back to article Tor pedos torpedoed again, this time Feds torpedo four Tor pedos – and keep how they unmasked dark-web scumbags under wraps

The FBI is keeping quiet how exactly it brought down a Tor-hidden pedophile haven, having secured decades-long prison sentences for four of the website's administrators. Three men from the US and one from Canada were sent down for 20 to 35 years each for running a .onion site called The Giftbox Exchange, used by warped …

  1. J. R. Hartley Silver badge

    Rogue nodes. Tor has been fucked for many years.

    1. Sorry that handle is already taken. Silver badge

      Kind of the natural progression of this kind of thing isn't it

    2. bombastic bob Silver badge
      Devil

      as I understand it, many Tor nodes are OWNED (not just pwned) by the Feds, for various reasons that include helping people behind national firewalls to get information, communicate, etc..

      And... I'm sure they monitor exit points too, when necessary. Which ones? That's probably why it's SEALED.

      1. phuzz Silver badge

        The original funding for Tor came from the US's Office of Navel Research. They also had some funding from DARPA.

        I assume that they originally thought it would be a useful tool to push into countries like China, in order to fuck with the censorship there.

        1. defiler Silver badge

          Do they do a lot of gazing there?

          1. John Brown (no body) Silver badge
            Thumb Up

            No, that would be Navel Observatory.

          2. phuzz Silver badge
            Facepalm

            Curse this dyslexia!

            Also curse my lack of proofreading.

        2. Paul Crawford Silver badge

          Not just censorship - if you want to communicate with your spies you need to make them less obvious than being the only one in a city using an encrypted protocol. Hence making the project public so you can hide your wood in a forest.

          If you pardon that unpardonable pun considering the story topic...

        3. MachDiamond Silver badge

          "The original funding for Tor came from the US's Office of Navel Research. They also had some funding from DARPA."

          That's an urban myth. I don't have a link handy but there is a Defcon talk with the original author who continues developing TOR. The talk is on YouTube.

      2. Turbo Beholder

        Well, yeah, the only reason it's not useless is that too many different parties want to play this game.

    3. sum_of_squares
      Trollface

      I see what you did there..

  2. IceC0ld Silver badge

    disgusting site, disgusting users, well played to the feds for getting them shut down and away

    and well played to El Reg copy writers for the

    Feds torpedo four Tor pedos

    1. JLV Silver badge

      “Damn the tor pedos!”

      I feel bad for the cops, jury and everyone that has to look at the evidence in the process of sending these scums to jail. Of course, the victims most of all, but that’s a given. Must be super hard to choose that and stick with it as a law enforcement career.

      1. Anonymous Coward
        Anonymous Coward

        I once attended a lecture by the Met on how they use facial recognition to match victims and perpetrators because apparently there is often an active parental involvement in kids being pushed into this sick game.

        I must admit I'm full of admiration for the people who can do this sort of work and still have a normal family life because as a father I'd probably be ready to butcher every one of those people by hand with a serrated knife after a day.

        The only red flag in this is the lack of proper due process and reasonable doubt consideration in CP images (possession is criminal, no investigation or consideration of how they landed on a machine to identify active intent) because that screams entrapment potential to me - send a possible witness a couple of badly protected USB sticks and then tip off the police, and voila, problem solved.

        1. Pascal Monett Silver badge

          Re: lack of proper due process

          Um, what makes you say that due process was lacking ? I don't remember reading that the FBI jumped to conclusions or arrested the wrong people.

          The fact that the FBI is not making its tracking procedure public does not mean that the judge isn't aware of how it was done, I'm sure the FBI explained everything to the judge behind sealed doors.

          1. phuzz Silver badge

            Re: lack of proper due process

            AC was talking about the situation in the UK, not the FBI.

        2. joeW Silver badge

          According to a police detective I know who works in this area, it's pretty rare for anyone to remain in the department after they have kids of their own.

          1. BebopWeBop Silver badge

            I was asked to act as an independent expert to look at phone and IP data in such a case. Just to confirm that the data presented was reasonable and very probably generated by the individual charged and the device under their control (it was pretty damning and the volume of data would have been difficult for someone to forge consistently).

            My conversations with one of the CEOPS officers involved included a brief discussion of how they go about examining the sites addressed. 2 officers at a time, frequent counselling, and frequent shifts to other work, I believe the strain on all officers viewing this type of material are extreme.

            1. Anonymous Coward
              Anonymous Coward

              I have seen a case where they found one or two images after a tipoff on a backup of a phone that was not even in the alleged perp's possession, and whose owner could have been identified with ONE (1) communication with the specialists that Apple has on hand explicitly to assist with law enforcement.

              I had a look at the "evidence" which made it very clear to me that the "senior officer" who wrote this up stuffed every certification short of a primary school spelling award in there to hide the fact that he was only capable of operating the discovery software because someone had shown it to him, but that didn't matter.

              With CP, intent, mens rea and reasonable doubt do not apply. You have it, you hang, also because the police is far more interested in adding you to their success statistics than to find reasons why you could possibly not be guilty. There was simply nothing that could be done, and it meant that what I would call the victim here (because this was done as retaliation) basically lost his business and his family - in case you don't know, with a CP conviction you're not even allowed to see your own children unaccompanied. It also meant that the person who did this and sourced those pictures is still walking around with them - blissfully free of any further risk.

              That was the day I started advising ANYONE who uses a computer for their office to make sure they're properly protected and ensure everyone has their own accounts and (decent) passwords. Especially with high end work you cannot afford to take *any* risk.

        3. anothercynic Silver badge

          The amount of people fighting this ending up with PTSD and requiring mental health intervention is frightening.

        4. Anonymous Coward
          Anonymous Coward

          Some years ago the police caught someone with Betamax tapes that contained illegal porn on, they thought they would get away with it because the police couldn't view the tapes, until I lent them my Betamax machine...

    2. jeffdyer

      I disagree about the "copy". It's a disgusting crime, not something to make jokes about.

  3. tekHedd

    Well, good work then. However...

    "The FBI seeks to keep this information secret to prevent ANYONE from adjusting their methods to evade detection."

    Just fixed a small typo for ya.

  4. Anonymous Coward
    Anonymous Coward

    IIf the FBI monitor several nodes in the US long enough, they are bound to get lucky at capturing packets hopping all the way. User and server in the same jurisdiction is always going to be detectable.

    1. phuzz Silver badge

      They'd have to be monitoring either an entry node or the hidden server itself. Capturing packets in between is of no use because they're encrypted, so you don't know what's in them, and the routing is obfuscated so nodes in the middle don't know where they originated, or where they will finally end up.

      The whole design of TOR is to prevent exactly that sort of interception.

      If I had to guess, I'd put my money on them finding one of the people involved first, flipping them with a promise of potentially reduced sentence, and then using that person to get more information, and more access. Once they've got access to someone with admin access on the site, they can roll up everyone.

  5. Anonymous Coward
    Anonymous Coward

    Is it really an issue ?

    With the obvious declaration I am pleased such sick fucks have been caught, does it really matter exactly how TOR was compromised to do it ?

    I say that from a point of view that I always assumed TOR was compromised, so it's no surprise the Bad Guys got caught.

    Generally, I assume *everything* is compromised, and act accordingly ... if I wanted to send a secure message then I would start by not using email, Skype, Facebook, etc etc as a matter of course.

    I'd wager that (sadly) a lot more dodgy material is available publicly than via shadowy darkweb sites. Binary newsgroups for a start ... who knows *what* is being cached there ????? Certainly without an appropriate index *and* key - no one. It may as well be random data (and a lot is, just to up the S/N ratio).

    1. RedCardinal

      Re: Is it really an issue ?

      Was TOR compromised? 10 to 1 says that Tor itself wasn't compromised in any way but that the perps were caught either due to not configuring the Tor Browser properly or by allowing themselves to be id'd outside of Tor. As far as I'm aware, every person arrested to date for committing crimes on the darkweb has been caught due to one of these two methods.

      1. Long John Silver
        Pirate

        Re: Is it really an issue ?

        You have succinctly stated a view I expressed some time later than your post. It boils down to traditional police investigative techniques, ingenuity, and patience. IT 'magic' has a place but it is subordinate.

      2. Dave314159ggggdffsdds

        Re: Is it really an issue ?

        As far as I'm aware, there are plenty of good reasons to think Tor was created as a honeytrap by the US, and is thoroughly compromised by design. The name Tor is shortened from 31-TOR - ROT-13 backwards - in a nod to the level of security it offers.

        1. Anonymous Coward
          Anonymous Coward

          Re: Is it really an issue ?

          If Tor was created as a honey trap then why aren't there hundreds of prosecutions per week for all the drug dealers using it?

          1. Anonymous Coward
            Anonymous Coward

            Re: Is it really an issue ?

            If Tor was created as a honey trap then why aren't there hundreds of prosecutions per week for all the drug dealers using it?

            Who says there are hundreds of drug dealers a week using TOR ? Or is this were you make a rare exception and actually believe something the government tells you ?

          2. Fred Flintstone Gold badge

            Re: Is it really an issue ?

            Because that would expose how they do it?

          3. Anonymous Coward
            Anonymous Coward

            Re: Is it really an issue ?

            Because they get a free pass? Economy would collapse (especially hotel industry) without them. Hmm, who's a big investor in hotels, I wonder?

        2. Anonymous Coward
          Anonymous Coward

          Re: Is it really an issue ?

          The name is short for The Onion Router, and nothing to do with the rot13 utility.

  6. Buzzword

    What about the good users of TOR? Are there any?

    If you're an NSA contractor with a trove of classified documents to leak, should you still use TOR?

    1. BebopWeBop Silver badge

      Re: What about the good users of TOR? Are there any?

      Not unless you use a great deal of other obfuscation. I would assume that anyone in that position would have some monitoring on their activity anyway. Certainly, people with SC+ clearances in the UK do (as was demonstrated to me on one of my reviews when I was in a similar position - that is that level clearance and access to documents, not being accused of shifting any on).

      Some interesting work, but the reviews are pretty thorough and hard work for all involved.

      1. Robert Helpmann?? Silver badge
        Childcatcher

        Re: What about the good users of TOR? Are there any?

        Not unless you use a great deal of other obfuscation.

        It's just like any other form of security: you shouldn't rely on only one layer to get the job done.

  7. pavel.petrman Bronze badge

    The group used encryption and cryptography

    A job well done, let the perpetrators serve the whole time please.

    But I can't not notice the wording of group used "other advanced technological means to thwart law enforcement efforts, including file encryption and cryptography" constructed to mean "encryption is a technological means for thwarting law enforcement". They are selling the backdoor business hard, aren't they. Apart from Tor & al hardly ever becoming subject to what is poised to amount to legal prohibition of encrypted communication, these days pushed for all around the western cultural hemisphere ever so actively and forcefully. This one cloud has a pitch black lining indeed.

    1. Joe W Silver badge

      Re: The group used encryption and cryptography

      Plus they caught them, so... I don't see the necessity.

    2. Anonymous Coward
      Anonymous Coward

      Re: The group used encryption and cryptography

      Anyone who uses encryption should be on a watchlist.

      Encryption in consumer apps should be removed or replaced with something breakable like enigma. It will stop casual readers but not the ones who should be keeping tabs.

      My post for example is protected by an envelope of paper. Why should digital comms be protected by something that exceeds the protection paper would give?

      Data mine everyting! Scan and store every text, every paper letter, everything. Grep it to find the crims and remove them from society forever.

      1. defiler Silver badge

        Re: The group used encryption and cryptography

        So I've got to post my PIN to the cash machine? I mean, okay - I never have cash worth talking about anyway, but isn't the latency going to be hell? That's going to leave a queue.

      2. John Brown (no body) Silver badge

        Re: The group used encryption and cryptography

        "Anyone who uses encryption should be on a watchlist."

        Did you just happen to read this very site through an https:// link by any chance?

  8. sum_of_squares
    Holmes

    > The FBI seeks to keep this information secret to prevent scumbags from adjusting their methods to evade detection.

    Meanwhile..

    https://www.theregister.co.uk/2019/08/13/header_banged_for_bafflingly_bad_behavior/

  9. Rich 2

    Keeping mum

    I can see why the FBI are keeping quiet about how they cracked this. What I have never understood is the many many many times the FBI and other law bods around the world have openly advertised how they have solved crimes. Why would you do that?

    1. horse of a different color

      Re: Keeping mum

      I heard they used PDF files to catch the paedophiles.

      1. Fred Flintstone Gold badge

        Re: Keeping mum

        LOL, I haven't heard that once since Gary Glitter :)

    2. DCFusor Silver badge

      Re: Keeping mum

      Perhaps to avoid admitting they broke laws themselves, as with the whole Stingray business? Searches without warrants, illegal hacking, all that? They've been caught a few times already..

      In this case, it's in a good cause. But we all know the line about power and corruption. and they've demonstrated the truth of that one plenty as well.

  10. prh99

    Poor opsec if I had to guess

    The name of the site eludes me, but I remember reading another TOR pedo site's user a got busted cause their forum avatars where hosted on Gravitar and many weren't particularly careful when they set them or where else they used them.

  11. KBeee
    Unhappy

    Scary

    The thing I found scariest about this was 72,000 registerd users!

    1. Anonymous Coward
      Anonymous Coward

      Re: Scary

      Thats nothing.

      The numbers that are out there, across the world is staggering. I saw an estimation of 2 in 10!

      Maybe its something in the water?

      1. Anonymous Coward
        Anonymous Coward

        Re: Maybe its something in the water?

        Nah, it's the chem-trails, man.

  12. Anonymous Coward
    Anonymous Coward

    Ban Tor

    Ban it, problem solved.

    What there are people supposedly using it in oppressive countries? So what, the kids are more important than the law breakers and rebels / dissidents in other countries.

    Law breakers / dissidents are basically the terrorists of countries just trying to get their people to follow the law. If they have a problem with that they can solve their issues by other means. We cant keep this network up just because someone wants to have a go at their leader.

    1. RedCardinal

      Re: Ban Tor

      >>Law breakers / dissidents are basically the terrorists of countries just trying to get their people to follow the law. If they have a problem with that they can solve their issues by other means.

      I'm unsure whether you are deliberately trolling here or not? The alternative is that you actually are as stupid as your comment would appear to indicate you are...

      1. Throatwarbler Mangrove Silver badge
        Holmes

        Re: Ban Tor

        Always bet on stupidity.

    2. prh99

      Re: Ban Tor

      That doesn't fix anything, mean while pedos find other places to share. We've seen plenty of times that banning a service doesn't fix problems that manifest there. For example, the attorneys general in the U.S bullied Craigs List to shutdown it's personals and actually shutdown Backpage (without the help of FOSTA btw). While the grand standing AGs (including presidential candidate Kamila Harris) declared it a victory over sex trafficking ,local police complained they'd lost valuable tools to tracking down sex traffickers. As bad as TOR is at least authorities know where to look and when they bust a site like Child's Play, running it themselves for several months can net hundreds of arrests including people who actual make child porn.

  13. Anonymous Coward
    Anonymous Coward

    Sooo...they caught the people running the site but none of the users. 4 people. what about all the rest? So much for their fabulous tor beaking techniques...

    1. Anonymous Coward
      Anonymous Coward

      for now they caught 4, but I'm sure that the ripples will travel around the world. Some people will chose suicide, when confronted, etc. It has happened at least once before, around 2000 - 2005, if I remember vaguely.

      ...

      actually, I would like to know if such information (that the FBI now have, on users around the world) is considered valuable, i.e. they, kind of, "trade it" (we've got something that might be of interest to you, do you have something of interest to us?). You might find it ridiculous, but in this day and age, everything seems to be a commodity, perhaps even information on criminals...

      1. Diogenes

        we've got something that might be of interest to you, do you have something of interest to us?

        According to a program here on TV , anything found is shared all the time so they can try to identify the victims. The head of that particular CP unit was quoted as saying that this is their first priority, to hopefully save & help them, and this helps with the second, ie finding the vermin (paraphrasing) .

        He gave the example that if something in the background of a photo found in Australia can be identified eg there s a TV with channel branding on, and they match to a US TV station , and the child can be matched to other photos, they are all automatically sent on to the FBI's CP unit for further analysis, as it is likely they will also have other pieces of the puzzle (eg sadly other photos of that child) that may help with identification.

    2. Long John Silver
      Pirate

      Using limited resources to maximum effect

      Images already in circulation are a lesser matter than criminal activity in making them, encouraging their creation, and facilitating their distribution. I rate the FBI operation a considerable success by virtue of cutting off a Gorgon's head. Following where the snakes lead is far less productive in use of resources than hunting down more Gorgons.

      1. Dvon of Edzore

        Re: Using limited resources to maximum effect

        So you missed this part in the third paragraph: "As administrator, Falte required users to upload images or footage of children being sexually abused to the site before getting access to the forum." For the reading impaired, that means each user had to also contribute something to the collection. Chances are copies of the same old nudegirl.gif wouldn't be good enough.

    3. Anonymous Coward
      Anonymous Coward

      "4 people. what about all the rest?"

      Possibly all 4 of the people who actually donated Bitcoin to the site after buying it or mining it from home. I've been in (legal) groups that ran on donations. Getting money out of people is like pulling hens' teeth.

      If the 4 people caught were the admins, it sounds like either they managed to unmask the IP of the server and went after the person hosting it or they followed the Bitcoin money trail when they tried to get the money out to pay for real world stuff.

  14. Long John Silver
    Pirate

    Don't underestimate capabilities of tradtional police investigative techniques

    Investigation of crime conducted under cover of obfuscation and encryption obviously must draw upon high level IT forensic skills. Yet the role of these ought be kept in proper perspective. They are akin to forensic scientists called in to examine physical evidence (e.g. tissue samples); they help build a case and may assist in suggesting further avenues of investigation. Police, and concerned citizens, of lesser IT skills (enough to find their way around Tor and its like) may identify sites to target. Perhaps surveillance experts are called in at an early stage to set traps but their success depends upon serendipity: the nature of many actual traps (e.g. flash vulnerabilities mentioned in the article) is widely known and general principles upon which more covert traps might operate have given rise to informed speculation which careful criminals engaged in activities with a long term Internet footprint (e.g. traditional web site and Tor site) would be aware of.

    From that viewpoint it becomes plausible to consider human error by criminals as the major factor leading to arrest. We know human error by legitimate operators of web sites is often behind breaches of security so it takes little leap of imagination to believe criminal operators in the same boat.

    Some illicit activities on, say, Tor have obvious weaknesses arising from need to interact with the physical world e.g. illegal drugs require paying for and delivering. Even use of Bitcoin leaves more of a trail than when cash is handed over in person to a drug dealer. Tor 'drug busts' appear to arise from careful consideration of delivery mechanisms after police officers set up 'deals'.

    Similarly display/trade of illicit images has many points of potential human error leading to successful investigations. The case discussed here involved several individuals engaged in maintaining/running the site on presumably a long term basis. Those are the ones the FBI knows about. There may also have been a number of persistent visitors and/or contributors to site content at risk of identification through human error but not necessarily jeopardising the entire site.

    Every criminal activity has vulnerability in some manner dependent upon the the number of regular key players. Vulnerability may increase more than linearly as numbers rise: potential connections between pairs of players from N such, and thus opportunities for error, are determined by the familiar expression ( N! divided by 2!(N-2)! ) where '!' denotes factorial.

    Without labouring the point, interactions among people running and/or using a site may have connection to their activities, perhaps ones more open, on conventional web sites (as appears the case for one of the convicted). Gathering evidence of this nature to make links to real identities entails patience and traditional police investigative craft rather than IT derring-do.

    Arising from this is a more general matter. The push for massive online surveillance may not be cost-effective because it plays down the role of traditional police/security methods and diverts resources better used elsewhere. Doubtless, empire builders within the FBI, NSA, GCHQ, and Mrs May's plaything the NCA, manage to pull wool over the eyes of political masters. More trust and credit ought be placed in people trained in painstaking search for human error by criminals. IT ought be handmaiden rather than master in this enterprise and its capabilities not exaggerated.

    1. Dave314159ggggdffsdds

      Re: Don't underestimate capabilities of tradtional police investigative techniques

      That's a lot of words to try and pretend Tor isn't an obvious honeytrap. Otoh, if it's working, maybe I shouldn't point that out...

  15. Anonymous Coward
    Anonymous Coward

    72000 users? And each one is only registered AFTER submitting material? And only 4 convictions?

    This sucks so bad. You want people living in police states to have a safe way to communicate but the other side of the coin is something possibly even worse. Hopefully I can forget I read this article.

  16. Anonymous Coward
    Anonymous Coward

    That Byline: Feds torpedo four Tor pedos

    No love lost here for any of those....*through clenched teeth* people.

    But I think I found my new game, try saying 'Feds torpedo four Tor pedos' 10 times fast.

    - Off to get drunk because this article reminded me of my own run in with one of them years ago, my boss denied the one way ticket I asked for since I knew I wouldn't be back if I went there.

  17. Dr Gerard Bulger

    They uploaded some shit to be on the forums and started chatting. That's kind of awkward, so they are shutting up, in doing so letting you believe it was some clever hack..

  18. randon8154

    Another theory

    Less than month ago : https://www.rappler.com/nation/236280-europe-most-wanted-child-sex-offender-arrested-cebu-july-2019

    I wouldn't be surprise to learn he was related with them and gave them out

    Or tor is compromised by the reptilian humanoids...

  19. MachDiamond Silver badge

    Silk Road bust

    I am willing to believe that The Man operates some of the TOR exit points, but that's likely not enough for pinpoint accuracy. If you look up some of the talks on how Silk Road was busted, you will see that his opsec is what really got him busted. I expect it's the same with this bust and the reason to seal the evidence is to make it look like The Feds have rooted TOR to scare people away from it. Staying anonymous when the Gov is gunning for you with lots of resources means you have to walk the rice paper without leaving a single trace. That's pretty tough.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019