, Insightful)
Hang him as a traitor. (Score:3)
Subject says it all.
Is Sabu still on daily dot? (Score:2)
I stopped reading the daily dot because they started paying Sabu (the anonymous snitch that put Hammond in jail). Did they kick him out? Even with adblockers I don't feel comfortable entering their domain.
It's disgusting to see an article about a traitor in a website that has one in their payroll.
Probable Quote (Score:2)
Former "Tox" Developer Created Malware too! (Score:1)
Re: (Score:1)
Despicable propaganda "story" (Score:2)
First, why would any activity to break Tor cause people to use it less? Is the submitter implying that it is better to keep your mouth shut and cower in a corner? Seems to me he is.
Second, anybody that accesses FB via Tor is already known and identified when they log in because FB knows how they are. Keeping that in mind, the last sentence of the "story" could not be any more stupid, unless the submitter is actively trying to spread fear. Again, I think he is.