Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Government Security Software Privacy United States News Technology Your Rights Online

Former Tor Developer Created Malware To Hack Tor Users For The FBI (dailydot.com) 72

Patrick O'Neill writes: Matt Edman is a cybersecurity expert who worked as a part-time employee at Tor Project, the nonprofit that builds Tor software and maintains the network, almost a decade ago. Since then, he's developed potent malware used by law enforcement to unmask Tor users. It's been wielded in multiple investigations by federal law-enforcement and U.S. intelligence agencies in several high-profile cases. The Tor Project has confirmed this report in a statement after being contacted by the Daily Dot, "It has come to out attention that Matt Edman, who worked with the Tor Project until 2009, subsequently was employed by a defense contractor working for the FBI to develop anti-Tor malware." Maybe Tor users will now be less likely to anonymously check Facebook each month...
This discussion has been archived. No new comments can be posted.

Former Tor Developer Created Malware To Hack Tor Users For The FBI

Comments Filter:
  • Less Facebook? (Score:3, Insightful)

    by Gr8Apes ( 679165 ) on Wednesday April 27, 2016 @05:56PM (#52001085)
    Yes, please. Anonymous or otherwise, FB needs to be removed as a main gatekeeper for the masses.
  • All your privacy are belong to us - "the" FBI
  • Despicable traitor (Score:5, Insightful)

    by ptaff ( 165113 ) on Wednesday April 27, 2016 @06:05PM (#52001133) Homepage

    Acting for your own paycheck instead of thinking about what's best for humanity, Matt? You're a despicable little traitor, Matt. Let's hope you like the surveillance society you contributed to, Matt, and I hope you already know you'll be stalked by the FBI for the rest of your life, Matt.

    • by Anonymous Coward on Wednesday April 27, 2016 @06:12PM (#52001183)

      Technically, any security software should be made with the assumption, and hardened or designed against, any of it's developers working for another team. Nothing security wise can make assumptions based off human social standing.

      • by Anonymous Coward

        Is IF/WHEN you're hired to write either ONLY interfaces OR portions of a ware (as in a subsystem) BUT NOT THE ENTIRE THING...

        * "Been there, done that" in my career & I wondered WHY things were done that way during them (& when I asked/complained since knowing the BIG PICTURE helps too? I was told I didn't need to know)...

        APK

        P.S.=> You build a piece of a larger whole but you never see the ENTIRE 'machine' (ware) @ work OR what it's for... apk

        • by Anonymous Coward

          No, asshole APK, you just don't work for those motherfuckers. Ever.

          I could have earned a lot more money over the last 40 decades coding for the military industrial/security complex, but I have too much self-respect. I started out during the military buildup of St. Reagan the Senile, when they were giving away massive salaries (with caviar; literally true) at the job fairs while his ilk invented the US homelessness problem to balance the budget (that they never bothered to balance).

          If you take their nickel,

      • I think they worked it out in Live Free or Die Hard.
    • the only time I could excuse such traitorous behavior is if you had NO other choice but to go work for the enemy.

      I've been in life situations where I could not find a job (almost at that point, now, sad to say) and if I was on my last month's savings and faced homelessness, I'd do whatever I had to, to keep a roof over my head. I'm over 50 and in the software field, its now 20x as hard to get a job as it was when I was just 20 years younger. I could see myself having to take just ANYTHING to keep income f

      • remember back when l0pht got bought out? Or CDC? Yeah, stuff like that is why I didn't pursue security as a career.

      • by DRJlaw ( 946416 )

        I think of people who choose to work for evil corps as traitors (google is a shining example; google steals your info and no one knows where, exactly, it ends up).

        You can't betray a cause that you never chose to join in the first place. Traitor is not a synonym for "people who never pretended to care about my principles."

        I could see myself having to take just ANYTHING to keep income flowing.

        Yeah... you have no business throwing stones.

        I dispise, deeply, those who had a choice and still chose to work for t

    • by Anonymous Coward

      Tor has always been funded by the CIA/Navy.. It has been infiltrated since day 1

    • I don't think the FBI is the big fear.

      It's a big world out there and stuff.

    • I suspect you're overlooking a more likely possibility on the grounds that you wouldn't like it - maybe he decided to turn on Tor because he eventually realised he didn't agree with how it was being used or run. A guy with his skills could clearly get well paid work in other fields, after all.

  • Even on Slashdot, I'm startled by the people willing to give up anonymity.

    When the FBI wanted Apple to unlock the terrorist's phone, people pointed out that encryption wasn't the problem. They said that terrorists evaded detection with burner phones. The response, of course, is to require identification to use a prepaid sim card. It's trading away anonymity to retain privacy.

    I'm also disappointed at how many people would like to get rid of anonymous posting. There are people who abuse anonymity, sure, but i

  • Anonymous attack? (Score:3, Interesting)

    by tezbobobo ( 879983 ) on Wednesday April 27, 2016 @06:11PM (#52001173) Homepage Journal
    I wonder if he'd be less likely to continue the work is a hacker collective attacked and destroyed his personal privacy.
    • I wonder if he'd be less likely to continue the work is a hacker collective attacked and destroyed his personal privacy.

      I wonder how difficult it would be to penetrate a Slashdot alias to make life a little more miserable for the agent provocateur.

      The "hacker collective" is, by the way, widely despised beyond the inbred circles of Slashdot. When one is torpedoed the sound you are mostly to hear is applause. I don't expect that to change no matter which way the elections go this fall.

      The victim of the retaliation you suggest could be drawn into something like the witness protection program. That would set a precedent that c

  • by rmdingler ( 1955220 ) on Wednesday April 27, 2016 @06:21PM (#52001237) Journal
    It is a pretty safe assumption that the governors have employed a crap ton of former industry specialists to their advantage in every era, and during every new wave of opportunistic technology.

    In the same vein that you have a right to employ secure encryption, the spooks have a duty to decrypt it. There really is a national security interest in this now that every nation on earth is involved in it or interested in being so.

    The trick is to constantly remind the folks with the unlimited budgets that they work for us.

  • by bretts ( 2480008 ) on Wednesday April 27, 2016 @06:48PM (#52001361)
    Whoever pays the highest rate wins our (temporary) loyalty. Welcome to society where no one agrees on a set of values.
  • by thedarb ( 181754 ) on Wednesday April 27, 2016 @07:18PM (#52001497)

    Subject says it all.

  • I stopped reading the daily dot because they started paying Sabu (the anonymous snitch that put Hammond in jail). Did they kick him out? Even with adblockers I don't feel comfortable entering their domain.

    It's disgusting to see an article about a traitor in a website that has one in their payroll.

  • "Yeah, it runs in the family; grandma turned in Anne Frank's family, so my decision was a no-brainer. The law is the law, you know."
  • First, why would any activity to break Tor cause people to use it less? Is the submitter implying that it is better to keep your mouth shut and cower in a corner? Seems to me he is.

    Second, anybody that accesses FB via Tor is already known and identified when they log in because FB knows how they are. Keeping that in mind, the last sentence of the "story" could not be any more stupid, unless the submitter is actively trying to spread fear. Again, I think he is.

Don't tell me how hard you work. Tell me how much you get done. -- James J. Ling

Working...