back to article FBI: Er, no, we won't reveal how we unmask and torpedo Tor pedos

The FBI is refusing to hand over details of the software it used to track and unmask anonymous viewers of a child sex abuse websites. The Feds said the details are irrelevant to the case. In February of 2015, the FBI seized the servers running a dark-web pedophile website called Playpen, described as the largest archive of its …

  1. Anonymous Coward
    Anonymous Coward

    Let's face it, it's going to be Adobe Flash. When is it not Flash.

    1. Andy Non
      Coat

      Flashing should be against the law. Pervs.

    2. Anonymous Coward
      Anonymous Coward

      @Anonymous Coward

      Ancient Aliens Guy with the Centarui-style hair: "I'm not saying it was Adobe Flash... But it was Adobe Flash."

  2. Suricou Raven

    I know that pattern.

    Three to establish.

    n messages, where n>=0

    Four to tear down cleanly.

    That's just TCP. They've used a very roundabout way to say their software establishes a quick TCP connection.

    1. Anonymous Coward
      Anonymous Coward

      Re: I know that pattern.

      I'm surprised someone hasn't tried to patent it, adding the words "sent from a mobile device".

      Us technical people know it as TCP, some lawyers wouldn't know an IP datagram if it jumped up and bit them on the knee cap.

      1. This post has been deleted by its author

    2. Preston Munchensonton

      Re: I know that pattern.

      That's just TCP. They've used a very roundabout way to say their software establishes a quick TCP connection.

      Yep, I had the same thought reading that bit. There's practically nothing about the data stream that would be particularly useful from defense perspective. They're hinging everything on the FBI's strong desire to keep the flaw private.

      1. ultimate_noobie

        Re: I know that pattern.

        I'd also like to add that the other flaw they are attempting to hide is that they [FBI] broke into the computer unlawfully [without warrant] to plant the tracker. The clue to that is in the statement "Knowing how someone unlocked the front door..." means that the FBI had to pull an electronic B&E. Flashing a warrant is a great defense for ones actions, which I suspect they would have done if they had bothered to get one. I'm all for erasing this type of content from the internet, through the use of fire and medieval torture devices for preference, but I'm a person. As an agency, they can get permission to do these things--I'll avoid any argument on whether they should be allowed to--but they do have to maintain transparency and work within their bounds to do it right. Otherwise, they may as well start wearing costumes and start claiming to work only in the name of "Justice" which is just as inadmissible.

    3. Raumkraut

      Re: I know that pattern.

      That's just TCP. They've used a very roundabout way to say their software establishes a quick TCP connection.

      If it's just TCP, and they apparently use the least number of packets needed to perform the operation, doesn't that imply that the connection was entirely unencrypted?

      So doesn't that mean that there's no real way for the FBI to guarantee that those connections had not been interfered with en-route?

  3. sisk Silver badge

    "The exploit merely enabled the government to bypass the security protections on Michaud's computer to deliver the NIT instructions,"

    So....let me get this straight. They committed a federal felony (bypassing security is a felony now) in order to install spyware on his computer that forced it to phone home without informed consent on the part of the owner. All of which would render their evidence inadmissible in court.

    I'm all for stopping pedos, but lets do it within the rule of law rather than allowing legal technicalities that a defense lawyer can drive a truck through to get them off.

    1. Sproggit

      This Is Where It Gets Interesting...

      That's an interesting point you raise. Are law enforcement officers permitted to commit other felonies whilst in pursuit of a larger crime?

      I am sure there are a stack of different applicable scenarios, case law and situations, but at one end you might argue entrapment. The FBI will counter with the idea that they simply "sat and watched" whilst visitors to the site broke the law - however, if they had to break the law themselves to gain access to the site server, then does that make their evidence inadmissible in court?

      It's interesting to note the patterns here, though. Law enforcement is rightly very concerned about crime in the digital domain [we should be grateful for that] but at the same time the test cases they bring to Court [i.e. the San Bernardino phone case against Apple] are clearly being carefully selected not for their severity but for their applicability as "test cases". The really interesting thing is that "public opinion" seems to matter as much as the remedy that they seek...

      As the saying goes: "The road to hell is paved with good intentions"

      1. Anonymous Coward
        Anonymous Coward

        Re: This Is Where It Gets Interesting...

        That's an interesting point you raise. Are law enforcement officers permitted to commit other felonies whilst in pursuit of a larger crime?

        Two answers:

        1 - yes, if duly authorised by a judge. It would be rather hard to do any sort of undercover work otherwise.

        2 - the eternal problem: who watches the watchmen? This is the exact reason why transparency and accountability should not be optional.

        Sorry to be harsh here, but I have to whistle back some commentards here because they are falling into the terrorist trap of letting emotions come before judgement. There is no fundamental difference in legal process between someone dealing in drugs or someone engaging in child porn insofar that the legal process MUST remain identical: suspicion, warrant to gather evidence, arrests, evidence in court plus full methodology to ensure we're not facing an unsafe conviction due to entrapment or misinterpreted technical evidence, and then a proper trial where the main challenge is to avoid trial by media because you can be damn sure that the "success" will somehow magically leak before there's even a trial.

        The reason I'm harsh here is because I have seen CP been used to ruin someone's life, just because he upset some foreign dignitaries. In the UK, all you need is possession so if I send you a USB stick in the post with CP and then tip off the police they will be there in an hour and raid your place. That means they'll take all your tech, leaving you for months with nothing more sophisticated than a calculator unless you buy (the police doesn't care you have a life and a business to run), and if they find that USB stick you WILL be found guilty because if there is one thing the police will NOT investigate, it is any evidence that you may be innocent. The judge will happily play along with this because the whole assembly is only after the statistics, not justice.

        As for consequences, it means you're on a register that pretty much prevents you from working anywhere with children, and if you have a family, it means you are no longer even allowed to see your kids without a third person present. If you had a business that relied on trust, or maybe a clearance, you can kiss that goodbye too - you best start thinking about working abroad.

        And no, nobody will be interested that you have been falsely convicted, nobody. I could not believe it when I started to review the case and I must say it wholly destroyed any shred of trust I had left in the legal system - a more blatant case of entrapment was hardly possible.

        Now you know what you have to keep all your data encrypted. Not because of theft, but because someone could add something and so make use of a government implemented mechanism to put people aside who become a problem. Now imagine what can be done with a hacked photo stream or with WhatsApp, your number and and a burner phone..

        Law enforcement has never been less on the side of the citizen.

        1. martinusher Silver badge

          Re: This Is Where It Gets Interesting...

          This is why I've never liked anti-child porn crusades. Its not that I'm in favor of child porn -- or any porn, come to think of it -- but I have always thought that making possession of information without intent is the very thin edge of a very large wedge. There are many issues here, but the most obvious one from a programmer's perspective is that CP is just a class of information. If you build a trans-national enforcement regime around that class then there is exactly nothing to stop you from using the same enforcement regime on any other class of information. Obviously everyone will tell me I'm just being paranoid, that they'd never do that and so on, but that's a huge leap of faith that flies in the face of history.

          (Incidentally, to those who would tell me that possession of information is evidence of intent to harm I'd say "What about that gun catalog?". Suddenly the abstraction is different -- apparently me ogling all sorts of mass killing weapons is only harmful if I grab a physical weapon and head for the local high school. Again, as programmers we should see there's an obvious inconsistency.)

    2. Seajay#

      Indeed, I don't want to see their code. I want to see their warrant.

      If they have that then the unauthorised access isn't a crime. In the same way breaking down your door for a warranted search of your house wouldn't be.

      1. Fred Flintstone Gold badge

        Indeed, I don't want to see their code. I want to see their warrant.

        No, you need both, or you are basing on an assumption that the FBI has done the right thing, and that is far from certain. We have already seen in Apple vs FBI That they have no problem gaming the system, the last shred of trust has in my opinion been destroyed.

        Evidence based on unassessed or unexplained technology should be as inadmissible as evidence obtained through magic - in the eyes of people without technical competence they are, after all, indistinguishable..

    3. Old Handle

      More to the point, IMO, they tampered with his computer, which is now being used as evidence. How can they get away with not revealing what they did to it?

    4. Anonymous Coward
      Anonymous Coward

      Better

      Call Saul....

    5. Suricou Raven

      Yes, but the accused is a filthy pedo. Possibly the most hated of all criminals. They could charge him with sinking the Titanic and still have a decent chance a jury would convict.

      1. Anonymous Coward
        Anonymous Coward

        Yes, but the accused is a filthy pedo. Possibly the most hated of all criminals. They could charge him with sinking the Titanic and still have a decent chance a jury would convict.

        The accused is suspected of being a filthy pedo. You see what you did there yourself? This is precisely why it all has to be done perfect and watertight because you're about to ruin someone's life, forever. If they're into CP I'll be the first to be ecstatic that we can lock up someone, but I get suspicious when much of a case leaks to the press before it's even been near a Court.

  4. TonyJ Silver badge

    I am all for...

    ...hunting down and locking away paedophiles, but if you're doing just that - hunting them down, taking them to court with the full intention of locking them away for as long as possible where they will suffer at the hands of other prisoners* then you owe them the right to a fair, transparent and open trial.

    You cannot simply say "we don't want to show how this works" because otherwise it could be something as ridiculous as anything from "we got their IP and MAC addresses therefore we can link that to a person" right up to the more useful "we can tell you the serial number of every identifiable component within the PC" or anything in between.

    *Not that I have any moral objection to this.

    The FBI need to tread very carefully here. Not only with the above, but also the sheer legality or otherwise of their actions.

    1. Anonymous Coward
      Anonymous Coward

      Re: I am all for...

      ... locking them away for as long as possible where they will suffer at the hands of other prisoners* ...

      *Not that I have any moral objection to this.

      Have your downvote, sir. You are no better than the people you object to.

      1. TonyJ Silver badge

        Re: I am all for...

        "...Have your downvote, sir. You are no better than the people you object to..."

        Really?

        You are seriously saying (anonymously, of course) that you believe that someone who has no feelings towards the continued wellbeing of someone who takes part in the sexual abuse of children once those predators have been through the due process of a fair and reasonable trial that leads to their conviction, is actually "no better" than said abusers of children?

        You need to check your moral compass because it appears not to be working.

        I can think of no crimes worse than ruining the future of a child, or indeed of harming a child in any way shape or form out of some malice or perversion.

        1. Anonymous Coward
          Anonymous Coward

          Re: I am all for...

          > someone who takes part in the sexual abuse of children

          He is accused of no more than looking at pictures online. By that logic, how many murders is a person guilty of taking part in, just by watching the nightly news?

          1. TonyJ Silver badge

            Re: I am all for...

            Two things here - if you see my original response I did say that as he is accused, he needs a fair trial and for that to take place his defence need full access to how the case was built against him.

            You show a blindingly simplistic view. "...He is accused of no more than looking at pictures online..."

            If there was no demand for this then these sites wouldn't exist. If these sites didn't exist, how many fewer children would suffer? By increasing the demand, even someone who "only" looks at pictures is perpetuating, therefore (perhaps indirectly) taking part in the continued abuse of children.

            1. Adrian 4 Silver badge

              Re: I am all for...

              While your argument may be valid, it also applies to terrorist atrocities. If they were not news, there would be little point in committing them.

        2. This post has been deleted by its author

        3. RedCardinal

          Re: I am all for...

          >>I can think of no crimes worse than ruining the future of a child, or indeed of harming a child in any way shape or form out of some malice or perversion.

          Not even say, murder? Or blowing up a bomb in Belgium that kills dozens of peoples. You're really saying that child absue (horrible although it is) is worse? I think you need to get a perspective here...

          1. TonyJ Silver badge

            Re: I am all for...

            "...Not even say, murder? Or blowing up a bomb in Belgium that kills dozens of peoples. You're really saying that child absue (horrible although it is) is worse? I think you need to get a perspective here..."

            Yes. Yes I am saying that.

            Because, generally speaking, murder victims don't go on to commit murder and victims blown up in an act of terrorism don't generally go on to become terrorists. Yes these things can be life changing/ending/altering for the worse, but child abuse lasts a lifetime and there is plenty of evidence to show that abused kids tend towards becoming abusive adults. I would also suggest that there is far more abuse of children going on than acts of terrorism or murder. If there weren't we wouldn't have a need for charities like childine or require social workers.

            So yeah - if we treat our children properly, and educate them, and give them the chances they need to succeed then we might just begin to stop the perpetuation of all sorts of violent behaviour down the line.

            So let's look again at my sens of perspective over yours?

        4. DavCrav Silver badge

          Re: I am all for...

          "You are seriously saying (anonymously, of course) that you believe that someone who has no feelings towards the continued wellbeing of someone who takes part in the sexual abuse of children once those predators have been through the due process of a fair and reasonable trial that leads to their conviction, is actually "no better" than said abusers of children?"

          Yes. If you believe in corporal, extra-judicial punishments as part of the legal system, then you are no better than child abusers, or in this case someone who looks at a picture, as you believe in using violence to impose your will. There might be a quantitative difference, but you are in the same category, along with rapists, terrorists, people engaged in domestic violence, and so on.

          1. Anonymous Coward
            Anonymous Coward

            Re: I am all for...

            "You are seriously saying (anonymously, of course) that you believe that someone who has no feelings towards the continued wellbeing of someone who takes part in the sexual abuse of children once those predators have been through the due process of a fair and reasonable trial that leads to their conviction, is actually "no better" than said abusers of children?"

            Yes. If you believe in corporal, extra-judicial punishments as part of the legal system, then you are no better than child abusers, or in this case someone who looks at a picture, as you believe in using violence to impose your will. There might be a quantitative difference, but you are in the same category, along with rapists, terrorists, people engaged in domestic violence, and so on.

            I'd have a different take for flagging my dislike: this allows emotion to bypass proper due process, and then the legal system becomes nothing but a toy for the media. Ooooh, we don't like him, guilty! Oh no, she's cute, she must be innocent.

            If you want to see how that works in practice, just look at US death during arrest and death in custody problems they have right now, and pay attention to what happens afterwards to the perpetrators.

            1. Anonymous Coward
              Anonymous Coward

              Re: I am all for...

              If you want to see how that works in practice, just look at US death during arrest and death in custody problems they have right now, and pay attention to what happens afterwards to the perpetrators.

              Indeed. A black man attacks a cop and gets shot in the process and we have riots and an entire political movement saying that blacks should be able to do whatever they want to cops and not face the consequences because they're black.

              Anon because pointing out the hypocrisy in Black Lives Matter is unpopular.

            2. DavCrav Silver badge

              Re: I am all for...

              "I'd have a different take for flagging my dislike: this allows emotion to bypass proper due process, and then the legal system becomes nothing but a toy for the media. Ooooh, we don't like him, guilty! Oh no, she's cute, she must be innocent."

              I have always maintained that one solution to this is for no identifying information about the accused to be available at trial: all questions answered at the trial should be done by transcript, and as far as possible everything suggesting the race and sex of the person involved should be expunged.

              This has two effects: firstly, it means that biases (read: prejudice and irrational fears, lies, etc.) would be unable to be stacked for/against the defendant, and secondly it would not allow the jury to exercise their powers of reading people to decide if they are lying (hint: people are terrible at this).

        5. Cynic_999 Silver badge

          Re: I am all for...

          "

          I can think of no crimes worse than ruining the future of a child, or indeed of harming a child in any way shape or form out of some malice or perversion.

          "

          The crime in question is the act of *looking at pictures* - albeit for sexual gratification. I'm not sure how you have concluded that the act of looking at pictures in private can result in the harm of anyone. But if you do have a plausible scenario whereby that is likely, should we not make it a far more serious offence to look at videos of terrorists beheading people?

          Sure, the acts that took place in order to obtain the images may have caused a lot of harm, but it is unlikely that a person who downloads any image that is freely available on the internet can be held in any way responsible for the acts depicted, and therefore can surely not be regarded as deserving of brutal treatment.

    2. wolfetone Silver badge

      Re: I am all for...

      Surely them saying "We won't tell you how we did it, we just know you did it" could be used against them in terms of entrapment? Could be very easy to blame the FBI for planting evidence. It's not like that hasn't happened before.

  5. P. Lee Silver badge

    I hope there's more to it

    This material needs to go, and perpetrators taken down, but I hope there is more evidence than, "We've got this print out wot says 'e dunnit."

    I also fear this may be a short-lived success. Usb3 hot plugging boot drives and RAM disk based systems mean there's no reason to leave any trace on a computer which could be seized.

    Lastly, how comfortable are we having law enforcement taking control of a computer and then using what's on it as evidence? It seems to break the principles which apply to evidence preservation used when they take physical evidence. How do you defend against allegations of planting evidence?

    1. Anonymous Coward
      Anonymous Coward

      Re: I hope there's more to it

      Lastly, how comfortable are we having law enforcement taking control of a computer and then using what's on it as evidence? It seems to break the principles which apply to evidence preservation used when they take physical evidence. How do you defend against allegations of planting evidence?

      You're defenceless against an insider. If the arresting team has a weakness in the chain of custody you are essentially screwed because as an outsider you'll never be able to prove that, also because the very means to prove your innocence has just been taken from you. That's the other scam from a police perspective: their focus is on getting you as a conviction statistic, not as a victim of a clever hack so they will waste zero time on discovering how data ended up on your machine or otherwise in your possession. The last thing they want is to discover evidence that may raise doubt about your guilt or the intention they try to ascribe to you.

      All you can do is wait for agonising months until they start putting a case together. I can tell you from having witnessed it from up close that it pretty much destroys a family. Even if you are 100% innocent, you will be damaged by this, and I have come to the conclusion that this cannot be by accident. The pieces just fit too nicely together.

  6. Bota

    It was a javascript vun, it was discussed months ago.

    Also, anyone using Tails wouldn't of been affected.

    That said, if they want to see that shit I really hope they like the taste of prison food.

    And penis.

    1. Anonymous Coward
      Anonymous Coward

      "Also, anyone using Tails wouldn't of been affected."

      Tails is effected.

      1. Anonymous Coward
        Anonymous Coward

        Anyone using a VMware machine with the C drive set to non-persistent and the lock file mapped to a ramdrive and the network card bridged to an iPredator vpn, with a login script on the host that changes the MAC address of the virtual network card... "wouldn't of been affected"

      2. Bota

        No it isn't.

        Regular users of the Tor browser are open to side attacks which can open connections outside the TBB. Meaning that a direct connection between the computer being targeted and the machine doing the targeting can be established.

        With tails, all traffic is routed through Tor. Hence this attack cannot work.It is that simple.

        1. Anonymous Coward
          Anonymous Coward

          Huh?

          "With tails, all traffic is routed through Tor. Hence this attack cannot work.It is that simple."

          Wait, so if the FBI has seized and fully controls the Playpen server, and the subject's computer has been infected with an exploit that reports the suspects IP/MAC address/quantity of Justin Bieber songs in music library/etc back to the server, you are asserting that the fix is to ensure all traffic is routed through Tor?

          I don't know anything about their exploit, but it appeares that it did not rely on "leaking" connections outside of Tor. It seems likely that the attack wouldn't even try to bypass Tor in order to avoid detection.

          Given the hit rates, I'd guess that the exploit may be as simple as seeding a hot_nekkid_pics.zip.exe file on the server. Keep it simple, if you catch 10% of 215,000 users that way, you still have a ton of cases to bring to court. One could argue that the FBI didn't even compromise the subject's machine, they relied on the idiot's own actions to reveal themselves.

          Plus, the original goal would have been to bring the server down (and, hopefully, go after those running it and producing any content). Nailing a few consumers is just gravy if it helps with deterrence.

          1. Bota

            Re: Huh?

            I don't know anything about their exploit, but it appeares that it did not rely on "leaking" connections outside of Tor. - that's exactly what happened. But if you want to believe super amazing new methods were used, then ok.

          2. Bota

            Re: Huh?

            Wait, so if the FBI has seized and fully controls the Playpen server, and the subject's computer has been infected with an exploit that reports the suspects IP/MAC address/quantity of Justin Bieber songs in music library/etc back to the server, you are asserting that the fix is to ensure all traffic is routed through Tor? - The exploit worked by running a javascript exploit on the main site, setting up a connection directly to the FBI server separate to the connection to the playpen site. The only details it gave were MAC and IP. Nothing more. So yes, the vulnerability would not of worked because it wouldn't of been able to set up a side connection outside of Tor. Also, anyone not allowing JS to run wouldn't of been affected.

            I don't know anything about their exploit - so why argue it?

            Given the hit rates, I'd guess that the exploit may be as simple as seeding a hot_nekkid_pics.zip.exe file on the server - If a site has x amount of files and you infect 1, what is your hit rate as compared to just running a JS exploit on the main page and nabbing everyone who visits it?

            they relied on the idiot's own actions to reveal themselves. - yes.

            Plus, the original goal would have been to bring the server down (and, hopefully, go after those running it and producing any content). Nailing a few consumers is just gravy if it helps with deterrence. - Agreed, but from what I've heard the goal was always to take the clients, then the server.

    2. Anonymous Coward
      Headmaster

      @Bota. FFS

      Wouldn't HAVE been affected.

      Christ on an AT-AT, 3 year old remedial foreign speaking bi-lingual children dont make that error.

      1. Bota

        Re: @Bota. FFS

        English is one of the 3 languages I speak. If it isn't perfect 110% of time I BEG for your forgiveness.

        1. DavCrav Silver badge

          Re: @Bota. FFS

          "English is one of the 3 languages I speak. If it isn't perfect 110% of time I BEG for your forgiveness."

          Sorry, I just cannot help myself: It was too obvious a target.

          "English is one of the three languages that I speak. If it isn't perfect 100% of the time I beg your forgiveness."

          FTFY.

  7. Glenn 6

    As usual, it's OK for governments to surreptitiously install spyware on our computers, under the usual excuses of either "protecting children" or "stopping terrorism". Since when is the FBI above the law? I don't care what their reasoning is, they should be expected to obey the law which means not bypassing security and installing malware.

  8. JimmyPage Silver badge
    Boffin

    The US has a doctrine "the fruit of the poison tree"

    "Are law enforcement officers permitted to commit other felonies whilst in pursuit of a larger crime?"

    The final arbiter here, is the courts. If they allow evidence which has been illegally obtained to be presented, then the assumption is, it's "allowed". If they do not allow illegally obtained evidence, then it's not allowed.

    The US has a doctrine "the fruit of the poison tree" which is a principle that illegally obtained evidence - and subsequent discoveries - are not permitted. It's a frequent plot device in shows like "Law & Order", and quite fascinating to a UKain, as there's quite a body of precedent and law around it (for example a cop is permitted to search an arrested suspect, but *only* to ensure his own safety (i.e. no hidden weapons).

    Here in the UK, 99% of courts (i.e judges) have repeated made it clear they couldn't give a toss what laws may have been broken to bring a case to court. The (somewhat specious) reasoning being that to punish the state for breaking the rules would deny the individual victim in the case justice. Or, in other words (but not ones they'd like, no matter how accurate) "the end justifies the means". Personally, I subscribe to an old-fashioned notion that the law applies to all. But I know that's not really the vogue now.

    UK cases where a judge has thrown out dodgy evidence are far and few between, and therefore newsworthy, The last one I can remember (so showing my age, and how shit the system is) is when the judge in the Colin Stagg trial went ballistic at the prosecutions use of tabloid-style psychobabble, and tore the CPS and Met Police a new one - very publicly.

  9. earl grey Silver badge
    Unhappy

    "something as egregious as child abuse."

    I think what you meant to say was: "something as egregious as alleged child abuse."

  10. EnviableOne Bronze badge
    Stop

    Hypothetical

    Ok so it the FBI broke into a chat server on Tor, connected from that server to anyone that made any comments that pertained to illegal acts, and recorded their IP and MAC and then went round to there house and arrested them for those comments.

    you think any US judge would not throw this case out?

    It shouldnt matter the type of site or the reason for connection, the FBI actions are in cntrevention of the law, and unless pre-authorised by the judiciary any evidence gathered is "fruit of the poison tree"

  11. Ropewash
    Unhappy

    This exploit

    First they used it on the paedos and I did not stand up for I am not a paedo.

    Then they used it on the drug runners and I did not stand up for I am not a drug runner.

    Then they used it on the file sharers and I did not stand up because a bunch of goons were pinning me to the floor.

    Okay... I don't use TOR to fileshare (yet) but the idea of feds uploading code to my computer at their own discretion makes me a bit twitchy.

  12. RedCardinal

    In every case so far, they've been caught either through flash exploits or by revealing details about themselves which have allowed them to be indentified outside of the Dark web. As far as I'm aware the Feds don't have any handy way of "unmasking" people other than replying on people's stupidity...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019