We feel a bit sorry for Matt Edman at the moment.
He’s a computer scientist and security researcher currently working in the private sector, with a biography that says:
His areas of expertise include network security; penetration testing, and vulnerability assessments; secure software development and source code audits; and software analysis, reverse engineering, and exploitation. He also provides expert testimony on matters related to information and network security.
From 2009 to 2013, however, he worked in the law enforcement world as a Lead Cybersecurity Engineer for the MITRE Corporation, a US public service body that “partners with the government applying systems engineering and advanced technology to address issues of critical national importance.”
Edman was involved in the investigation into Silk Road founder and operator Ross Ulbricht, currently serving a double life sentence after being convicted on charges relating to money laundering, conspiracy, illegal drugs hacking.
According to Wired, Edman helped to piece together Ulbricht’s financial record, even though Silk Road relied on Bitcoin, the digital currency that is nearly, but not quite, anonymous and untraceable.
Apparently, during Edman’s time at MITRE, he also worked with the FBI on a child abuse case in which the suspects were using Tor to a avoid detection by the authorities.
When a Tor users visit a website, the network packets they transmit don’t give away where they came from, so there’s no IP number that law enforcement can use to trace them back to their ISP, and from their ISP to their home address
So the FBI planted a booby-trapped Flash file where suspected child abusers might load it; it seems that this file, known in the trade as Cornhusker, triggered a remote code execution (RCE) bug on the suspect’s computer, running a tiny program without popping up any warnings, and uncovering its IP address.
This didn’t introduce a deliberate hole into Flash that could be exploited later (that would be a backdoor), and it didn’t introduce any deliberate weakness into Tor.
The bug already existed in Flash, at least if the suspect hadn’t patched recently.
In fact, Flash is a browser component that Tor deliberately excludes by default because of its long association of introducing security holes.
(Indeed, we recommend turning off Flash altogether, if you can, whether you use Tor or not.)
Anyway, it turns out that, before joining MITRE, Edman worked as a programmer on the Tor project for a while.
The component Edman worked on was called Vidalia, a sort of management console that made it easier for non-technical users to get started with Tor, which was harder to get running correctly back in the late 2000s than it is today.
Vidalia has been discontinued, but Edman is nevertheless being pilloried in the media, as though he were some sort of “gamekeeper turned poacher”, and as though, having once worked on Tor, he ought to have turned his back on law enforcement for ever.
What do you think? Is Edman some sort of turncoat?
Or has he shown that you can be in favour of privacy while also supporting the uncloaking of users when investigating serious crimes?
Image of stick figures courtesy of Shutterstock.
6 comments on “Gamekeeper turns poacher? The ex-Tor developer who unmasked Tor users for the FBI”
This is exactly what i’m talking about. It is possible for law enforcement to respect people private (encrypted) data and still get the evidence they need to prosecute people for these disgusting acts of child abuse. Good for him i say!
There is no conflict of interest here. He did not compromise Tor, he used an exploit in a known security risk add-on – one you have to override Tor’s default settings to use. He just made it possible for the bad guys to expose themselves.
Definitely nothing wrong with what he’s done here, he’s just provided a new way of thinking which he could theoretically have come up with whether he had worked on TOR before or not.
Well, good luck for Edman from now on. Sometimes things happen. ???
Honestly, I am of two minds on the topic.
I often tell people specifically that I used to sleep better when I was executive director at Tor, because I figured that any KP user, first thing, was going to load up Flash and compromise their security.
On the other hand, the war correspondents and human rights workers whom I took the helm at Tor Project to help often embraced opsec with the precise discipline, method and care of a photographer caring for his/her camera lenses in a desert war zone.
People into things like KP tend to be driven more by impulse than discipline. It means that they adopt Tor like it were some sort of St Christopher’s medal for the dark web. They do not bother to RTFM. They are repeatedly caught out by LE through, effectively, SE attacks that go around Tor through flaws in their opsec.
So, in the case of the KP raid? White hat, narrow case.
But let me present this. In the general press, every KP user who uses Tor is used against Tor by the FBI, as though the project were promoting abuses of the network by criminals.
And now that one of our former staff has busted various cases, because there is an ongoing war on encryption out of the IC, this will be leveraged to further damage the reputation of encrypted communication tools.
So I put it to the audience: how do we take non-sound byte situations such as this, with C4 grade hot button topics such as kiddie porn involved, and make it clear to a wider audience that (a) this does not mean Tor is insecure; (b1) this does not mean Tor and all LE are in opposition; (b2) nor that Tor is owned by the US govt; (c) all kinds of people use Tor for privacy (more and more daily, as the world is moving…) and we need more honest and transparent dialog regarding encryption, not demonization?
Matt would not be so uncomfortable at the moment if he were not working with people who were drawing lines in the sand between him and his community.
But the FBI lies to the public regarding encryption issues, and it’s not his work as a white hat, but the full context of his work that make this delicate, don’t you think?
There’s something liberating about retirement. I am not volunteering for Tor. I am not on the board. I haven’t so much as talked to the new executive director since she came on board. I used to have to be discrete, but these days, I can speak for myself.
And my thought is, you people need to take more responsibility for where this country is heading. Hackers tend to take a near value free, sociopathic stance. But if you are anything like a white hat, you need to consider that Comey’s means do not justify the dumbing down of the public, lying to Congress, degrading our policies and legal procedures, or the degradation of our rights.
Perhaps Matt and I should be on the same side, but we can’t be while he is working for Comey, until the current war on encryption rhetoric and issues of mass surveillance, warrant delivery by email, further weakening of FISA, and other “4th branch” shenanigans run unchecked and unbalanced.
You folks are the experts, and the best potential voices for change. I can only hope a few of you will consider further action.