Joshua Philip Yabut — the National Guardsmen who made headlines for taking an armored truck on an extended joyride — appaears to be a fan of decentralization.
Yabut allegedly absconded the Virginia army base where he was stationed in a M577 armored command vehicle from on Tuesday June 5, driving over sixty miles before being apprehended by police in downtown Richmond. He was arrested and charged with unauthorized use of a vehicle, eluding police, and driving under the influence of drugs.
Yabut has since disputed these charges, telling the Associated Press that he had permission to take the vehicle as part of a plan to evaluate the response of local law enforcement.
According to the timestamps on his Twitter account, Yabut was posting from inside the vehicle while the mid-speed chase was still ongoing, making him something of a folk hero amongst a certain segment of the extremely online. This minor celebrity — and the sheer audacity of his stunt — prompted journalists and curious strangers alike to probe deeper in to Yabuts online presence.
It has recently come to light that Yabut has a background in infosec. In addition to his LinkedIn profile, he has done cybersecurity work for NASA. It seems likely that he is the author of a 2016 Hackernoon article detailing a security exploit in the Tor browser.
The Tor browser is a modified version of Mozilla Firefox which is designed to optimize for privacy and anonymity. Popular with activists and journalists as well as hackers, Tor uses a technique called “onion routing,” (which was developed by DARPA in the 1990s) to route traffic through a decentralized network, obscuring its source and making it more difficult to trace browsing history back to a specific user.
Yabut claimed that the Tor network was deeply vulnerable, writing:
This attack enables arbitrary remote code execution against users accessing specific clearnet resources when used in combination with a targeting mechanism; such as by passively monitoring exit node traffic for traffic destined for specific clearnet resources. Additionally this attack enables an attacker to conduct exploitation at a massive scale against all Tor Browser users and to move towards implantation after selected criteria are met (such as an installed language pack, public IP address, DNS cache, stored cookie, stored web history, and etc).
Others in the Tor community have downplayed the severity of this security flaw. The exploit was patched within 24 hours.
Yabut has also been active in the cryptocurrency community, leading development of the cryptocurrency ZenCash. He left the project early last year, and shortly afterwards “he announced and made public a method of attacking the blockchain.”
While ZenCash did suffer an attack just a few days before Yabut’s now-famous June 5th joyride (the same day that he tweeted “permission to execute the 0day sir.”), there has been no conclusive evidence linking the attack to Yabut.