Gamekeeper turns poacher? The ex-Tor developer who unmasked Tor users for the FBI

We feel a bit sorry for Matt Edman at the moment.

He’s a computer scientist and security researcher currently working in the private sector, with a biography that says:

His areas of expertise include network security; penetration testing, and vulnerability assessments; secure software development and source code audits; and software analysis, reverse engineering, and exploitation. He also provides expert testimony on matters related to information and network security.

From 2009 to 2013, however, he worked in the law enforcement world as a Lead Cybersecurity Engineer for the MITRE Corporation, a US public service body that “partners with the government applying systems engineering and advanced technology to address issues of critical national importance.”

Edman was involved in the investigation into Silk Road founder and operator Ross Ulbricht, currently serving a double life sentence after being convicted on charges relating to money laundering, conspiracy, illegal drugs hacking.

According to Wired, Edman helped to piece together Ulbricht’s financial record, even though Silk Road relied on Bitcoin, the digital currency that is nearly, but not quite, anonymous and untraceable.

Apparently, during Edman’s time at MITRE, he also worked with the FBI on a child abuse case in which the suspects were using Tor to a avoid detection by the authorities.

When a Tor users visit a website, the network packets they transmit don’t give away where they came from, so there’s no IP number that law enforcement can use to trace them back to their ISP, and from their ISP to their home address

So the FBI planted a booby-trapped Flash file where suspected child abusers might load it; it seems that this file, known in the trade as Cornhusker, triggered a remote code execution (RCE) bug on the suspect’s computer, running a tiny program without popping up any warnings, and uncovering its IP address.

This didn’t introduce a deliberate hole into Flash that could be exploited later (that would be a backdoor), and it didn’t introduce any deliberate weakness into Tor.

The bug already existed in Flash, at least if the suspect hadn’t patched recently.

In fact, Flash is a browser component that Tor deliberately excludes by default because of its long association of introducing security holes.

(Indeed, we recommend turning off Flash altogether, if you can, whether you use Tor or not.)

Anyway, it turns out that, before joining MITRE, Edman worked as a programmer on the Tor project for a while.

The component Edman worked on was called Vidalia, a sort of management console that made it easier for non-technical users to get started with Tor, which was harder to get running correctly back in the late 2000s than it is today.

Vidalia has been discontinued, but Edman is nevertheless being pilloried in the media, as though he were some sort of “gamekeeper turned poacher”, and as though, having once worked on Tor, he ought to have turned his back on law enforcement for ever.

What do you think? Is Edman some sort of turncoat?

Or has he shown that you can be in favour of privacy while also supporting the uncloaking of users when investigating serious crimes?

Image of stick figures courtesy of Shutterstock.