ANNOUNCEMENT: Since the Silk Road 2.0 bust by the feds a few other Darknet Markets have fallen. Silk Road 3 is up and running with a big selection of goods.
How did the Feds manage to unmask Tor browser users, when The Onion Router is one tricky anonymity tool, layer after layer of relays? What steps did the FBI take to finally seize the Silk Road underground drug market and arrest the Tor hidden Silk Road site’s founder? It now makes sense- it was an insider’s job.
An eye for an eye. Tor for Tor.
Chris Soghoian, technologist from ACLU stated that the U.S. government is hacking itself with one arm funding the Tor Project, and the other tasked to hack it.
Well, hiring someone with firsthand experience was the best way to go to beat Tor, and the person found fit for the job is cybersecurity expert and former Tor core developer Matthew J. Edman. The closure of darknet marketplace Silk Road alone has produced a series of dark web drug busts and nabs throughout the globe until today.
As Tor Project Software Developer
The nonprofit organization confirmed that Edman worked with them until the year 2009, and was subsequently employed by an FBI defense contractor to develop an anti-Tor malware.
In 2008, Matthew Edman joined the Tor Project same day as Jacob Appelbaum, hacker and journalist known for his work on WikiLeaks and as one of Edward Snowden’s staunchest supporter.
The developer was then working on Vidalia, a software designed to deliver an easier to use Tor by presenting people with a simplified interface. Tor dropped it in 2013 and replaced the Vidalia with other tools aimed towards improving user experience.
As Anti-Tor Malware Developer
In 2012, Edman functioned as senior cybersecurity engineer for Mitre Corporation and was assigned to the Remote Operations Unit of the FBI. This internal team catered to the development or purchase of exploits and hacking tools for the purpose if spying on potential targets.
He then became part of Operation Torpedo, built against 3 Tor hidden child pornography sites within the dark web. The malware he came up with, dubbed Torsploit has rendered at least 25 individuals de-anonymized and netted a total of 19 convictions.
Cornhusker: Unmasking Tor Users
Edman, together with Steven A. Smith, an FBI Special Agent, developed and took to customize, test, configure, and deploy the Cornhusker or Torsploit while at Mitre.
The malware aided the bureau by allowing agents to deanonymize Tor users with its primary task to gather identifying information. Torsploit has then been wielded in a number of investigations by US law enforcement and intelligence agencies.
FBI agents packed it inside a Flash file placed on each of the Operation Torpedo sites. The Cornhusker exploited Flash vulnerabilities whenever a Tor user had it enabled in order to reveal actual IP address being used, setting aside the Tor browser’s privacy protection and anonymity. The information is then sent to FBI servers along with a timestamp.
Court documents state that the Cornhusker has been stopped and FBI moved on to other malware and newer techniques meant to target a wider scope on Tor users.
Collaboration with the FBI Continues
Besides working on the aforementioned Operation Torpedo, Edman had a lion’s share in the federal agency’s shut down of Silk Road and conviction of its creator Ross Ulbricht.
He played a significant role, from tracking $13.4 million bitcoins in transactions which previously took place at the Silk Road marketplace, to tracing Ulbricht’s laptop that lead the FBI to him on October 2013 which brought an end to the Silk Road dark path.
Edman worked at FTI Consulting as senior director during this time covering the Silk Road investigation, and is currently a Berkeley Research Group key executive.