Jump to content

Former Tor Developer Helped the FBI by Creating Malware to Go After Tor Users


Recommended Posts

Edman helped bring down Silk Road and other Dark Web scum


 Matthew Edman

Matthew Edman, a former core developer on the Tor Project, has helped the FBI after leaving the non-profit by creating the Torsploit malware used to deanonymize users of the Tor network, the Daily Dot reported yesterday.

Edman joined the Tor Project in 2008 while a student at the Baylor University. He was assigned to work on Vidalia, a now defunct project that was a simple GUI that allowed users to deploy and manage Tor connections on their computer.

Tor leadership stopped working on Vidalia in 2013, but by that time, Edman had already started working for the Mitre Corporation as a senior cyber-security engineer.

Unknown to many is the fact that the Mitre Corporation, the entity that manages the Common Vulnerabilities and Exposures (CVE) database, is also a full-blown cyber-security and defense contractor, having an annual turnaround of nearly $1.5 billion, mostly from government contracts.

Edman created the Torsploit malware

During this time, Edman created the Torsploit (also known as Cornhusker malware) in collaboration with several FBI agents.

The FBI used this malware in the infamous Operation Torpedo sting, during which it deployed Torsploit on a Dark Web child pornography portal.

FBI agents packed Edman's malware inside a Flash file placed on the site. If users accessing the site had Flash enabled in their Tor Browser, the malware would detect the user's real IP address, and send it to FBI servers along with a timestamp.

The FBI used this information to deanonymize 25 suspects and convicted 19 of those people (until now). Since then, the FBI moved on to using other malware, and many even suspect the FBI secretly using an exploit in the Tor Browser itself, one that could also work in Firefox browsers.

The FBI "lost" the Torsploit source code

Controversy ensued when one of the Dark Web suspects wanted his lawyers and technical experts to have a look at Torsploit so they could validate its mode of operation and accuracy.

The FBI's answer was similar to a fourth grader saying the dog ate his homework. FBI officials simply stated that they've lost the source code.

Edman's collaboration with the FBI continued, and he's been credited with helping the Bureau bring down the Silk Road marketplace, where it's been said that Edman had a key role, especially in tracking down Ross Ulbricht's Dark Web and Bitcoin transactions.

In the past few years, Edman joined Bloomberg, FTI Consulting, and is now a key executive at the Berkeley Research Group, where he works alongside three former FBI agents and a former federal prosecutor, all that worked on the Silk Road case as well.

Article source

Link to comment
Share on other sites

  • 2 weeks later...
  • Replies 4
  • Views 576
  • Created
  • Last Reply

Ever since the Silk Road platform was shut down by law enforcement, people have been wondering if the Tor network was as secure as it is touted to be. As it turns out, a former part-time Tor Project developer helped the FBI in developing the Torsploit malware.





Matthew Edman And FBI Develop Torsploit





Anonymity software has been a thorn in the eye for law enforcement officials for years now, as these tools are often associated with illegal activities on the internet. Tor, one of the most commonly used forms of anonymity software, allows users to hide their real IP addresses and preserve anonymity on the World Wide Web.


But at the same time, Tor has received a lot of attention from law enforcement. Earlier this year, a judge ruled that the FBI and Carnegie Mellon University worked together in actively breaching the Tor protocol to identify Internet criminals. This shed a whole new light on the anonymity software, as there is very little point in using this software if law enforcement agencies have a backdoor somewhere.


Whether or not that is the case remains a mystery. But that hasn’t kept the FBI from trying alternative solutions to identify Tor users. One of those examples comes in the form of Torsploit, a piece of malware that has effectively aided law enforcement in deanonymizing Tor users and tracking their real IP addresses.


Creating such a malware solution for Tor is not an easy feat, and it turns out one of the former project developers is partially responsible for the creation of Torsploit. After leaving the Tor team in 2009, Matthew Edman was contacted by a defense contractor who worked for the FBI. The purpose of this engagement was to come up with an anti-Tor malware solution.


Matthew Edman also aided in contributing to research papers co-created with the Tor developers, and he helped other members build privacy tools. Moreover, he was one of the lead developers on Vidalia, a project which was put on ice by the Tor leadership in 2013, and later on replaced with other tools for improving overall user experience.


People who have been following security blogs over the past few years may remember the Operation Torpedo sting by the FBI. During this process, law enforcement agents made use of the Torsploit malware to identify deep web users. Additionally, Torsploit also made an appearance during the investigation of a deep web portal offering child pornography.


This malware was deployed through malicious websites showing a Flash video. Users who had Flash enabled in the Tor browser would then be subject to having their real IP address revealed. That information would be forwarded to a server controlled by the FBI, along with a timestamp showing when the site was accessed.


Torsploit has been quite a success for the FBI so far. The Bureau was able to reveal identities of 25 suspects with this malware, 19 of which have been convicted as of press time. This is not the only type of malware deployed by the FBI either, although no official details have been confirmed at this time.


It hardly comes as a surprise to know the FBI does not officially acknowledge their use of Torsploit, claiming how they “lost the source code.” But that hasn’t kept Matthew Edman from continuing his work for the Bureau, according to Darkweb News. In fact, Edman was instrumental in bringing down Silk Road in 2013, as people feel he was responsible for tracing the bitcoin transactions of Ross Ulbricht.


Sources : Darkweb News And  BitCoin.com

Link to comment
Share on other sites


This is actually old news.  Edman started with Mitre in 2012 which had a government contract and started writing the torspolit them.  Tidbits that could be pieced together from public information at the time indicated that something of this nature was occurring, especially because of his previous connection with Vidalia.

Link to comment
Share on other sites

1 hour ago, straycat19 said:

This is actually old news.  Edman started with Mitre in 2012 which had a government contract and started writing the torspolit them.  Tidbits that could be pieced together from public information at the time indicated that something of this nature was occurring, especially because of his previous connection with Vidalia.

Its not old news that he still works for the FBI today people need too know that  they have a tor developer  working for them still making exploits hes still on there payroll . This is one reason I dont trust software from the USA ,  Any little hole left open there's more room for attackers be it Govt.  or independent ones. the more stuff you install and dont block from calling home the more chance  of being attacked  And most everyone uses unsecured web browsers with all kinds of back door holes in them . HTMl5 uses Canvas fingerprinting its a spy too also WebRTC is too  and there's some known spies in  all versions of chrome and the newest  Firefox versions that cause you to score low on anonymity test  and no way to plug them..  And the masses are drinking the koolaid and saying golly gee lets use it because its popular . :P


CNN  just posted about it in Jan 2016 too



Its the Governments fault that malware is used to exploit flash , Just like most exploits were written for the government when they paid hackers to exploit IOS. Now India hacked it now everyone is hacking IOS  . Now there switching flash ads over HTMl5 witch is a spy  and flash ads you can just disable flash and turn flash ads off   and there's noway to turn HTMl5  off  .  Another thing Google is pushing for uncle sam to spy on us  :)


I found the topic already posted and reported it


Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...