Tor Project developer / Vidalia creator Matt Edman wrote the malware for the FBI's 2012 Operation Torpedo

Tor Project developer / Vidalia creator Matt Edman wrote the malware for the FBI's 2012 Operation Torpedo.

leagle.com/decision/In FDCO 20151223G66/U.S. v. Cottom

Other urls found in this thread:

torproject.org/docs/signing-keys.html.en
wired.com/2015/01/prosecutors-trace-13-4-million-bitcoins-silk-road-ulbrichts-laptop/
lanotiziagiornale.it/il-piccolo-carrai-col-curriculum-piu-lungo-di-bill-gates-la-societa-cys4-dellamico-del-premier-imbarca-un-22enne-cyber-esperto-che-dice-di-conoscere-ambasciatori-e-ministri/
twitter.com/NSFWRedditVideo

...

Vidalia is unmaintained and deprecated and he doesn't work for Tor anymore

His keys are still listed here torproject.org/docs/signing-keys.html.en

> uid Matt Edman
> uid Matt Edman
> uid Matt Edman

He also helped with the Silk Road case

wired.com/2015/01/prosecutors-trace-13-4-million-bitcoins-silk-road-ulbrichts-laptop/

So basically even more proof that Tor is a honeypot?

Let me know when Nick Matthewson and Roger Dingledine are writing malware for the FBI.

This guy's got it figured out.

So world class cryptologists with experience working on (former) government software get employed as consultants by the government to help develop malware targeting insecurities in other software which aren't protected by (tor)?

In any case, the fact that he's being employed to do analysis and to help develop flash exploits means that he isn't taking the easy way out and introducing backdoors in tor.
Just because he's associated with the FBI doesn't mean that he's sold out unrelated products.
It just means that tor is so major a part of the modern cryptology scene that it's hard to find work which doesn't touch on it in some way.

t. torposter

I wonder how much he got paid? The CMU people got a million for their relay_early tagging exploit.

That may be true user but who knows the extent of this treachery. Also, regarding that exploit, only win/tor bundle/running javascript users were affected, is that correct? I do remember the months leading to bust that a few anons posting on/g/&Holla Forums were warning users about being safe and not running javascript.

...

good work OP thanks for notifying us

Hello newfag

HAHAHAHAHA oh wow

2016 is the year of I2P

No clearnet though?

clearnet has be nonredeemable suck since 2008

it has outproxies but they slow as fuck tbh but clearnet sucks anyway

if any of you fags run tor relays please consider running i2p nodes/outproxies

lanotiziagiornale.it/il-piccolo-carrai-col-curriculum-piu-lungo-di-bill-gates-la-societa-cys4-dellamico-del-premier-imbarca-un-22enne-cyber-esperto-che-dice-di-conoscere-ambasciatori-e-ministri/

we've noticed about his inappropriate tor project involvement in past (defining as "Working at
Tor Project"), but he was a social escalator, but harmless. Now there's a very big scandal happening in
italy, with the prime minister that's nominating his marriage witness as VP of cybersecurity at
intelligence directorate (Mr. Carrai) that own a recently incorporated cybersecurity company "cys4" and
onboarded this Andrea Stroppa

I have used i2p in the past but I don't understand how it works so I am hesitant to trust it. Anyone got a good video or article that doesn't require too much technical knowledge?

Also, what can I use i2p for? All I found that interested me was file sharing. It's a bit of a pain to use in because I have got js disabled, is that necessary for i2p?

Js always disabled on everything user. That is verse 3 in the user bible.

Why is disabled javascript a pain? Most eepsites are designed to work without js.

It wouldn't be necessary, if ECMA just pulled their shit together to make Javascript not to completely suck regarding security on the browser.

Web browsers will never be secure. Even with javascript disabled, the attack surface is still huge.

Thanks anons. I am never sure whether a page is loading correctly if I have javascript disabled.

Does a eepsite/hidden service BBS exist?

I'd love it if i2p didn't suck shit code-base-wise.

You do realise that I2Pd, a C++ rewrite of I2P is alive right?

Tor used to be a US navy project and cryptologists frequently play several sides because their skills are wanted, so this isn't really surprising. Apparently, this was an exploit based on JS, Java and Flash, which reinforces the points that Tor users must turn these off asap and that the TBB is a honeypot for setting NoScript to blacklist mode.

The following is a list of commits in Tor itself (not Vidalia etc) that are penned or suggested by Matt Edman. Note that all of them are from 2007 or earlier.
25242f1fc226d74674e4beb012a6321bcf494785 (suggested)c8fd65a936ccf0fcf09ba3eeef8a420015ff1861 (suggested)bae366eff015dffc2b86eeb89cb7d23c81918eaf (modified version of a patch by Edman)829bf4dcd0318431010da3ff5e3785fb9fb2f80c (penned)33e92cd5fb871f0eee6eeefd411df0a6cc1690a6 (penned)441e02d4acb34ea85d763ef60fa63679ccaa7e41 (penned)e1db33971e56949c5021185c3c156fde37a016d8 (penned)
Later, he only seems to have reported bugs. For completeness, I have listed them below, but I doubt he was directly involved with those.
f060b18e6c4292be58de0e1b08f25b770cbddff89d11827780d15d8b398d8ce6b04110a4dea5e980a5a6b9a08a76272ebef1d29202b74fcf76464f5fa54ce34e3528ad9cf4f8c808227c55454cd51ba0b4a28f8b8307e690b49b6f238ae7c289757f0a6e5aa76cdaa81ac830a6133ca8aa8c23e1b671058dc02fb8997b14f39f14adce7b3082b7e2060495c58a21232256a9aeae0a9a2da2563f734ca43f5e56

I hope the formatting of these code blocks is alright, I always forget whether they are on their own paragraph.

Better luck next time

This. Even Text editors for viewing plain old text files are still vulnerable to a wide margin of exploits

These intelligence agencies cost the world trillions per year and the high point of their output is a mildly clever project name.