FBI Must Reveal The Code It Used To Hack Dark Web Pedophiles (engadget.com) 105
schwit1 writes: A judge has ordered the Federal Bureau of Investigation to turn over the complete code it used to infiltrate a child pornography site on the Dark Web, Motherboard reports. The FBI seized the Tor-based site known as "Playpen" in February 2015 and kept it running via its own servers for two weeks -- during this time, the bureau deployed a hacking tool that identified at least 1,300 IP addresses of visitors to the site worldwide.
Playpen was "the largest remaining known child pornography hidden service in the world," according to the FBI. Roughly 137 people have been charged in the sting so far, Motherboard says. On Wednesday, a lawyer for one of the defendants won the right to view all of the code that the FBI used during the Playpen operation, apparently including the exploit that bypassed the Tor Browser's security features.
Playpen was "the largest remaining known child pornography hidden service in the world," according to the FBI. Roughly 137 people have been charged in the sting so far, Motherboard says. On Wednesday, a lawyer for one of the defendants won the right to view all of the code that the FBI used during the Playpen operation, apparently including the exploit that bypassed the Tor Browser's security features.
Re: (Score:2)
Too easy. How about ...
Re: (Score:2)
Ya, I know, it was just an easy joke to make. :)
Re: (Score:2)
Easy to understand if you actually know about the case - there were no special code used.
Re: (Score:2)
Why weren't they forced to do this for the Silk Road case?
Silk Road's ip address was discovered thru examining a bunch of on-line records, as was the email identity of the founder. No hack was involved. Once they had a target, social hacking occurred.
Re: (Score:3)
Nope. As stated, we no longer have to "think of the children". It's no longer a valid excuse for new draconian laws.
all the code? (Score:3)
Re: (Score:3)
I would assume it would have to be enough of the code for the FBI to prove it was able to use that code to identify the defendants.
Re: (Score:1)
You know what happens when we assume?
We get upmodded "insightful" on /.
FBI not in trouble? (Score:5, Insightful)
I think the bigger story here is that the FBI actually ran a child porn site instead of knocking it offline... WTF. We all understand the premise of why they did it but that can't be a legal way to catch those people. You can't break the law to uphold the law. That's an oxymoron right?
Re: (Score:3)
just pin in it on fox molder and that scully chick
Re:FBI not in trouble? (Score:5, Insightful)
So does the mob that hangs the politicians.
Re: (Score:3, Interesting)
Re: (Score:3)
Re:FBI not in trouble? (Score:5, Informative)
Lying isn't illegal in and of itself.
It depends upon who lies to whom. Lying to an FBI agent investigating a crime is itself a crime. That's what they got Martha Stewart on, not the actual insider stock trade but lying to investigators about her level of involvement in the scheme. That's why any competent attorney will advise their client never to answer questions unless the attorney is present and able to advise the client on whether or not to answer a particular question and the advice to the client, when answering, will always be to answer truthfully or else refuse to answer the question on 5th amendment grounds. Of course the investigators are free to lie or trick the person being interviewed which is what makes speaking to the police without an attorney present so incredibly dangerous that nobody should ever do it.
No, quite different (Score:3)
That the police can lie is quite well established, not just in the US legal system, but in most of them. When they are out trying to do their jobs they have no requirement to tell the truth to suspects. For that matter, neither do you. You can lie to people in your day to day business and it isn't illegal. The requirement to tell the truth only happens in court, when you are under oath, same as the police.
However the police aren't allowed to commit crimes, felonies in particular, in the course of their work
Re:FBI not in trouble? (Score:4, Insightful)
Its no different to an undercover cop pretending to be a drug dealer and engaging in a drug deal so the hidden cops can spring forth and bust the bad guy.
Re: (Score:1)
Re: (Score:2)
It is also illegal to sell anything as drugs. Selling talcum powder as cocaine can get you in legal trouble as much as if you sold the real deal.
In fact, it would make sense to make the sentence worse for fake drug dealers. Real drugs, at least the most popular ones, have well known effects, we know how to treat them and should one take them, steps can be taken to minimize the risks. Fake drugs, not so much. Some products can be more toxic than the real thing, especially when injected. Variations in purity
Re:FBI not in trouble? (Score:4, Insightful)
Its no different to an undercover cop pretending to be a drug dealer and engaging in a drug deal so the hidden cops can spring forth and bust the bad guy.
No, there's a difference. In the fake drug deal the drugs themselves are often fake as well. For example, baking powder for cocaine or milk chocolate for heroin, etc. This is effective because the real drug dealers already cut their drugs with these and other substances and it's easy to prepare and package these materials so that they look very convincing at first glance. Not so with child porn. If an image is CP, of the sort often sought out by those who want it, it's patently obvious whether that image is the real deal or not both to the police and anyone else. Moreover, the mere transmission or possession of that image is itself a crime, regardless of intent. Since it's impossible to show the images to anyone without committing a crime and the people they caught could not be arrested immediately, the FBI was effectively engaged in bona-fide illegal activity for a matter of weeks of the sort that would never have occurred in a sting like your fake drug bust or for example on the television program "To Catch a Predator", where there was never any actual CP on offer. Do you understand the difference now?
Re:FBI not in trouble? (Score:5, Insightful)
Uh, it isn't even similar. In a sting operation, the operation ends when the person buys the drugs. The purpose is to get them to buy the drugs, but at that point, they arrest the person. In this case, they download the fake porn that tattles on them, but they also continue to download real porn from systems run by the government, upload new porn to systems run by the government, and trade porn in a marketplace run by the government over an extended period of time.
This is more closely equivalent to a rogue CIA agent infiltrating a drug cartel and then continuing to run it for a decade, growing and selling drugs, killing members of competing cartels, and advertising the availability of drugs in an effort to entice (entrap) people who otherwise might not have bought them, all under the pretense that while his or her organization deals drugs, he or she will also periodically slip the police a list of some of the people who are buying so that they can eventually do a sting operation and bust them....
This is so far outside the bounds of what should legitimately be legal in a free society that it is downright terrifying. There's a bright line between pretending to be part of a criminal organization and participating in the operation of a criminal organization, and from what I've read about this operation, I would say that they crossed that line by a large enough distance that they couldn't even see it in their rearview mirrors....
Re:FBI not in trouble? (Score:4, Insightful)
You say that so nonchalantly, as if there isn't a huge moral problem with law enforcement goading people to break the law.
I mean it's not enough that the police claim they don't have the manpower to investigate crimes people really do care about, like robbery and murder, and yet can devote substantial resources to busting petty drug users.
Here's a clue: if your government can justify deceiving you in the name of some greater good, it has moved from servant to paternalistic.
Which is exactly what posing as a drug dealer is.
Re: (Score:2)
Its no different to an undercover cop pretending to be a drug dealer and engaging in a drug deal so the hidden cops can spring forth and bust the bad guy.
Except the use of drugs for the purposes of busting said dealers happens in only very rare circumstances. Usually where the suspect is highly suspicious that it's going to be a sting. In this case, they ran in, claimed the site and kept running it.
Re: (Score:2)
Re: (Score:3)
Actually the larger crime is to sell such porn, and the ip address is used for subsequent sting operations to induce the downloader into uploading something. Then they make the arrest for trading==selling child porn.
It seems to me that law enforcement commits that crime first. And I wonder how many of those netted by such operations would have been able to resist the urge had the gov't not tempted them with lurid pictures.
Re: (Score:2)
Posession of CP is arguably a victimless crime, particularly if it is a cartoon drawing of a kid face on a naked adult body, and it currently has no mandatory federal minimum sentence. But distributing such pictures has a 5 year minimum, possibly because it encourages degeneracy in others (not that i am privy to the actual reasoning behind the law). People do grow out of their hormonal episodes of insanity, often with no lasting harm.
But it seems to me, what's sauce for the silly goose should be sauce for
Re:FBI not in trouble? (Score:4, Informative)
Re: (Score:1)
I think the bigger story here is that the FBI actually ran a child porn site instead of knocking it offline... WTF. We all understand the premise of why they did it but that can't be a legal way to catch those people. You can't break the law to uphold the law. That's an oxymoron right?
Government agents break the law everyday. It is just one of the many perks you get for being a government insider. The FBI is the biggest importer of child porn in the nation (to catch pedophiles and supply Congress). The CIA smuggles heroin in order to fund its black ops. The DEA smuggles cocaine in order to keep on good terms with the Sinaloa drug cartel (who rats out their competitors). The ATF smuggles guns for the DOJ (Operation Fast and Furious, Operation Gunwalking). The military smuggles forbidden t
IT Dept (Score:3, Insightful)
Can you imagine working for their I.T. department when that order came down? "You want me to do what?"
Suggestion for submissions (Score:5, Insightful)
Submissions should preferably link to primary sources instead of sites that just repackage the story from the original, i.e. just link to Motherboard's article to begin with and give them the clicks instead of Engadget.
Motherboard source [Re:Suggestion for submissions] (Score:5, Informative)
Submissions should preferably link to primary sources instead of sites that just repackage the story from the original, i.e. just link to Motherboard's article to begin with and give them the clicks instead of Engadget.
Which is to say, here: http://motherboard.vice.com/re... [vice.com]
Could the FBI hide behind 3rd party code? (Score:5, Insightful)
Let's say the FBI wanted to do some task with software, but didn't have the expertise in house. So they discuss what they want done with a third party, who decides they can do it but will only license the software to the FBI, not sell it to them outright. As part of their agreement, they supply a binary module (like a graphics driver blob file) to the FBI they can interface with.
Now, the FBI ends up being required to reveal its code to a defendant. The third party module ends up being key to the defendant's discovery. The FBI doesn't have the source code to the module, so they can't supply it -- in fact, they have a binding contract saying they can only have the binary module.
Does the third party have to reveal their source code? Can the FBI effectively hide behind their contract with the third party?
If yes, it seems kind of scary -- the FBI can basically outsource their techniques and then hide behind their contracts. Scary because I would imagine the defendants might be making a case that the evidence convicting them is false, but because the FBI could hide behind a third party contract, the defendant can't verify the claims. The FBI, could, in theory at least, use sham agreements to ensure their dirty work remains beyond discovery.
The similar kinds of things I can think of are the DWI cases that were challenged over the source code to breathalyzers and the contract language of at least one of the Stingray makers who forbid the details of their device being revealed.
Re:Could the FBI hide behind 3rd party code? (Score:5, Insightful)
Possibly, but the defense has the right to question how the evidence against them was collected. If such a tactic were to prevent such inquiry, it could be grounds to have the evidence tossed out.
Re: (Score:3)
I think this is probably the best line of questioning, to challenge the efficacy of the FBI's collection methods as producing valid information. Their secret spy software isn't something of generally accepted reliability, like DNA or fingerprints.
The trouble is, the FBI could give you all their source code but it would be a nightmare to sort it out. They probably wouldn't be required to describe it line by line, it would be up to the defendant's experts to figure out what it did and if it worked and wheth
Re: (Score:3)
It's too bad for the FBI since it turns their tactic into a one-trick pony. But I believe the strategy around that in the gangster days was to not use the testimony of the stool pigeon directly in court against a suspect. Rather, use the info learned to set up other stings which would generate enough evidence to charge the suspect. Then they wouldn't have to reveal who their inside sou
Re: (Score:1)
Does the third party have to reveal their source code? Can the FBI effectively hide behind their contract with the third party?
Look no further than this [vice.com] for clues.
It's obvious that this type of activity will be eventually vetted and weighed in the Supreme Court.
Re: (Score:2)
Re: (Score:2)
I don't see where the court has the authority to order the third party to reveal their code. The FBI and the US attorney are the ones accusing the defendant of committing a crime, the third party contractor is merely providing a component to the FBI.
Say I was accused of drunk driving. I challenged his probable cause to pull me over. He said I was weaving, I said I wasn't, his car was weaving creating the illusion on a dark night that i was weaving. He was driving a Ford Crown Victoria and I want him to
Re: (Score:3)
So I can subpoena the proprietary engineering designs of Ford Motor Company merely because the officer was using a Ford to patrol the highway?
I don't know, but you can certainly subpoena the proprietary source code for the breathalyzer machine [slashdot.org] he used.
Re: (Score:3)
Does the third party have to reveal their source code? Can the FBI effectively hide behind their contract with the third party?
To the first question, bring the third party into court, ask them for the code.
You might or might not get it, but if you don't, it becomes grounds to question the evidence and you might get it thrown out.
In other words, the FBI might or might not be able to give you the code, but the Judge doesn't have to allow the evidence gathered from the code into court either.
Re: (Score:2, Informative)
In the case of Stingray cellphone interceptors, when a defendant asks about that evidence, the FBI usually drops the case. Seriously, they'd rather drop a case altogether than have a Stingray be challenged in court. So if they'd rather hide behind an NDA or something here, they're gonna need to withdraw some charges.
Just a wild guess : no (Score:3)
Re: (Score:3)
In any sane society, there is no fucking way a civil contract should ever be allowed to supersede a subpoena.
1,300 seems a bit low (Score:1)
1,300 seems a bit low for the "largest" child porn site. Makes me wonder if the exploit only worked on certain operating systems or older versions of the Tor Browser. If I recall correctly, the exploit they used a few years ago with Freedom Hosting sites used an exploit that was already patched, but many people still hadn't updated their Tor Browsers, or didn't use proper security settings, and were caught.
So I really wonder if that's the case here.
Re: (Score:2)
Re: (Score:1, Insightful)
"run major pedophile websites for a couple weeks without any consequences" The consequences was the arrest of over 100 pedophiles. They did not run the website. They basically created a honey pot to collect information on any visitors. Law enforcement agencies engage in undercover actions all the time. One example is when undercover agents buy a few kilos of cocaine to go after the dealer. Purchasing the drugs does not mean they are dealing drugs. Buys of this nature go right into the evidence lockers and
Re: (Score:2)
The consequences was the arrest of over 100 pedophiles.
But are they really? Or are they just some people looking at pictures?
Re: (Score:1)
That is the same thing - whether they molest anyone doesn't matter since the act of looking is also a crime.
Re: (Score:3)
That is the same thing - whether they molest anyone doesn't matter since the act of looking is also a crime.
Woah, that's a scary thing you just wrote there, anonymous or not... just the fact someone thinks like that is scary.
There's a HUGE difference between the act of molestation and looking at images interpreted as such, the only reason to stop images like that spreading on the net is to stop unscrupulous people from profiting on the misery of the victims.
The real scare here is where do we draw the line of what's okay to look at and what is not? Did you know that in some countries you can get arrested and
Re: (Score:2)
In the eye of the law though, they are essentially the same thing.
Re: (Score:1)
It wasn't just doing a google image search using privacy mode either. It was using a software system specifically designed for the purpose of hiding your actions, location, and other identifying information from people monitoring you.
Re: (Score:2)
Methinks the AC doth protest too much...
Re: (Score:3)
That is the same thing - whether they molest anyone doesn't matter since the act of looking is also a crime.
Depending on the jurisdiction it could be pics of 40 year old women in school uniforms...
Re: (Score:3)
Or cartoons.
There are XKCD cartoons where applying a different descriptive label would turn them into child porn in the UK.
The law really is that fucking stupid.
Re: (Score:3, Insightful)
I agree with everything you said, right up to this:
And do you realize you are actually support the suspected pedophiles?
You're goddamn right I do, because the word "suspected" is different from the word "convicted". These people are innocent until proven guilty, and they ABSOLUTELY get the benefit of a REASONABLE DOUBT. The onus is always always always on the accuser to prove guilt, period.
Anything less than that is facism.
Re: (Score:2)
The consequences was the arrest of over 100 pedophiles.
And according to the official rationale, the re-victimization of thousands of abused children.
They did not run the website.
They absolutely did. They seized control and moved the site to their own servers, where they continued full operation. Their servers managed by their IT staff served abuse pics, accepted new members, accepted and distributed new pictures... everything.
They basically created a honey pot to collect information on any visitors.
They had to serve existing content and allow new content to do this? Never been an issue before with just not serving the real deal.
Law enforcement agencies engage in undercover actions all the time. One example is when undercover agents buy a few kilos of cocaine to go after the dealer. Purchasing the drugs does not mean they are dealing drugs. Buys of this nature go right into the evidence lockers and are eventually destroyed when no longer needed. anymore
But that's not what happened here.
Re: (Score:2)
Buys of this nature go right into the evidence lockers
And you know this how? Probably at least half goes into the pockets of the LEOs in question to be sold eventually.
Sexual deviants today, political deviants tomorrow (Score:5, Interesting)
FBI have no real interest in the sexual deviants, they only want the tools and to be allowed to use the tools for whatever they want. The entire stings are public pleasers, get whoever the public have decided to hate this decennial and get the tools to get EVERYONE (not only the sexual deviants), but eventually when they LEGALLY got whatever tools they want - so NO one is safe, regardless of belief, creed, sexual orientation or political beliefs - the point is they want access to whatever you do, think and consider, every opinion that you have - so this can be used against you in a world with more and more rules, the masses being ruled by the few that wants it all.
Re:Sexual deviants today, political deviants tomor (Score:5, Insightful)
Unfortunately, that seems very, very likely. The very amorality of running the site for a time, when the DOJ's says that a main reason to make this type of content illegal is that it victimizes those depicted again is staggering. Only this time they were raped again by the FBI with official sanction. If that is not much, much worse, then I do not know what it. Hence I conclude that this is not about those targeted at all, and it certainly is not about protecting any victims.
re: FBI pornsites, see also: Motherless (Score:3)
FBI Code vs Apple Code (Score:1, Flamebait)
The FBI is ordered to produce a code but Apple does not have to unlock a government-owned iPhone of a known terrorist? What a world.
Re: (Score:1)
What a world.
'People shouldn't be afraid of their government. Governments should be afraid of their people.', V, 'V for vendetta', Alan Moore.
Corporations and government both, must be answerable to the people. Corporations must depend on the magnanimity of the government but not be part of the government.
Re: (Score:1)
Yes. Government agency has to provide data for the defense's case (to among other things, prove that they didn't use illegal methods or those that might get the wrong guy).
Non-government agency cannot be compelled by government to product a product for them (or break their own product).
See where this is going?
ends (Score:1)