is a name that even a writer would not come up with. Truth is sicker than fiction.
US judges have shut down an appeal from a convicted pedophile who claimed the FBI hacking of his computer was an illegal and unreasonable search. Gabriel Werdene, 53, of Bucks County, Philadelphia, is serving two years in a federal prison for rummaging through the Playpen dark-web filth souk for images and footage of child …
is a name that even a writer would not come up with. Truth is sicker than fiction.
With those home addresses in hand, the Feds swooped, and arrested hundreds of people suspected of being Playpen degenerates.
While I think that "degenerate" is being too polite in describing this scum, this is El Reg, not the Daily Beobachter. Can we stick to using appropriate IT terms. In this case user or at most luser.
As demonstrated in one a case of some "copyright is theft" law firm that got run out of business.
A lesson to all who would practice anything that the government de jour dislikes in the "Land of the Free (TM)"
Did you read the bit about getting a unique identifier for the PC plus the MAC address?
I believe they used obtained IP not as a proof of illegal activities , but to obtain a physical address of a suspect to raid his home and THEN try to gather evidence ( computer, pendrives , DVDs etc )
An IP address is sufficient evidence for a search warrant, but it certainly isn't enough evidence for a conviction. The information they obtain from the search warrant would be used to convict.
They would try to break in while you are actually in the middle of watching / looking at stuff, that way, they get the strongest possible evidence that it is you and not someone else in the house / a neighbour who has somehow obtained your wifi password / a virus or trojan that is redirecting it elsewhere.
MAC addresses can be spoofed, not sure what the other unique info is (OS serial number? CPU serial number?)
unique identifier for the PC plus the MAC address
Neither of which is that likely to be unique - especially if the luser is IT-savvy and knows how to set a LAA MAC address.
(Or is using a Mac connected via wifi and using address randomisation)
It's interesting that paedophile who views and trades pictures of children being raped and abused feels that it is his rights that were violated.
It's always the worst of society that are used to justify infringing on the rights of everyone else. If you didn't notice, with the changes that were made to prevent men like this appealing their convictions on constitutional grounds, the FBI has now been given the right, under US law, to "probe" any computer in the entire world. They have the legal right to hack into any computer they want, anywhere in the world.
The man was evil, that cannot and will not be argued. It's equally evil that they have used his vile acts to create a shield for their creeping claim of jurisdiction across every nation on earth.
These sort of cases are rather worrying. Not that anyone much has sympathy for those promoting child rape, etc, but more that by initially being used for such cases it allows dubious legal practices to be "normalised" for other investigations.
Paedophilia is in many was the new witchcraft: where simply being accused is enough to lose one's job, family rights, etc, and even if it all turns out to have been a case of mistaken identity, etc, you won't ever get your former life back and the tabloid headlines won't be shouting about your innocence. And this is not just a theoretical concern:
So while we all want the police to investigate and prosecute cases of child abuse, they have to do so with great care to establish the integrity of the process is beyond doubt and that they don't go in guns blazing (perhaps literally in the USA) to the wrong house due to some screw up with IP address resolution, shared wifi / weak passwords / etc.
"They have the legal right to hack into any computer they want, anywhere in the world."
Only under U.S. law would it be "legal". In theory, if one of them ever showed up in another country where such alleged hacking took place, the FBI guy responsible for the hacking could STILL be arrested for it, "over there".
And the country where the server hack took place could STILL file for extradition, etc. if they wanted to.
Yeah, like it would ever happen...
"It's always the worst of society that are used to justify infringing on the rights of everyone else."
Except everyone else's rights weren't infringed. This creep and others like him were in the commission of a crime by explicitly and intentionally visiting a specific site dealing in child pornography. The expectation of privacy has almost no legal merit for these people. Clearly the judge felt so too.
"Only under U.S. law would it be "legal". In theory, if one of them ever showed up in another country where such alleged hacking took place, the FBI guy responsible for the hacking could STILL be arrested for it, "over there"."
Not true in the slightest. Dutch police took over the dark web Hansa (similar to Silk Road) using similar techniques and arrested a bunch of people.
From their own press release "This involved taking covert control of Hansa under Dutch judicial authority a month ago, which allowed Dutch police to monitor the activity of users without their knowledge, and then shutting down AlphaBay during the same period."
Visiting these sites self selects people for monitoring.
If they are collecting evidence to bust a paedo ring, they are inevitably going to find subscribers in other countries. Until they get the location information, they won't know where they are. Those details will be passed to local police forces.
Nice misdirection !!!
" ... Except everyone else's rights weren't infringed. ..."
Answers an assertion that was NOT made !!!
The rights are yet to be infringed by the extension of the FBI's 'Net' to include the rest of the 'Non-US' world.
So not just US citizen rights but the rest of the worlds citizens as well. !!!
Much as you want Child Abuse etc to be chased and people caught, it does NOT justify the infringment of everyones rights.
Once again we are throwing away 'hard earned' rights, casually, to further very narrow objectives (supposedly).
Yet the powers are really going to be used for very 'Wide' trawling of the Internet for whatever the US of A deems to be of interest and lets forget about anything such as national boundaries or 'Other' legal jurisdictions.
"...Except everyone else's rights weren't infringed..."
You clearly didn't read this bit then
Judges Joseph Greenaway Jr, Richard Nygaar, and Mike Fisher, sitting in the third circuit court of appeals, agreed this week that a magistrate should not have approved the search warrant, and that the FBI had exceeded its authority, but nonetheless decided that the government had acted in good faith.
There isn't, and nor should there be, any such ambiguity in the justice system. Either it was a legal search or it wasn't. End of. There's no caveat of "fuck, they broke the law but they did it with the best of intentions". These justices knew full well just what it would mean for them to issue the right (legally, no morals in court) decision. All subsequent searches would have stemmed from a tainted initial one and hence all evidence subsequently obtained would be equally tainted and inadmissible. By setting such an example and allowing an illegal search to stand they trample everyone's rights.
You have made the classic mistake, as they want you to do, of ignoring an abuse of rights because of the type of person whose rights were abused. Don't get me wrong, I don't think these sorts of people deserve to be allowed to inhabit the planet but at the end of the day we either have rights or we don't. These justices fall far short of the standard to be expected of someone in their position.
"Nice misdirection !!!"
No, it's a statement of fact. Unless you were visiting this site, your rights were not infringed. The FBI weren't tracking you because they had no reason to. If you WERE visiting this site then you were committing a crime and the FBI and every other law enforcement agency in the world is empowered to find out who you are in order to prosecute you. And so it was they stuck a bit of code into the site to get an IP address. Boo hoo.
There is no misdirection necessary here. Stop pretending this is a violation of rights. It isn't. And as I've mentioned elsewhere this is not limited to the FBI. Here you may see the image that visitors to Hansa saw after it was closed - the Dutch cops telling people that their IPs were logged, their bitcoins seized, their passwords & PGP keys logged and so on.
When you visit a site to conduct illegal activity you forfeit any right to privacy.
I will assume that you live in a western democracy, because otherwise you would not be so upset about someone's rights being trampled on.
I think you need to take this in context. I agree that there are a few people in the police or the courts or wherever (bad guys') who are trying to undermine the rights to unreasonable search and seizure that people currently enjoy. But there are not very many of these bad guys, and there are many more people (both inside and outside the government) who are prepared to fight equally hard or harder to preserve those rights ('good guys'). The good guys are not as visible, and are not as active, until the rights breach gets out of hand - until someone says 'Hey, that's not fair' and enough reasonable people agree with them. Look at the recent Florida anti-NRA movement, or the #MeToo movement, or the fight against the Muslim ban in the US. These situations are driven by a large-scale problem that affects innocent people who are just trying to live their lives, and the movements to stop the 'rights-trampling' are powerful and effective.
Pedophiles downloading kiddy porn movies on the dark web are not in the same initial situation, and are not 'innocent people who are just trying to live their lives'. They are just plain evil people who deserve the full punishment of the law. Not many people are going to defend their right to view illegal pornographic material on the dark web anonymously, just because there is a loophole in the law governing wire taps which was written without regard to current technology.
Idealism has it's place, and certainly when you are in a dictatorship or oppressive regime, idealism serves its purpose. But you have to have some trust in the government and the citizens to 'do the right thing', even if it means that the rule of law is temporarily somewhat weakened. Note that the rule regarding specific location was changed before the case went to trial, so we are only talking a temporal difference - the FBI could have waited until after the rule was changed, and then gone for the warrant. The only difference is that there would have been more consumption of kiddie porn and (presumably) a worse outcome for the kids involved. I prefer catching the pedophiles ASAP.
Someone keeps making a valid point about the new laws generated as a result of these tactics, but others keep pointing to the incident that was used to shoe-horn the door open.
Less words, more meaning, and perhaps we will find we are all on the same page.
That pedo's went to a site and got nabbed due to being hacked by the FBI seems like just deserts, but the law that now allows US law enforcement to hack any computer on the planet will not be restricted to pedo's now that it is enshrined.
If you think they won't abuse it, then well, you're just wrong.
>It's always the worst of society that are used to justify infringing on the rights of everyone else
Like the current US government you mean?
The issue of a probable cause search warrant creates a legal exception to the normal expectation of privacy. An affidavit that includes the information about the computer the article describes and a statement of the fact of visiting the porno web site will get a search warrant to a near certainty.
That said, those accused of illegal trafficking in pornography, even child pornography, are entitled equally with others suspected of criminal activity to fourth amendment privacy protection until probable cause is sworn in a warrant application. and formal presumption of innocence until and unless convicted.
"...the good-faith exception to the exclusionary rule may apply to warrants that are void ab initio..."
What happened to the "fruit of the poisonous tree" doctrine? And why does the USA bother to have a written constitution (plus amendments) when the Government can wipe its collective arse with it whenever it pleases?
Paedophiles today, dissenters tomorrow.
It was always a matter of finding the right subversive. People can rationalise terrorism to extremist nutcases and low probabilities but give them a paedo ring an you can abuse the law to set the precedent you desire. At first they came for the....
Yes, yer honour, we accept that installing a webcam in <insert attractive celebrity's name here>'s shower without a valid warrant was technically illegal, but we acted in good faith as we honestly believed she wasn't putting her empty shampoo bottles into the correct recycling bin.
I feel bound to point out that I feel nothing but contempt for the people caught and perhaps I am showing my naivety but then what is the point of the Tor network?
If it's not really anonymous and you can be traced even though you've done nothing wrong (and by that I mean technically wrong like send some sort of identifiable information rather than doing something untoward) then it's not as safe as it's made out to be surely?
Or am I missing something?
When someone comes to you and says "hey I've got this great new community where everything you do is completely anonymous and you can do anything you want regardless of how others view such behaviour" there are three possibilities:
1. It's a complete scam, and the owners are collecting info on people for blackmail purposes,
2. It's a complete scam, and the owners are a law-enforcement agency looking to [en]trap criminals, or
3. It's an honest endeavour, which either has or will soon attract the attention of the people in (1) and/or (2), who will find a way to exploit it to their ends.
It's not even a zero-sum game. Say you play the game and use the community for completely innocuous purposes. At some point, either the 1s will mock-up something embarrassing, or the 2s will make it a crime to even be associated with the community.
Oh yes. They were not exposed by TOR in any way.
They were exposed by logging on to a compromised server which then fed them the exposing exploit, which in turn then gathered the information available on the pervs PC. I presume they did not change the server's IP address when it was moved to run the sting.
None of the FBI's information came from TOR except maybe the IPs of the entry and exit nodes (they are not mentioned as part of the gathered evidence) which the PC would of had anyway.
well, it's difficult to trace your real IP address via Tor. Lots of strategies exist, like monitoring 'exit points' and whatnot, but the best one (probably) is to effectively load some kind of malware onto the client's computer using some known flaw in his Tor browser, or flash [another reason NOT to use flash].
Then the 'alphabet soup' URL is simply logged, and after reviewing the logs, then "they" _KNOW_ it's YOU.
Tor is very hard to trace, near-impossible. But at the client end of Tor a webbrowser is usually running - these are not designed for highly anonymous activity, and can be manipulated into leaking traceable information like a sieve.
If I were up to something super-illegal like trading child abuse images, I'd do it from a separate VM which served no other purpose, and which was on its own subnet, behind a filewall that allowed it to communicate solely with my Tor node and nothing else. I'd use a clock setting and keyboard layout from another country, and never, ever type anything in to that VM which could be related to me. Setting up a system like this takes a bit of knowledge though - it's easy for most Reg readers, but not for your typical computer user, who will just download the Tor browser bundle.
Plenty other ways. Barely even exploits - just software doing what it does. Windows media files, for example, support a form of DRM which causes WMP to connect to a remote server at an address which is specified by the file in order to check if it is licensed to play. Easy enough to make a WMV file with a tempting name that uses this function to call back to a law enforcement server.
If you want anonymity you need to be running a live OS that doesn't touch the file system, and it will need to be an up to date version of something like Tails or Qubes OS that is built with security in mind. Now, that's not advice for these types in this case, but what is good for the dissident will, unfortunately, be good for the deviant.
There's no such thing as perfect security. Tor does a pretty good job, but it's not perfect, and more importantly it's only part of a solution. This attack was probably against the browser it comes with and/or the OS it was running on (Windows) not Tor itself. If you want to be completely untraceable A) tough luck, see first sentence and B) you're gonna have to do more than just downloading the Tor Browser bundle to get close.
Who claim encryption hinders them because they have little or no computer capability.
Like they claim they couldn't track down the most recent shooter, despite being called with warnings and knowing the guy's real name.
Who also are asking for yet another $300 million in their budget to "combat russian bots".
WTF is wrong with this picture?
Bucks County shares a border with Philadelphia but does not lay within its borders.
I remember getting a hot off the press NSA guide to computer security back in 1987 or 1988, sometime round there anyway. Ever since then its been my security blueprint. Never seen a computer hacked that adhered rigidly to those rules, and i've sat with some of the best, and tried. In fact i've offered an open challenge to anyone to network up to a properly secured trusted bsd box by above named guide and give it a go. At conventions engaging in such things i've seen just about everything else broken including tor on tails which is laughable compared to STOP XTS-400 which i also saw broken way back when.
The unpalatable truth is that people dont want secure systems, or are not in a position to secure a system.
In fact when i look at the root causes for breaches in my records nothing has changed regarding the fundamental underlying problems since the 1960s. I call it the towering inferno syndrome where Steve McQueen says "You know, one of these days, you're gonna kill 10,000 in one of these firetraps, and I'm gonna keep eating smoke and bringing out bodies until somebody asks us... how to build them.". Nobody ever bothers asking ok how do we build them..
Non faciat malum, ut inde veniat bonum.
How does the Primary Fundamental Right deal with pornography?
The Primary Fundamental Right makes no distinction about what you can put in or take out from your own body. What you do to your body is your business only. Again; only you own your body therefore only you can decide what you can see, hear, ingest, say, write or remove from that body. Under the Primary Fundamental Right all censorship is illegal including the prohibition against racial, religious, political, scientific, gender or sexual vilification. The right to vilify is a fundamental freedom and its loss a red alert indicator of approaching Totalitarianism. Defamation redress should still exist.
Does that mean its okay to watch child porn?
No it doesn't. Child porn is the exploitation of innocents. It would be hard to believe that the children involved are willing participants unless the whole thing was computer generated and no real children were involved. What it means is that it is not illegal to look at any pictures of anything. It would still be illegal to force anyone to have unwanted sex.
So anyone can download pictures of sex with children or a snuff movie to their computer and not get arrested?
Yes that's right. Just because pictures were taken of illegal acts does not mean it should be illegal to view them unless they are computer generated and copyright protected and require payment to view. At the moment only the police and the judiciary are allowed to look at child pornography without being punished which says a lot in itself. This situation allows anyone from a wife wanting sole custody to criminal police uploading child porn on someone's computer by using a Trojan virus email. Theoretically it should then be possible for the perpetrator to get the complete co-operation of that targeted individual by using threats of imprisonment and total social destruction. Nothing today is more damning for a man than being labeled a pedophile, as Julian Green in England found out after his computer was infected by such a virus.
It appears that only zero censorship laws as advocated by the Primary Fundamental Right can stop this practice from happening. As countries become more security conscious and police powers more intrusive, greater violations of basic human rights will definitely happen more often. A good computer firewall program should help prevent these activities though supposedly some reputable firewalls have already been made with back doors to enable certain police to enter at will.
It should be recognized that the police around the world probably hold more child pornography in their possession than all the other interested groups put together. As with drugs any commodity made illegal increases in value and tends to corrupt. If the objective is to stop the sexual abuse of children then by gradually releasing these huge amounts of pictures the police could keep the market in child porn flooded for years to come. No new pictures would need to be produced to keep up with demand so in theory fewer children should be abused. This action could also legally allow the computer generated child porn pictures to compete with the real ones therein hopefully reducing the long term level of such abuse. Pedophilia has always been there and it is never going to go away but the abuse of the children probably could be minimized.
It can be strongly argued that censorship laws designed to supposedly stop the sexual abuse of children actually help promote it. Once again this can be blamed on the hypermaternals and their love of censorship and their desire to punish all non-Conformists.
The sad thing is many pedophiles are children in adult bodies or normal adults who were themselves sexually exploited as children. Some time in the future pedophilia will be seen to be what it is, a probable medical problem that could possibly be helped, not a criminal one where communal revenge is really the prime objective.
Everyone seems to overlook the fact that probably over 98% of all criminal pedophiles are men. This means that it is a male related disturbance simply because it doesn't afflict women to the same degree. Therefore it could be seen as a testosterone induced condition. It's probable that 99% of all men sometimes find some children sexually attractive to some degree but 98.99% have better control over their testosterone induced inclinations. Statistically and biologically it is impossible for all men to have full control over their testosterone just as it is in having full control over anything biological.
When some men's primary sex drive is child oriented it is probably equally impossible for them not to commit an offence should the opportunity arrive. This could be similar to telling a normal heterosexual male not to try and make contact with attractive women. To punish that non aggressive male for his natural thoughts and actions is absurd. To punish the non aggressive pedophile could therefore also be inappropriate. Everything is relative when dealing with sexual pleasure.
The reality is that they are being punished for being the men on the far side of the bell curve. Statistically someone has to occupy that position. Had they been born women then they would have had a possible 98% less chance of committing the crime of pedophilia. Theirs is a biological handicap, probably no different from being born with a club foot. But to make matters worse they are constructed to enjoy their deviance. This implies that they could also serve another function within society. Possibly they are born to be the 'bogey man' predators so that parents would be fully protective towards their children and train them early to recognize possible danger.
Common sense dictates that defenseless persons should not be left alone with any male capable of spermiation unless he is their natural father.
And therefore, I suppose, it is entirely justified that Russians can probe American machines from anywhere in the world, with a "warrant" (or at least a nod and a wink)?
Typical American exceptionalism thinking their judiciary can override that of other countries... <facepalm>
So if I want to watch and distribute child porn I would have to join the FBI?
Or the IWF.
Biting the hand that feeds IT © 1998–2018