Matt Edman is the cyber security expert and former employee of the Tor Project that helped the FBI to hack and de-anonymize Tor users in several court cases, including the clamorous Operation Torpedo and Silk Road.
According to an investigation by the Daily Dot, Edman helped the Feds in developing of a custom malware, also known Cornhusker or Torsploit malware, to unmask Tor users.
Edman worked closely with the FBI Special Agent Steven A. Smith to develop and deploy the exploit that allowed law enforcement to identify Tor users.
Edman joined the Tor Project in 2008, he worked on the as a developer to work on Vidalia that is a cross-platform GUI for controlling Tor. One year later he was hired by a Defense contractor working for intelligence agencies and the FBI. In that period he focused its efforts in the development of an exploit to unmask Tor users.
“It has come to our attention that Matt Edman, who worked with the Tor Project until 2009, subsequently was employed by a defense contractor working for the FBI to develop anti-Tor malware,” Tor Project confirmed in a statement to the Daily Dot.
The Tor Project has also confirmed the same, saying, “It has come to our attention that Matt Edman, who worked with the Tor Project until 2009, subsequently was employed by a defense contractor working for the FBI to develop anti-Tor malware.”Moreover, the team said Edman worked only on the Vidalia project that Tor dropped in 2013 and replaced it with other tools designed to improve the user experience.
Since 2012, Edman has been working at Mitre Corporation, he his member of the Remote Operations Unit, which is an FBI internal team that evaluates and develops exploits and hacking tools for the US Government.
During the same period, he was assigned to the investigation under the Operation Torpedo, a hacking campaign aimed to identify owners and operators behind illegal hidden services hosted in the Tor network. He worked with the FBI to dismantle a ring of child pornography in the Dark Web and to shut down the popular black market Silk Road. The operation allowed the FBI to identify and arrest the creator and owner of Silk Road, Mr. Ross Ulbricht.
The DailyDot, citing a testimony, reported that Edman was a key figure in the Ulbricht’s arrest. He traced $13.4 million in bitcoins from Silk Road to Ulbricht’s laptop.
“According to testimony, it was Edman who did the lion’s share of the job tracing $13.4 million in bitcoins from Silk Road to Ulbricht’s laptop, which played a key role in Ulbricht being convicted and sentenced to two life terms in federal prison. Edman worked as a senior director at FTI Consulting at the time.” continues the DailyDot.
The law enforcement deployed the Cornhusker on three servers that were hosting several anonymous child pornography websites. The Torsploit was designed to trigger flaws in the Flash component inside the Tor Browser.
According to the documents obtained by the DailyDot, Cornhusker is no longer in use, it was replaced by the “Network Investigative Technique” (NIT) to obtain IP and MAC addresses of Tor users.
Unfortunately, the NIT usage was not considered legitimate by the court during a hearing on the shut down of the world’s largest dark web child pornography site, PlayPen.
(Security Affairs – Cornhusker, Tor Hacking, Torsploit)