Tor Developer Created Malware for FBI to Hack Tor Users
Peter van Buren, We Meant Well (blog), May 5 2016
Espionage works like this: identify a target who has the info you need. Determine what he wants to cooperate, usually money. Be sure to appeal to his vanity and/or patriotism. Create a situation where he can never go back to his old life, and give him a path forward which favours his ongoing cooperation in a new life. Then recruit him, because you own him. The FBI appears to have run a very successful, very classic, textbook recruitment on the guy above, Matt Edman, to use his insider-knowledge to defeat one of the best encryption and privacy software tools available. Edman is a former Tor Project developer who created malware for the FBI that allows agents to unmask users of the anonymity software. Aloha, privacy! and fuck you, Fourth Amendment rights against unwarranted search and seizure! Tor is part of a software project that allows users to browse the web and send messages anonymously. In addition to interfacing with encryption, the basic way Tor works is by bouncing your info packets from server to server around the Internet, such that each server knows only a little bit about where the info originated. If you somehow break the chain, you can only trace it back so far, if at all. Tor uses various front ends, graphic user interfaces that make it very easy for non-tech people to use. Tor is used by a small number of bad guys, but it is also used by journalists to protect sources, democracy advocates in dangerous countries, and simply people choosing to exercise their rights to privacy because they are in fact entitled to do so and don’t need a reason to do so. Freedom and all that. It is up to me if I want to lock the door to my home and close the blinds, not anyone else. Our boy Edman worked closely with the FBI to customize, configure, test, and deploy malware he called “Cornhusker” to collect identifying information on Tor users. The malware is also known as “Torsploit”. Cornhusker used a Flash application to deliver a user’s real IP address to an FBI server outside the Tor network. Cornhusker was placed on three servers owned by a Nebraska man who ran multiple child pornography websites. We all hate child pornographers, and we all would like to see them crammed up Satan’s butthole, to suffocate in a most terrible way. But at the same time, we should all hate the loss of our precious rights. Malware has a tendency to find its way into places it should not be, including into the hands of really bad dictators and crooks, and even if we fully trusted the FBI to only use its Tor-cracking tools for good, the danger is there. And of course we cannot trust the FBI to use its Tor-cracking tools only for good. If Tor can be taken away from a few bad actors, then it can be taken away from all of us. Our choice to browse the web privately and responsibly is stripped from us. Encryption and tools like Tor are like any tool, even guns, in that they can be used for good or for evil. You never want to throw the baby out with the bathwater, especially when fundamental Constitutional rights are at stake. Rough and unpleasant as it is to accept, the broad, society-wide danger of the loss of those fundamental rights in the long run outshadows the tragedy of child pornography.