Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Open Source News Technology Your Rights Online

FBI Must Reveal The Code It Used To Hack Dark Web Pedophiles (engadget.com) 105

schwit1 writes: A judge has ordered the Federal Bureau of Investigation to turn over the complete code it used to infiltrate a child pornography site on the Dark Web, Motherboard reports. The FBI seized the Tor-based site known as "Playpen" in February 2015 and kept it running via its own servers for two weeks -- during this time, the bureau deployed a hacking tool that identified at least 1,300 IP addresses of visitors to the site worldwide.

Playpen was "the largest remaining known child pornography hidden service in the world," according to the FBI. Roughly 137 people have been charged in the sting so far, Motherboard says. On Wednesday, a lawyer for one of the defendants won the right to view all of the code that the FBI used during the Playpen operation, apparently including the exploit that bypassed the Tor Browser's security features.

This discussion has been archived. No new comments can be posted.

FBI Must Reveal The Code It Used To Hack Dark Web Pedophiles

Comments Filter:
  • by turkeydance ( 1266624 ) on Saturday February 20, 2016 @07:04PM (#51550375)
    it would be interesting to find out if and how it was verified as *all*.
    • I would assume it would have to be enough of the code for the FBI to prove it was able to use that code to identify the defendants.

      • by Anonymous Coward

        You know what happens when we assume?

        We get upmodded "insightful" on /.

  • by Anonymous Coward on Saturday February 20, 2016 @07:08PM (#51550385)

    I think the bigger story here is that the FBI actually ran a child porn site instead of knocking it offline... WTF. We all understand the premise of why they did it but that can't be a legal way to catch those people. You can't break the law to uphold the law. That's an oxymoron right?

    • just pin in it on fox molder and that scully chick

    • Re: (Score:3, Interesting)

      It would be an extension of this principle, https://www.quora.com/Why-are-... [quora.com]
      • Lying isn't illegal in and of itself.
        • by Anonymous Coward on Sunday February 21, 2016 @05:09AM (#51551835)

          Lying isn't illegal in and of itself.

          It depends upon who lies to whom. Lying to an FBI agent investigating a crime is itself a crime. That's what they got Martha Stewart on, not the actual insider stock trade but lying to investigators about her level of involvement in the scheme. That's why any competent attorney will advise their client never to answer questions unless the attorney is present and able to advise the client on whether or not to answer a particular question and the advice to the client, when answering, will always be to answer truthfully or else refuse to answer the question on 5th amendment grounds. Of course the investigators are free to lie or trick the person being interviewed which is what makes speaking to the police without an attorney present so incredibly dangerous that nobody should ever do it.

      • That the police can lie is quite well established, not just in the US legal system, but in most of them. When they are out trying to do their jobs they have no requirement to tell the truth to suspects. For that matter, neither do you. You can lie to people in your day to day business and it isn't illegal. The requirement to tell the truth only happens in court, when you are under oath, same as the police.

        However the police aren't allowed to commit crimes, felonies in particular, in the course of their work

    • by jonwil ( 467024 ) on Saturday February 20, 2016 @07:57PM (#51550537)

      Its no different to an undercover cop pretending to be a drug dealer and engaging in a drug deal so the hidden cops can spring forth and bust the bad guy.

      • by Anonymous Coward
        One thing is for the undercover cop to pretend to be a drug dealer, and it's another for the undercover cop to actually BE a drug dealer. While it's quite possible to "sell drugs" that turn out to be talcum powder or something and use that in court to convince a jury that the suspect didn't know it was talcum powder but thought it was drugs, and quite another to run a child porn site. I'm not sure how they could do that without actually distributing child pornography.
        • by GuB-42 ( 2483988 )

          It is also illegal to sell anything as drugs. Selling talcum powder as cocaine can get you in legal trouble as much as if you sold the real deal.
          In fact, it would make sense to make the sentence worse for fake drug dealers. Real drugs, at least the most popular ones, have well known effects, we know how to treat them and should one take them, steps can be taken to minimize the risks. Fake drugs, not so much. Some products can be more toxic than the real thing, especially when injected. Variations in purity

      • by Anonymous Coward on Saturday February 20, 2016 @08:42PM (#51550685)

        Its no different to an undercover cop pretending to be a drug dealer and engaging in a drug deal so the hidden cops can spring forth and bust the bad guy.

        No, there's a difference. In the fake drug deal the drugs themselves are often fake as well. For example, baking powder for cocaine or milk chocolate for heroin, etc. This is effective because the real drug dealers already cut their drugs with these and other substances and it's easy to prepare and package these materials so that they look very convincing at first glance. Not so with child porn. If an image is CP, of the sort often sought out by those who want it, it's patently obvious whether that image is the real deal or not both to the police and anyone else. Moreover, the mere transmission or possession of that image is itself a crime, regardless of intent. Since it's impossible to show the images to anyone without committing a crime and the people they caught could not be arrested immediately, the FBI was effectively engaged in bona-fide illegal activity for a matter of weeks of the sort that would never have occurred in a sting like your fake drug bust or for example on the television program "To Catch a Predator", where there was never any actual CP on offer. Do you understand the difference now?

      • by dgatwood ( 11270 ) on Saturday February 20, 2016 @08:57PM (#51550737) Homepage Journal

        Its no different to an undercover cop pretending to be a drug dealer and engaging in a drug deal so the hidden cops can spring forth and bust the bad guy.

        Uh, it isn't even similar. In a sting operation, the operation ends when the person buys the drugs. The purpose is to get them to buy the drugs, but at that point, they arrest the person. In this case, they download the fake porn that tattles on them, but they also continue to download real porn from systems run by the government, upload new porn to systems run by the government, and trade porn in a marketplace run by the government over an extended period of time.

        This is more closely equivalent to a rogue CIA agent infiltrating a drug cartel and then continuing to run it for a decade, growing and selling drugs, killing members of competing cartels, and advertising the availability of drugs in an effort to entice (entrap) people who otherwise might not have bought them, all under the pretense that while his or her organization deals drugs, he or she will also periodically slip the police a list of some of the people who are buying so that they can eventually do a sting operation and bust them....

        This is so far outside the bounds of what should legitimately be legal in a free society that it is downright terrifying. There's a bright line between pretending to be part of a criminal organization and participating in the operation of a criminal organization, and from what I've read about this operation, I would say that they crossed that line by a large enough distance that they couldn't even see it in their rearview mirrors....

      • by quintessencesluglord ( 652360 ) on Saturday February 20, 2016 @10:41PM (#51551083)

        You say that so nonchalantly, as if there isn't a huge moral problem with law enforcement goading people to break the law.

        I mean it's not enough that the police claim they don't have the manpower to investigate crimes people really do care about, like robbery and murder, and yet can devote substantial resources to busting petty drug users.

        Here's a clue: if your government can justify deceiving you in the name of some greater good, it has moved from servant to paternalistic.

        Which is exactly what posing as a drug dealer is.

      • by Mashiki ( 184564 )

        Its no different to an undercover cop pretending to be a drug dealer and engaging in a drug deal so the hidden cops can spring forth and bust the bad guy.

        Except the use of drugs for the purposes of busting said dealers happens in only very rare circumstances. Usually where the suspect is highly suspicious that it's going to be a sting. In this case, they ran in, claimed the site and kept running it.

      • Are the cops actually using the drugs? I'm pretty sure they get in trouble if they do. Viewing child pornography is the only crime that the judge, cops, and prosecutor all actually commit themselves routinely.
        • by dak664 ( 1992350 )

          Actually the larger crime is to sell such porn, and the ip address is used for subsequent sting operations to induce the downloader into uploading something. Then they make the arrest for trading==selling child porn.

          It seems to me that law enforcement commits that crime first. And I wonder how many of those netted by such operations would have been able to resist the urge had the gov't not tempted them with lurid pictures.

    • by PinkyGigglebrain ( 730753 ) on Sunday February 21, 2016 @01:01PM (#51552897)
      Not the first time they have done something like this. I remember reading that back pre-Internet when the last publishers of Dutch mail order CP magazines closed up shop due to the changing laws the FBI actually started to reprint the magazines for a time so they could continue to advertise, mail and then arrest anyone who ordered them for possession of CP. So apparently the FBI was actually running a CP magazine business for a time. Of course it was all to protect the children.
    • by Anonymous Coward

      I think the bigger story here is that the FBI actually ran a child porn site instead of knocking it offline... WTF. We all understand the premise of why they did it but that can't be a legal way to catch those people. You can't break the law to uphold the law. That's an oxymoron right?

      Government agents break the law everyday. It is just one of the many perks you get for being a government insider. The FBI is the biggest importer of child porn in the nation (to catch pedophiles and supply Congress). The CIA smuggles heroin in order to fund its black ops. The DEA smuggles cocaine in order to keep on good terms with the Sinaloa drug cartel (who rats out their competitors). The ATF smuggles guns for the DOJ (Operation Fast and Furious, Operation Gunwalking). The military smuggles forbidden t

  • IT Dept (Score:3, Insightful)

    by Anonymous Coward on Saturday February 20, 2016 @07:11PM (#51550399)

    Can you imagine working for their I.T. department when that order came down? "You want me to do what?"

  • by Anonymous Coward on Saturday February 20, 2016 @07:16PM (#51550415)

    Submissions should preferably link to primary sources instead of sites that just repackage the story from the original, i.e. just link to Motherboard's article to begin with and give them the clicks instead of Engadget.

  • by swb ( 14022 ) on Saturday February 20, 2016 @07:42PM (#51550477)

    Let's say the FBI wanted to do some task with software, but didn't have the expertise in house. So they discuss what they want done with a third party, who decides they can do it but will only license the software to the FBI, not sell it to them outright. As part of their agreement, they supply a binary module (like a graphics driver blob file) to the FBI they can interface with.

    Now, the FBI ends up being required to reveal its code to a defendant. The third party module ends up being key to the defendant's discovery. The FBI doesn't have the source code to the module, so they can't supply it -- in fact, they have a binding contract saying they can only have the binary module.

    Does the third party have to reveal their source code? Can the FBI effectively hide behind their contract with the third party?

    If yes, it seems kind of scary -- the FBI can basically outsource their techniques and then hide behind their contracts. Scary because I would imagine the defendants might be making a case that the evidence convicting them is false, but because the FBI could hide behind a third party contract, the defendant can't verify the claims. The FBI, could, in theory at least, use sham agreements to ensure their dirty work remains beyond discovery.

    The similar kinds of things I can think of are the DWI cases that were challenged over the source code to breathalyzers and the contract language of at least one of the Stingray makers who forbid the details of their device being revealed.

    • by JoeRandomHacker ( 983775 ) on Saturday February 20, 2016 @07:51PM (#51550503)

      Possibly, but the defense has the right to question how the evidence against them was collected. If such a tactic were to prevent such inquiry, it could be grounds to have the evidence tossed out.

      • by swb ( 14022 )

        I think this is probably the best line of questioning, to challenge the efficacy of the FBI's collection methods as producing valid information. Their secret spy software isn't something of generally accepted reliability, like DNA or fingerprints.

        The trouble is, the FBI could give you all their source code but it would be a nightmare to sort it out. They probably wouldn't be required to describe it line by line, it would be up to the defendant's experts to figure out what it did and if it worked and wheth

      • Yeah, the court seems to be following the same line of reasoning which got the source code for breathalyzers released [wired.com].

        It's too bad for the FBI since it turns their tactic into a one-trick pony. But I believe the strategy around that in the gangster days was to not use the testimony of the stool pigeon directly in court against a suspect. Rather, use the info learned to set up other stings which would generate enough evidence to charge the suspect. Then they wouldn't have to reveal who their inside sou
    • Does the third party have to reveal their source code? Can the FBI effectively hide behind their contract with the third party?

      Look no further than this [vice.com] for clues.

      It's obvious that this type of activity will be eventually vetted and weighed in the Supreme Court.

    • Court orders take precedence over contracts. Contracts to break the law are not binding. Entering into an agreement, for the purpose of breaking the law, is conspiracy.
      • by swb ( 14022 )

        I don't see where the court has the authority to order the third party to reveal their code. The FBI and the US attorney are the ones accusing the defendant of committing a crime, the third party contractor is merely providing a component to the FBI.

        Say I was accused of drunk driving. I challenged his probable cause to pull me over. He said I was weaving, I said I wasn't, his car was weaving creating the illusion on a dark night that i was weaving. He was driving a Ford Crown Victoria and I want him to

    • Does the third party have to reveal their source code? Can the FBI effectively hide behind their contract with the third party?

      To the first question, bring the third party into court, ask them for the code.

      You might or might not get it, but if you don't, it becomes grounds to question the evidence and you might get it thrown out.

      In other words, the FBI might or might not be able to give you the code, but the Judge doesn't have to allow the evidence gathered from the code into court either.

      • Re: (Score:2, Informative)

        by Anonymous Coward

        In the case of Stingray cellphone interceptors, when a defendant asks about that evidence, the FBI usually drops the case. Seriously, they'd rather drop a case altogether than have a Stingray be challenged in court. So if they'd rather hide behind an NDA or something here, they're gonna need to withdraw some charges.

    • This would run smack into discoverability and the FBI would never be able to guarantee that the result of their research is valid. Furthermore a judge could simply require the source code to be shown under NDA, as is done with breathanalyzer, and if the company refuse, toss the evidence, potentially tossing the case.
    • In any sane society, there is no fucking way a civil contract should ever be allowed to supersede a subpoena.

  • by Anonymous Coward

    1,300 seems a bit low for the "largest" child porn site. Makes me wonder if the exploit only worked on certain operating systems or older versions of the Tor Browser. If I recall correctly, the exploit they used a few years ago with Freedom Hosting sites used an exploit that was already patched, but many people still hadn't updated their Tor Browsers, or didn't use proper security settings, and were caught.

    So I really wonder if that's the case here.

    • The exploit almost certainly required Javascript to be enabled like the last time they did this.. This effected people stupid enough to turn it on, and those stupid enough to not turn it off for the versions where it was enabled by default (and not update). Which makes what the FBI did even worse, because they had no realistic chance of even catching a large percent of US-based users. 1,300 should actually be appreciated as a huge number considering the small percentage of people smart enough to get on tor
  • by MindPrison ( 864299 ) on Saturday February 20, 2016 @08:29PM (#51550639) Journal
    This is all just a game.

    FBI have no real interest in the sexual deviants, they only want the tools and to be allowed to use the tools for whatever they want. The entire stings are public pleasers, get whoever the public have decided to hate this decennial and get the tools to get EVERYONE (not only the sexual deviants), but eventually when they LEGALLY got whatever tools they want - so NO one is safe, regardless of belief, creed, sexual orientation or political beliefs - the point is they want access to whatever you do, think and consider, every opinion that you have - so this can be used against you in a world with more and more rules, the masses being ruled by the few that wants it all.
    • by gweihir ( 88907 ) on Saturday February 20, 2016 @09:54PM (#51550951)

      Unfortunately, that seems very, very likely. The very amorality of running the site for a time, when the DOJ's says that a main reason to make this type of content illegal is that it victimizes those depicted again is staggering. Only this time they were raped again by the FBI with official sanction. If that is not much, much worse, then I do not know what it. Hence I conclude that this is not about those targeted at all, and it certainly is not about protecting any victims.

  • by Rujiel ( 1632063 ) on Saturday February 20, 2016 @10:44PM (#51551095)
    Motherless hosted CP and bestiality without any repercussions. Most obvious of all, initially its servers were located 20 minutes away from FBI's washington state headquarters.
  • The FBI is ordered to produce a code but Apple does not have to unlock a government-owned iPhone of a known terrorist? What a world.

    • by Anonymous Coward

      What a world.

      'People shouldn't be afraid of their government. Governments should be afraid of their people.', V, 'V for vendetta', Alan Moore.

      Corporations and government both, must be answerable to the people. Corporations must depend on the magnanimity of the government but not be part of the government.

    • by phorm ( 591458 )

      Yes. Government agency has to provide data for the defense's case (to among other things, prove that they didn't use illegal methods or those that might get the wrong guy).
      Non-government agency cannot be compelled by government to product a product for them (or break their own product).

      See where this is going?

  • It looks like this boils down to an argument about whether the ends justify the means. While I appreciate the desire to catch the dirt bags who prey on children, the justice department crossed the line.

Real programmers don't bring brown-bag lunches. If the vending machine doesn't sell it, they don't eat it. Vending machines don't sell quiche.

Working...