An FBI Hacking Campaign Targeted Over a Thousand Computers (vice.com) 138
derekmead writes: In order to fight what it has called one of the largest child pornography sites on the dark web, the FBI hacked over a thousand computers, according to court documents reviewed by Motherboard and interviews with legal parties involved.
Just a month after launch, a bulletin board called Playpen had nearly 60,000 member accounts. By the following year, this number had ballooned to almost 215,000, with over 117,000 total posts, and an average of 11,000 unique visitors each week. Many of those posts, according to FBI testimony, contained some of the most extreme child abuse imagery one could imagine, and others included advice on how sexual abusers could avoid detection online.
But after Playpen was seized, it wasn't immediately closed down, unlike previous dark web sites that have been shuttered by law enforcement. Instead, the FBI ran Playpen from its own servers in Newington, Virginia, from February 20 to March 4, reads a complaint filed against a defendant in Utah. During this time, the FBI deployed what is known as a network investigative technique (NIT), the agency's term for a hacking tool.
Just a month after launch, a bulletin board called Playpen had nearly 60,000 member accounts. By the following year, this number had ballooned to almost 215,000, with over 117,000 total posts, and an average of 11,000 unique visitors each week. Many of those posts, according to FBI testimony, contained some of the most extreme child abuse imagery one could imagine, and others included advice on how sexual abusers could avoid detection online.
But after Playpen was seized, it wasn't immediately closed down, unlike previous dark web sites that have been shuttered by law enforcement. Instead, the FBI ran Playpen from its own servers in Newington, Virginia, from February 20 to March 4, reads a complaint filed against a defendant in Utah. During this time, the FBI deployed what is known as a network investigative technique (NIT), the agency's term for a hacking tool.
Not hacking (Score:5, Insightful)
Re: (Score:3, Informative)
They used some form of malware/trojan to extract certain information. That's the greypoint from the FA:
“Basically, if you visited the homepage, and started to sign up for a membership, or started to log in, the warrant authorised deployment of the NIT,” Fieman said. From here, the NIT would send a target's IP address, a unique identifier generated by the NIT, the operating system running on the computer and its architecture, information about whether the NIT had already been deployed to the same
Re: (Score:1)
Re: (Score:1)
You can't extract certain details like the MAC Address, Computer hostname/username from HTTP traffic alone, unless you've got something running in the browser ex-filtrating that kind of information.
It could be possible to extract most of that information via Javascript, but I'm assuming that most of their targets had NoScript or JS turned off in the Tor Browser (or whatever they used with Tor). I think that kind of information retrieval would fall into the category you're thinking off, active fingerprintin
Re: (Score:2)
Re:Not hacking (Score:5, Informative)
Re: (Score:2)
If it was A warrant, that warrant is unconstitutional. A warrant has to be specific, and it needs to be supported by probable cause that someone swears is true. If somebody notices what looks like child porn, and is willing to swear to it, a warrant could be issued to search any computers in the house for child porn. A warrant that covers the whole country is not in any way specific.
Re: (Score:2)
Senator: Let's monitor P2P for illegal files (April 17, 2008)
http://www.cnet.com/news/senat... [cnet.com]
"But in about half its cases, for purposes of longer-term tracking, the software captures "unique serial numbers" from the person's computer
It seems the get a unique "number" policy is an older method thats been used for a while now.
Is the number created from a larger set of details abo
Re: (Score:2)
So you think all breaking into computers is legal? Because that is all "capturing information that the client machine is willing to send (even via a flaw)". That flaw might make it willing to send, say, 500'000 user data sets.
If the FBI campaign against freedom hosting is an indicator (or if this is actually the same thing), then they sent malware to the target browser that compromised it via a JavaScript exploit. It then took over the client browser process to determine from the OS what the IP address of t
Re: (Score:2)
Sort of. A JavaScript-enabled exploit need not be present in some or most cases though. TOR is essentially a tunnel into your network to the destination computer. Its sort of like you had no router to proxy or masq your private ip. Using information from the tcp packet which is necessary to send results from a page view back, you can use simple network tool like angry ip scanner and Xprobe2 almost as if you were on the network.
You can use different tools to discover the mac address and fingerprint the OS.
Re: (Score:3)
Sorry, but that is bullshit. Sure, it may work if somebody incompetent set up a normal browser to work over TOR, or actually is grossly stupid enough to really set up LAN tunneling over TOR (But to what end? It would not do anything useful...), but with a competent set-up or the TOR browser bundle, there is no way to do what the FBI did without compromising the browser process. And, incidentally, with the freedom-hosting attack, they did exactly this: They sent malcode to the browser and took it over. As fa
Re: (Score:3)
Actually, forget what I said about this being possible on misconfiguration. Your statements are so far removed from how TOR works that I got confused as to what you were saying.
So: For a client TOR installation, this is impossible without compromising the target browser over an existing (!), client-initiated connection. You cannot initiate a connection, scan, ping or do anything else from the server side to a TOR client. The network will not route your packages. You cannot even address the target as you onl
Re: (Score:2)
How naive you are.
The tor routing has no clue to what or the size of the payload your browser requests. It will route anything sent in response to you connecting to my server. You can in fact run applications over TOR and if you can do that with ease you can also run network tools in response to connections to a server.
The browser generally has no firewalling to stop this.
Re: (Score:2)
I did say you can attack only within the context of an existing connection. But that is it. If you attempt send any other packets to the client they will a) be dropped by the TOR exit relay and b) will be dropped on client side, as a client does not open a server socket and hence does accept absolutely no connection requests. In addition, there is not even a way to address the client in these other packets, so the idea does not make any sense at all.
The thing is that you cannot "run network tools" against a
Re: (Score:1)
From here, the NIT would send a target's IP address, a unique identifier generated by the NIT, the operating system running on the computer and its architecture, information about whether the NIT had already been deployed to the same computer, the computer's Host Name, operating system username, and the computer's MAC address."
So, basically Windows 10 telemetry.
Re: (Score:1)
Re: (Score:3, Insightful)
Re: (Score:2)
And if you connect to a bank, and exploit a flaw in their web server to extract customer information? Is that just clever programming? There are laws that state what "information you shouldn't be able to get": any information that you weren't authorized to get. The only thing that makes this legal, FBI or no, is the warrant. Fortunately, the FBI did the right thing here and got a warrant, so there's no gray area.
Re: (Score:2)
Incidentally, what they did is highly criminal for any person the warrant does not cover. (And they have no way of finding out before they attack....) An argument can be made that this is anybody using a computer outside of the US. Just think of a modified example where the Chinese Government hacks users of a TOR web-forum devoted to discussing freedom using a warrant that does also allow hacking the computers of US citizens or Europeans, or with a warrant only covering China, but they ignore that. See the
Re:Not hacking (Score:4, Informative)
Except when your software (TOR) does not give out your IP address willingly. Then some kind of hacking/cracking/compromise technique is used and that is highly problematic. In a sane legal system it would also compromise any and all evidence found on the target computers as it typically comes with the ability to change things on the target and do so without trace.
This cure here may well be much, much worse than the disease. If the targeted group were a different one, this might be called "state-sponsored terrorism." Anybody that believes these techniques are only used against child pornographers is kidding themselves. Just have a look at the history of the FBI.
Re: (Score:2)
It's worse than that. Imagine someone wrote a virus that set up a TOR connection and downloaded a few dodgy web pages into a Truecrypt container with disposable key. Really basic, script kiddie stuff. Now the FBI comes along and arrests everyone they can get an IP address for, and of course because the virus opens the page in a hidden IE window it gets hacked.
Now imagine some enterprising paedophile writes such a virus and infects as many people as possible, and themselves. They get arrested, but go free be
Re: (Score:2)
Well, pedophile images are already used in scams and, get this, the police in some countries advises people to not tell them about these criminal acts as the very possession of these images is illegal. How completely broken must a law be to have the effect that innocent people cannot tell the police anymore about crimes committed against them? That is just pure evil.
The scenarios you describe and others like it are actually something that is pretty sure to happen at some time and this is why making the poss
Re: (Score:2)
Not hacking, but it sounds like entrapment.
Re: (Score:2)
Re:Good (Score:4, Interesting)
It is not so clear that this is "good". There is not much evidence for a causal link from porn to sexual crime. Most countries that have liberalized their pornography laws have experienced a decline in sexual violence toward women and children. Child porn is illegal even if is entirely animated, or made with adult actors portraying adolescents. That pushes the entire genre onto the dark web. If, instead, the law only banned the actual abuse of children, rather than thought crime, there could be a legal market that would drive out most of the material involving actual harm to children.
Re: (Score:2)
Re: (Score:3)
AFAIK, the FBI can't prosecute US citizens for thought crimes.
Then you are obliviously ignorant, and probably should spend a few minutes educating yourself about American child porn laws before you comment on them again.
prosecuted people for criminal behaviour, i.e. passing on the products of criminal acts (against children) ...
This NOT what they are doing. Child porn is illegal, even if it involves NO CHILDREN whatsoever. Many of the people being prosecuted were making or viewing animations or adult actors, not anything involving actual children.
Re: (Score:2)
Child porn is illegal, even if it involves NO CHILDREN whatsoever. Many of the people being prosecuted were making or viewing animations or adult actors, not anything involving actual children.
Didn't Ashcroft v. Free Speech Coalition 535 US 234 (2002) overturn that and rule that the First Amendment protects cartoons, animations, and other works that do not show the sexual violation of actual children?
Re: (Score:2)
Last I looked at the US Federal law, it wasn't child porn if it didn't have an identifiable individual, under 18 when the porn was produced, doing something sexual (and there were restrictions on what constitutes that). Definitions can differ in other jurisdictions, and some states may have more sweeping laws.
Of course, this doesn't mean the FBI can't investigate, or a Federal prosecutor file charges, if none of the porn they find meets that standard.
Re: (Score:3)
AFAIK, the FBI can't prosecute US citizens for thought crimes.
But how is a website or BBS showing material NOT a thought crime? You might say; the materials are prohibited. But we could outlaw bibles, and then everyone with a bible would be an outlaw. What ABOUT the bible is illegal? Reading the words, of course. They'll say it's possession, but really, it's in what you might learn, think and how it might change your behavior. No clear smoking gun on Pedophilia.
So this is a thought crime. They can see, vie
Re: (Score:3)
I agree. While I abhor sexual abuse of children (required statement), it's an easy target of outrage but has far-reaching consequences to charge criminal offenses of people who view such things on the internet. It is a thought crime -- the abuse of the children is the people making the content -- and I think it should end there.
Free access to porn has shown a relative drop in rapes. Violence in games shows a huge drop in violence (relative to the same demographic without video games -- though not sure where
Slippery Slope (Score:5, Insightful)
Bit of a slippery slope when Law Enforcement is breaking laws to catch criminals. This is not good policing in my opinion. There should be no excuse for breaking the law, especially in an effort to enforce the law. Law enforcement should never be 'do as I say, not as I do.'
A simple test is.. if a citizen did this to another citizen, would that be against the law? Last I checked, hacking your neighbors computer and collecting information from it is definitely against the law. (Unless you're Microsoft and say you're going to do it in your EULA, bit that's a different can of worms.)
Re: (Score:3)
Police use military equipment and armored vehicles to selectively enforce laws around the US, the slope slipped a looong time ago
Re: (Score:2)
Police use military equipment and armored vehicles to selectively enforce laws around the US, the slope slipped a looong time ago
Do you understand how silly you sound?
How much metal is a vehicle allowed to have before you consider it illegal for a police department to use? Please be specific.
Re: (Score:2)
How much metal is a vehicle allowed to have before you consider it illegal for a police department to use? Please be specific.
To keep this on the subject matter I'll quote what Supreme Court Justice Potter Stewart said about porn, "I know it when I see it" [wikipedia.org]. Military grade vehicles look quite different than civilian vehicles. You certainly would notice if your local sheriff's deputy started patrolling your neighborhood in a HumVee instead of a Crown Vic.
Re: (Score:2)
It's about military-classifications used domestically, not about armor thickness.
OK. And, which specific feature of a "military" truck is it that makes the law enforcement person riding around in it a criminal? Please be specific.
Re: (Score:2)
Re: (Score:2)
What if the connection was accidental/unintentional? Or some rogue process did it?
More a general question than this specific case, but just a thought.
Re: (Score:3)
What if the connection was accidental/unintentional?
According to the FA, the information was only captured when the user started the login process, or started the registration process. I don't know about you, but if I accidently landed on a child porn website the very first thing I would do would be to get out of it. I certainly wouldn't start to register as a user to the site.
Or some rogue process did it?
That's a different issue, but a highly unlikely event.
Re:Slippery Slope (Score:5, Insightful)
As long as they got warrants (even if they're "John Doe" warrants), they're in the clear, methinks.
I suspect that it would pretty much follow the same legal framework as wiretapping, albeit the 'tap' is put directly in the 'phone', without knowing fully who owns said phone.
If this is indeed the case, I have zero problems with it - covertly swipe a website/host via legal means, and use it as a honeypot to catch/trap offenders, using a modified wiretap warrant/framework to 'tap' the computers that connect to said site. Assuming everything is properly documented and that the procedure is transparent enough to stand up in court, you then monitor that user's activities to not only collect evidence but to identify the user behind it.
The only real problems would be with computers used by multiple individuals, in which case you'd have to suss out which user is responsible. Another problem would be to have a procedure (and malware) in place that doesn't give a defense attorney enough credible ammunition to claim his client was framed, or that evidence was 'planted'. This is why the procedure(s) would have to be transparent to all (it would become that way anyway come the first court case, if the prosecution wanted any hope of winning a conviction.)
Re: (Score:3)
This is why the procedure(s) would have to be transparent to all
"In theory" ... they'd also obey their Constitutional restrictions. I the real world, they're lawless and get by on parallel construction [wikipedia.org]. The government was instituted to protect our liberties and now it's our greatest threat against them.
"When you gaze long into an abyss the abyss also gazes into you."
Re: (Score:1)
Re: (Score:2)
Yeah I am all for what they did and the way they did it. Your comment however:
I subscribe to the theory that when you break the laws of a country (i.e. by distributing child porn), you should forfeit the right to be protected by those same laws"
is the definition of fascism. No one knows if you broke the law until a jury or judge says so. What you're saying is, let's have no laws set upon the police because they only go after people who are (suspected of) breaking the law. That makes zero sense.
If we implem
Re: (Score:2)
Legal protections are for the innocent, yes, but people are innocent until proven guilty in a court of law. Removing protections from someone accused of a heinous crime makes it more likely that law-abiding citizens will be convicted once accused.
Re:Slippery Slope (Score:4, Insightful)
Uhh... I read it
Reuters revealed that the Special Operations Division (SOD) of the U.S. Drug Enforcement Administration advises DEA agents to practice parallel construction when creating criminal cases against Americans that are actually based on NSA warrantless surveillance
And the sited article:
http://www.reuters.com/article... [reuters.com]
Of course two senior DEA agents said your quote, so it must all be hogwash.
Re: Slippery Slope (Score:1)
Parallel construction is ALSO used to protect illegal intelligence gathering methods and other wanton lawlessness on the part of government agencies. I'm all for putting those methods in direct jeopardy when the law is broken.
Fortunately that does not seem to be the case here, unless of course there's more to this than they let on, such as maybe the FBI being behind the origin of the site in the first place. No proof or even suspicion of that at this time of course, but given their track record of manufac
Re: (Score:2)
As long as they got warrants (even if they're "John Doe" warrants), they're in the clear, methinks.
I suspect you are right but the problem I have is that the only information a judge receives when deciding whether to issue a warrant is provided soley by the LEO and the prosecution. There should be some mechanism for the accused to defend himself against malicious prosecution, IMHO.
Given the opportunity to only present one side of the story I could paint anyone as a baby-shaking, dog-kicking, drug-dealing, devil-worshiping, child-molesting, panty-sniffing terrorist psychopathic monster.
What judge is going
Re: (Score:2)
The warrant process is not a prosecution. It is a check on LEO in gathering evidence that they could not legally or constitutionally otherwise have done. The prosecution will only start after evidence of a crime is collected.
What you are missing is that they are supposed to inform the judge that there is reason to believe baby-shaking, dog-kicking, drug-dealing, devil-worshiping, child-molesting, panty-sniffing terrorist psychopathic monster is or has participated in a specific crime.
Re: (Score:2)
Re: (Score:2)
Technically, the prosecution in a legal case should be required to show the entire chain of evidence, under actual rather than theoretical pan of perjury. At that point, the defense lawyer challenges evidence, usually in a pre-trial hearing. If the defense lawyer can show that evidence was gathered improperly, that evidence cannot be legally presented. There isn't currently a requirement to provide names, although the Constitution does say the defendant has the right to confront his accusers.
That's no
Re: (Score:3)
Not really, this is the same as turning someone in the mob and using them against others.
I am against government surveillance, but this seems to be just the government using an illegal site to figure out who is using it. They just kept the site running for a couple weeks to catch and track down its users, who were breaking the law by being on a child porn site.
Re: (Score:2)
A simple test is.. if a citizen did this to another citizen, would that be against the law?
Then no one would ever get arrested and put into jail, for any reason whatsoever.
Re: (Score:2)
Re: (Score:2)
Indeed. This can only be justified by "regardless of what it is, if the FBI does it it is legal". That does not work with the rule of law and is only possible in a full-blown police-state. As soon as they had the possibility to switch it off, they had both a moral and a legal imperative to do so immediately. In a very real sense, they committed mass-child-abuse.
Also read (Score:2)
Re: (Score:2)
I don't know the laws in question. It is possible that they explicitly allow for use by law enforcement for honeypots. There isn't anything automatically illegal about child porn, it's illegal because there are laws specifically against it.
Re: (Score:2)
There is also the little problem that by the way TOR works they have no idea where a target computer is before they break in. This makes what they did "state-sponsored organized crime" if they even caught one user not on US soil and may well make it "state-sponsored cyber-terrorism" in some countries. Not good at all. Just think of the same scenario but with the Chinese doing it (where all pornography is illegal) or the Iranians (where all non-Muslim religious writing is illegal). See the problem?
Re: (Score:2)
I'm not sure that's a good test:
1) If one citizen deprives another of his liberty, that's kidnapping. If the government does it, it's incarceration.
2) If one citizen forcibly takes money from another, that's robbery. If the government does it, it's a fine.
3) If one citizen kills another, that's murder. If the government does it, it's capital punishment.
Why does this curious dichotomy exist? Because we elect people wh
Re: (Score:2)
Re: (Score:2)
"Yes, I understand that the majority of them (probably) aren't actively engaged in actual, physical abuse of a child....but still. If it was my child, I admit I'd be all for them doing this even though it almost certainly contravenes some law(s)."
Revenge, while understandable, shouldn't be the basis of a legal or ethical system. Even moreso on a country that claims to be "the land of the free".
Under current moral standards it seems Nick Ut would have been processed because of "the girl in the picture" inst
They had a warrant... (Score:5, Informative)
The issue was did this one warrant let the government hack into everyone who tried to use Tor to connect this hidden site. Tor prevented the FBI from determining their IP address without further attacks on individual computers. The other issue is if the Judge knew they were authorizing this many computers to possibly be hacked.
I believe they waited until the user tried to login, create an account, or something like that, so just accidentally browsing to the site shouldn't have triggered the attack.
From the facts I have from this article, I think the FBI did the right thing.
Re: (Score:3)
Re: (Score:3)
Re: (Score:2)
Re:They had a warrant... (Score:4, Informative)
Re: (Score:1)
it is hugely different, what they did was take over the drug business and continued running it
Re: They had a warrant... (Score:1)
Did they do the right thing by actively facilitating the mass distribution of child pornography?
Re: (Score:1)
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
It's all about the percentages, not the raw numbers. United Nations says over 3 billion people are using the internet. 60k from 3B is really not a large number, relatively speaking.
And yet a not dissimilar proportion of terrorists means that all Muslims are terrorists, in many people's eyes here.
Re: (Score:2)
From TFS: "Many of those posts, according to FBI testimony, contained some of the most extreme child abuse imagery one could imagine, and others included advice on how sexual abusers could avoid detection online."
Re: (Score:2)
Interesting thing, instruction how people "could avoid detection online" are not illegal, or even immoral. What is the point of including this piece of information?
Re: (Score:2)
Interesting thing, instruction how people "could avoid detection online" are not illegal, or even immoral.
(a) Offense defined.--A person commits an offense if, with intent to hinder the apprehension, prosecution, conviction or punishment of another for crime or violation of the terms of probation, parole, intermediate punishment or Accelerated Rehabilitative Disposition, he:
(1) harbors or conceals the other;
(2) provides or aids in providing a weapon, transportation, disguise or other means of avoiding apprehension or effecting escape;
(3) conceals or destroys evidence of the crime, or tampers with a witness,
Re: (Score:2)
Interesting thing, instruction how people "could avoid detection online" are not illegal, or even immoral. What is the point of including this piece of information?
Telling someone how to hide isn't a crime. Telling an escaped serial killer how to hide is.
Re: (Score:2)
well look at it differently ... 400,000,000 general population of males from USA and Europe give or take a little, 1% is 4 million, 1% of that is 40,000 so with 215K, that means that there is a lot of people ( about .0005% ) that like this stuff. So the FBI most likely knows a large percentage of them now in the USA. Problem now is what to do with them all. and what does this tell us about society. How about the poor FBI team that had to deal with the web site, those people are psychologically damaged for l
Re: (Score:2)
I don't know what was on this site in particular, but I know that there are many darknet forums filled with egregious, very non-jailbait child porn, right down to infants. People find them by word-of-mouth and darknet pages (like the infamous "hard candy" page, a hidden list of child porn .onion sites on The Hidden Wiki).
We're a fucked-up species and a certain proportion of adult humans are sexually attracted to children for some reason...it's clean over 1% even by the most conservative estimates, and 1% of
So the gov knowingly ran a child porn site? (Score:3, Insightful)
I haven't seen it in the comments yet, but by seizing the site and NOT shutting it down, the government chose to run a child porn server. Does that not then put them under the same legal scrutiny as those they were investigating? Of course I did not read the article and may be missing a bunch of detail, but if the gov was actively serving child porn, then THAT is a crime in my eyes - regardless if it was a honeypot or not.
Re:So the gov knowingly ran a child porn site? (Score:5, Interesting)
In the United States, the federal government has sovereign immunity and may not be sued unless it has waived its immunity or consented to suit; there are exceptions for tort and contract law.
It's a very interesting legal stance if the government says it has sovereign immunity, they claim to have not committed any actions that would invoke the tort exceptions. Therefore, running a child porn website does, according to the government, not do any harm to any potential victims (which is what tort is) and thus dissemination of child porn which is 'illegal because it harms the children', may then fall under first amendment protections just like any other website.
Re: (Score:2)
This begs the question why possession of CP is illegal. The usual argument is that it continues to harm the victims.
Old news (Score:1)
Accidental tourist? (Score:1)
I wonder how many of those 11,000 unique visits were accidental or a product of phishing(goatse.cx)
Now granted I think this is deplorable and disgusting (think of the Children!)
But I think they need to really scrutinize the data that they have so that innocent mistakes/typos/bad linkage are not falsely accused
Re: (Score:2)
Re: (Score:1)
Though that maybe true, there are some that end up there for reasons other than child exploitation.
Re: (Score:2)
They won't reliably get convictions for just visiting a website. However, a visit is grounds for further investigation, probably leading to taking copies of all the hard disks in the house. If they find significant amounts of kiddie porn there, they've got a very good case.
What else is there to say (Score:2)
GO FBI GO !!!!
Re: (Score:2)
Your thoughts about touching the doll have been recorded and sent to the proper authorities. Please remain calm while our extraction team executes a warrant within one standard deviations of your present location.
Mixed feelings (Score:1)
I'm glad that the site was (eventually) shut down. The article didn't mention it, but I hope the kids in the pictures are all identified, located, rescued if they were still in an abusive situation, and offered a lifetime supply of mental-health help (yeah yeah, I know, some number > 0% of abused children don't need mental help later, but the offer should be there for those who do need it).
I have little or no problem using these types of warrants if they are used to prevent crimes or identify victims, b
Re: (Score:2)
I'm talking about something I don't know about here, and will take steps not to know about, but some activities in child porn seem also likely to physically harm the victims as well as causing mental harm. We shouldn't forget about that.
Re: (Score:1)
I'm talking about something I don't know about here, and will take steps not to know about, but some activities in child porn seem also likely to physically harm the victims as well as causing mental harm. We shouldn't forget about that.
By the time the photograph is taken, the physical harm has already been done (I'm not saying more physical harm won't happen in the moments after the camera is turned off, but it's not directly related to the child porn being created).
The danger of distribution of child porn outside of controlled environments (law enforcement, clinical/therapeutic environments, etc.) is that it may create a demand for new child porn, which does mean kids getting hurt.
Distribution of child porn of still-living victims (and w
Re: (Score:2)
I think we're in agreement here. People physically and mentally hurt by horrible crimes should get the care they need. Distribution of child porn can lead to further mental harm, and can encourage scum to make more such, causing more physical and mental harm.
Re: (Score:1)
I think you missed my point:
I'm talking about cases where but for acts by law enforcement that I read as illegal, law enforcement would not have known who committed the crime in the first place.
Anyone granted "immunity" under the proposal I made would be a public pariah. Sure, they wouldn't have a criminal record or sex-offender status but they would be all over the news. That alone makes it almost impossible for them to hang around any kid or teen whose parents or adult neighbors are paying attention. I
Counterintelligence (Score:2)
One interpretation of this article is that FBI (or contractors) has non-public, zero-day, or old-but-unpatched vulnerabilities which it is using against client machines to collect information. We assume that only misconfigured machines are vulnerable.
A benefit of this knowledge is that it may be possible collect these exploits with a REVERSE honeypot. Simply use a MORE secure browser (Tails in Tails + non-extradition origin + Tor Browser). Then spider the Dark Web but make sure your spider DOES follow post