User Controls
FBI cracks TOR Browser Bunlde in Unprecedented CP Bust..
-
2016-02-04 at 4:37 PM UTC
So this kind of old news, but I haven't seen any niggasinspace talking about it so I figured I'd mention it.
I first read about it in The New Yorker about a week ago or so, and have been trying to follow the story. As usual, the media is pretty unreliable when it comes to tech stuff, but basically what happened was FBI took down a darknet Child Porn website called "The Playpen," moved the servers to Washington DC, and then continued hosting the website (and all the content) for like two weeks. In the process of hosting this huge CP site, the FBI managed to create malware that would circumvent all of TOR's methods of anonymity by loading itself on the user's computer through the browser, getting the computer's MAC address, real IP address, username, system information, OS, a bunch of other identifying information, mailing it to another FBI server, and then silently deleting itself afterwards.
So, apparently, if anyone visited that site within the time period that the FBI was running it, you're going to get a visit from a cop sometime or at least be put under surveillance. There's no telling how long this surveillance will be. Sometimes warrants are issued in a matter of days, sometimes weeks, months, or sometimes up to a year after the investigation. I think overall the FBI claimed it got information from over 1,000 people (depending on your source).
So there's a lot to talk about here. Namely, the FBI's tactic has come under heavy criticism by those of us who aren't sleeping or blinded by paedophile hate due to the following reasons:
1. This is a clear and gross violation of the 4th amendment. What's terrifying is that judges are already immediately dismissing appeals that the searches and seizures were unconstitutional.
2. It's an oppressive tactic that basically allows FBI agents to be above the law for the sake of prosecuting people. I mean, ironically, the people that they're arresting are in less violation of the law (viewing CP) than the police (hosting CP). I can't help but wonder if the people who work in these departments are actually pedos themselves because they basically have unrestricted access to child pornography that other departments don't. In case you didn't know, when police officers come across child pornography, they're expected to destroy it (with fire) after it's used as evidence and never have access to it when they're alone. If the FBI is literally running the servers for two weeks and literally just has techs hanging out on the site, it basically makes them immune to the law.
3. People are going to have their lives destroyed for potentially just visiting a site. For those of you who use or have used TOR, websites don't have catchy or descriptive names like on clearnet. The website url is basically gibberish, and it's uncommon for people to troll each other and give misleading links. Furthermore, the FBI is trying to set a legal precedent that just visiting a CP website is enough for a conviction as opposed to actually possessing child pornography. The reason that this is dangerous is because there's a shift from "innocent until proven guilty" to "having to prove your innocence once you're under suspicion." There's also the slippery slope as to whether or not an IP address is a person, which has come under scrutiny. I know not everybody is from the US here but, even if you just get accused or investigated or something like this, your name and photo are printed in the newspaper and you have reporters banging on your door. If found guilty, you're put on a public registry that anybody can look up at any time, you'll never get a job, and if you're ever around children they can arrest you. This registry is usually indefinite.
Then there's the technical aspect that I'm confused about. The FBI used malware, but how did it get injected? Was it everyone who visited the site? Was it everyone who logged in? I read that it was flash based, so does that mean you had to of downloaded or played videos?
Just curious if anyone else wanted to weigh in on this. There's a legal side and a tech side to discuss, so I figured I'd post it here. I'll try to post up the flash code if I can find it.
https://www.hackread.com/fbi-hacked-tor-to-hunt-paedophiles-on-deep-web/ -
2016-02-04 at 4:42 PM UTCMost software authors build hidden backdoors directly into the product. The feds have access to those. Even the backdoors themselves have hidden backdoors coded into their own executable.
-
2016-02-04 at 4:43 PM UTCHere's a link to the code. Apparently it was a NIT.
-
2016-02-04 at 4:46 PM UTCThere's no laws against the feds hacking computers. They can do anything they like. Feed you a trojan, install a virus on your machine, kill your device, basically anything. They use 0-days just like all the other hackers, and they usually have the 0-days in hand well before anyone else.
-
2016-02-04 at 4:52 PM UTC
There's no laws against the feds hacking computers. They can do anything they like. Feed you a trojan, install a virus on your machine, kill your device, basically anything. They use 0-days just like all the other hackers, and they usually have the 0-days in hand well before anyone else.
That's fucked up though because those services carry our whole lives in them. What's the point of needing a warrant to enter somebody's house when you can see everything way more personal about them (who they call, what they visit, what they like, all their pictures, their legal documents, tax information, who their dating, whatever) without one? -
2016-02-04 at 5:35 PM UTC
1. This is a clear and gross violation of the 4th amendment. What's terrifying is that judges are already immediately dismissing appeals that the searches and seizures were unconstitutional.
2. It's an oppressive tactic that basically allows FBI agents to be above the law for the sake of prosecuting people. I mean, ironically, the people that they're arresting are in less violation of the law (viewing CP) than the police (hosting CP). I can't help but wonder if the people who work in these departments are actually pedos themselves because they basically have unrestricted access to child pornography that other departments don't. In case you didn't know, when police officers come across child pornography, they're expected to destroy it (with fire) after it's used as evidence and never have access to it when they're alone. If the FBI is literally running the servers for two weeks and literally just has techs hanging out on the site, it basically makes them immune to the law.
3. People are going to have their lives destroyed for potentially just visiting a site. For those of you who use or have used TOR, websites don't have catchy or descriptive names like on clearnet. The website url is basically gibberish, and it's uncommon for people to troll each other and give misleading links. Furthermore, the FBI is trying to set a legal precedent that just visiting a CP website is enough for a conviction as opposed to actually possessing child pornography. The reason that this is dangerous is because there's a shift from "innocent until proven guilty" to "having to prove your innocence once you're under suspicion." There's also the slippery slope as to whether or not an IP address is a person, which has come under scrutiny. I know not everybody is from the US here but, even if you just get accused or investigated or something like this, your name and photo are printed in the newspaper and you have reporters banging on your door. If found guilty, you're put on a public registry that anybody can look up at any time, you'll never get a job, and if you're ever around children they can arrest you. This registry is usually indefinite.
There are some huge implications with this story that are going to be overlooked. Not to mention that it is basically entrapment which is illegal. I cant believe that our FEDERAL government thinks its okay to host child porn with our tax dollars. Imma go write my congressman.There's no laws against the feds hacking computers. They can do anything they like. Feed you a trojan, install a virus on your machine, kill your device, basically anything. They use 0-days just like all the other hackers, and they usually have the 0-days in hand well before anyone else.
But thats wrong you dummy. The fourth ammendment has many times been ruled to apply to electronic devices. The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. -
2016-02-04 at 5:59 PM UTCHere's the inside scoop. Playpen, had different levels, free access for general content, paid area for premium content, and an inner circle of content creators that were in direct contact with the admin, word on the grapevine is the people affected were in the inner circle of content creators and possibly some paying members, when they got control of the server they acted as the admin and it's possible that through interaction with other "high ranking" members the malware was spread. That it were only about 1000 people if the FBI can be believed is good because to my recollection playpen had several tens of thousands of members. (Luckily i wasn't among them) But it did suck when when girlshub got vanned, but that's ok CP sites are like hydras, kill one, three new ones appear.
-
2016-02-04 at 9:47 PM UTC
…But thats wrong you dummy. The fourth ammendment …
You call me a dummy, but it's you who apparently doesn't know that the feds are above the law, and that the Constitution isn't worth the paper its written on to them, and they will do what they please whenever they please, and there's nothing you or anyone else can do about it. When it comes to online activities, the laws are "murky", and that's straight from the jackasses' own mouths.
-
2016-02-04 at 10:31 PM UTC
You call me a dummy, but it's you who apparently doesn't know that the feds are above the law, and that the Constitution isn't worth the paper its written on to them, and they will do what they please whenever they please, and there's nothing you or anyone else can do about it. When it comes to online activities, the laws are "murky", and that's straight from the jackasses' own mouths.
You are just a misanthrope who thinks the ebil gubment is going to get us all. The reality is that its not a perfect system but there are enough checks and balances to make sure it doesnt fall to complete and utter shit. -
2016-02-05 at 12:40 AM UTC
Here's the inside scoop. Playpen, had different levels, free access for general content, paid area for premium content, and an inner circle of content creators that were in direct contact with the admin, word on the grapevine is the people affected were in the inner circle of content creators and possibly some paying members, when they got control of the server they acted as the admin and it's possible that through interaction with other "high ranking" members the malware was spread. That it were only about 1000 people if the FBI can be believed is good because to my recollection playpen had several tens of thousands of members. (Luckily i wasn't among them) But it did suck when when girlshub got vanned, but that's ok CP sites are like hydras, kill one, three new ones appear.
This is kind of what I'm confused about. The way it's reported seems to insinuate that if just anyone visited the site got the malware. So the way the information is presented is that everyone who visited is is most likely going to jail at least while the investigation gets worked out. This being said, the FBI is infamous for presenting bullshit as fact in order to make it appear as if they have more control and influence than they really do, but it's not too far fetched that anyone who visited the site (not just members) are in trouble.
I'm not familiar with the site so I don't know how it worked, but if the code was flash based and it streamed videos through flash (like youporn or xvideos), then anyone who watched a video is potentially screwed. I'm also reading that it was kind of like a BBS where flash based stuff is downloaded so I'm not really sure wtf the deal is here. I'm not asking anyone to admit that they've been there, but I really have no clue what the actual scope is of this bust is.
From what I read in the New Yorker article, there was like ten thousand unique users on the reg, about two thousand registered users, one thousand they got information on, and something like 158 that they were pressing charges on.Most software authors build hidden backdoors directly into the product. The feds have access to those. Even the backdoors themselves have hidden backdoors coded into their own executable.
This is true, which is why I happily use Linux.There are some huge implications with this story that are going to be overlooked. Not to mention that it is basically entrapment which is illegal. I cant believe that our FEDERAL government thinks its okay to host child porn with our tax dollars. Imma go write my congressman
Yeah this is my point. We might not all be pedophiles here but I think they're greater goal is to deter people from using hidden services like TOR or I2P. Think about it - what if I want to read about unpopular ideas like why pedophiles justify their crimes, what isis or extreme right wing nationalists think? Are the police going to come to my house and throw me in jail for looking at unpopular ideas? This is a pretty fucked up situation that involves all the rights of all Americans being violated to beat up on the least popular ones.
You must protect unpopular speech in order to truly protect free speech.You call me a dummy, but it's you who apparently doesn't know that the feds are above the law, and that the Constitution isn't worth the paper its written on to them, and they will do what they please whenever they please, and there's nothing you or anyone else can do about it. When it comes to online activities, the laws are "murky", and that's straight from the jackasses' own mouths.
Speaking of unpopular speech, I actually agree with -Spectral here. If we can't get enough people to speak out about the government hosting a fucking kiddie porn website with tax payer dollars, then I think his point is well proven. Unless all of these guys get their cases dismissed, I don't foresee any positive legal precedents getting established.
I hope we're ready for our police state.
-
2016-02-05 at 2:01 AM UTC
This is kind of what I'm confused about. The way it's reported seems to insinuate that if just anyone visited the site got the malware. So the way the information is presented is that everyone who visited is is most likely going to jail at least while the investigation gets worked out. This being said, the FBI is infamous for presenting bullshit as fact in order to make it appear as if they have more control and influence than they really do, but it's not too far fetched that anyone who visited the site (not just members) are in trouble.
I'm not familiar with the site so I don't know how it worked, but if the code was flash based and it streamed videos through flash (like youporn or xvideos), then anyone who watched a video is potentially screwed. I'm also reading that it was kind of like a BBS where flash based stuff is downloaded so I'm not really sure wtf the deal is here. I'm not asking anyone to admit that they've been there, but I really have no clue what the actual scope is of this bust is.
From what I read in the New Yorker article, there was like ten thousand unique users on the reg, about two thousand registered users, one thousand they got information on, and something like 158 that they were pressing charges on.
When i said i wasn't a member i wasn't lying i only heard about playpen after girlshub got busted, if it was like girlshub it was basically an image board for CP with threads that had video downloads. However at girlshub you couldn't stream, vids were hosted off site in password protected archives. Also the owner of playpen was a hurtcore loving sexual sadist type of pedo who actively and personally created said content so if he rots in jail for the rest of his life i couldn't give two shits, lolis are for loving not hurting.
Wasn't he the Australian dude who made the Daisies Destruction vid? IDK, real pedos will know what i'm talking about, that shit is fucked up even by my standards. -
2016-02-05 at 2:11 AM UTC
When i said i wasn't a member i wasn't lying i only heard about playpen after girlshub got busted, if it was like girlshub it was basically an image board for CP with threads that had video downloads. However at girlshub you couldn't stream, vids were hosted off site in password protected archives. Also the owner of playpen was a hurtcore loving sexual sadist type of pedo who actively and personally created said content so if he rots in jail for the rest of his life i couldn't give two shits, lolis are for loving not hurting.
Wasn't he the Australian dude who made the Daisies Destruction vid? IDK, real pedos will know what i'm talking about, that shit is fucked up even by my standards.
The stuff I was reading about in the search warrant made no mention of hurtcore, but did talk about "Pedo Mommies" and some other weird stuff. And no, that Australian dude got arrested a while ago. He's never getting out of prison and will probably die there. I'm sure his videos are still around though. I mean, once it's out there it's out there. He was interviewed on 60 minutes I believe it was.
If what you're saying is true though, then my guess is that the videos were probably flash, in which case it seems like the malware was injected by people who downloaded the videos and opened them.
That's just my guess.
-
2016-02-05 at 2:21 AM UTC
The stuff I was reading about in the search warrant made no mention of hurtcore, but did talk about "Pedo Mommies" and some other weird stuff. And no, that Australian dude got arrested a while ago. He's never getting out of prison and will probably die there. I'm sure his videos are still around though. I mean, once it's out there it's out there. He was interviewed on 60 minutes I believe it was.
If what you're saying is true though, then my guess is that the videos were probably flash, in which case it seems like the malware was injected by people who downloaded the videos and opened them.
That's just my guess.
Pedo mommies are awesome, i'll have you know, but only if they're into loli, it's just a sub catagory of cp actually i do believe.
I actually know a girl who's into loli, much pedo, lots rare(IME), wow. -
2016-02-05 at 2:39 AM UTC
Pedo mommies are awesome, i'll have you know, but only if they're into loli, it's just a sub catagory of cp actually i do believe.
I actually know a girl who's into loli, much pedo, lots rare(IME), wow.
It was in the search warrant. I keep trying to find it but I can't. It's a .pdf floating around on the internet. It's the original search warrant to bust the original dude from Nebraska.
I guess it was a bunch of women having sex with kids or something. Like I said, I'm not interested in the site as I am in what this means for American citizens and those of us who want to use anonymous services. -
2016-02-05 at 2:45 AM UTCThis happened a while ago though. I remember reading about it like six months+ ago. Also, it doesn't surprise me in the slightest. Federal agents will break the law to make busts and how been doing so since the started.
I remember on one of the 'Master Minds' documentaries a fed was bragging about slashing this high-end burglars tire so that he would open his rear trunk to get the spare, and the fed van was parked nearby where he could take pictures of the stolen goods in the trunk. He didn't actually say he slashed the tires, but he hinted at it and laughed. -
2016-02-05 at 2:48 AM UTC
It was in the search warrant. I keep trying to find it but I can't. It's a .pdf floating around on the internet. It's the original search warrant to bust the original dude from Nebraska.
I guess it was a bunch of women having sex with kids or something. Like I said, I'm not interested in the site as I am in what this means for American citizens and those of us who want to use anonymous services.
I know, i know. I have little else to contribute though, this is just another reason for me to despise the american government fuck them, they are enemies of humanity. -
2016-02-05 at 2:49 AM UTC
This happened a while ago though. I remember reading about it like six months+ ago. Also, it doesn't surprise me in the slightest. Federal agents will break the law to make busts and how been doing so since the started.
I remember on one of the 'Master Minds' documentaries a fed was bragging about slashing this high-end burglars tire so that he would open his rear trunk to get the spare, and the fed van was parked nearby where he could take pictures of the stolen goods in the trunk. He didn't actually say he slashed the tires, but he hinted at it and laughed.
I just read about this in November.
And yeah cops do corrupt shit. That's not a surprise. The issue is that the cops are now setting a dangerous legal precedent about it. -
2016-02-05 at 5:18 AM UTClol maybe you guys should cut back on the child pornography you watch on a daily basis. This is hardly "unprecedented"
-
2016-02-05 at 7:12 AM UTCSWIM was in semi-regular contact with the admin, usually to point out all the holes in his gameboy level security. There were no flash videos or streaming and users were encouraged to disable javascript, but this is a guy who didn't think he needed an IDS and was trying to write his own iptables rules with clearly no previous sysadmin experience, etc. while being one of the largest targets on the internet for both blackhats and LE.
When I heard it had been taken over by the FBI and turned into a honeypot I couldn't help but laugh. -
2016-02-05 at 8:09 AM UTCI'm not really convinced that gathering information about someone who has verifiably broken the law constitutes unreasonable search and seizure but w/e.
I don't like the way it's represented as "this is vulnerability with tor", especially in non-technical media. It was an issue with firefox that existed in like 5 versions of stable, it just happened to also exist in the version TBB bundled.
