Open source security software also helps criminals.
For example TrueCrypt being free and easy to modify has lowered entry barriers for establishing criminal and cyber-espionnage operations (the same applies, well to Bitcoin software!).
Example: Operation Potato Express.
- A fully functional clone of TrueCrypt was since at least 2011 distributed from Russian web sites such as truecryptrussia.ru. The web site would only serve a rogue version to a handful of well-chosen customers/IP addresses, in particular to Ukrainian government & military institutions and journalists. In addition the malicious data-stealing functionality was activated rarely, ONLY for active long-term TrueCrypt users. As a result the operation was not discovered for years.
- The software would later also spread malware through USB, and used a very clever trick to make people click on a file contained on a USB drive: the executable was disguised to appear as a disk drive itself, and most users would simply double click to open it and.. run malware. Wicked.
- More info here.