A developer of the Tor software has been exposed for creating malware for the FBI to help the agency spy on users of the supposedly anonymous tool for internet browsing and communication.
Matt Edman, a cybersecurity expert who worked for the nonprofit privacy project in 2008 and 2009, “contributed significantly to Tor’s codebase” before creating software for the FBI, according to Daily Dot.
The open-source software encrypts internet traffic and sends it through thousands of servers before reaching its destination. It has been a key component of the ‘dark web’ used by millions, ranging from human rights agencies, the military and journalists to drug dealers and creators of child pornography.
Tor Project confirmed the news in a statement to Daily Dot: “It has come to our attention that Matt Edman, who worked with the Tor Project until 2009, subsequently was employed by a defense contractor working for the FBI to develop anti-Tor malware.”
Tor replaced the Vidalia software that Edman was hired to work on in 2013.
Edman worked for defense contractor Mitre Corporation in 2012 and was assigned to the FBI’s Remote Operations Unit, which builds and buys hacks while operating inside the Operational Technology Division.
The Daily Dot reports that the private company makes close to $1.5 billion from the US Department of Defense each year.
Edman hacked Tor as an FBI contractor under Operation Torpedo, which targeted users of child porn web-sites. In 2014, Wired reported on their use of ‘drive-by’ or ‘watering hole’ tactics that infiltrate web users by hiding malware on a site and infecting the computer of anyone who visits it.
He also created Torsploit, also known as the Cornhusker malware, which allowed FBI agents to identify the real IP addresses of Tor users using a Flash application.
While the global consensus is generally in support of such tools to catch consumers of child pornography, the ability to crackdown on political dissidents and low-level drug users who no longer need to buy on the street continues to face major opposition.
Watering hole and drive-by infiltration also affects journalists and researchers who may visit targeted sites for legitimate reasons but become infected with the malware.
After Mitre, Edman worked for FTI Consulting, where he helped trace millions of bitcoins to Silk Road creator Ross Ulbricht. Secret Service agent Shaun Bridges, who was involved in the Ulbricht investigation, was sentenced to 71 months in prison for stealing more than $800,000 worth of the cryptocurrency.