Australian Authorities Hacked Computers in the US (vice.com) 75
Motherboard is reporting that Australian authorities hacked Tor users in the United States as part of a child pornography investigation. The revelation comes through recently-filed US court documents. The incident underscores a trend where law enforcement around the world are increasingly pursuing targets overseas using hacking tools, raising legal questions around agencies' reach. From the report: In one case, Australian authorities remotely hacked a computer in Michigan to obtain the suspect's IP address. "The Love Zone" was a prolific dark web child abuse site, where users were instructed to upload material at least once a month to maintain access to the forum. By July 2014, the site had over 29,000 members, according to US court documents, constituting what the US Department of Justice described as a "technologically sophisticated conspiracy." In 2014, Queensland Police Service's Task Force Argos, a small, specialised unit focused on combating child exploitation crimes, identified the site's Australian administrator in part because of a localized greeting he signed messages with. The unit quietly took over his account, and for months ran the site in an undercover capacity, posing as its owner. Task Force Argos' logo includes a scorpion, and the tagline "Leave No Stone Unturned." Because The Love Zone was based on the dark web, users typically connected via the Tor network, masking their IP addresses even from the law enforcement agents who were secretly in control of the site. Task Force Argos could see what the users were viewing, and what pages they were visiting, but not where they were really connecting from.
Re: Hacked you say? (Score:2, Insightful)
No, fire your lawyer. Compiling with GCC is explicitly called out as not making your code GPL.
Re: (Score:1)
Re: (Score:2, Informative)
I know you're just a redundant copy-paste asshat troll. But seriously, GPL got you down with Linux? Just move to BSD. Problem solved.
Re: Hacked you say? (Score:2)
Re:No Problem Here (Score:5, Insightful)
I don't know about you, but I do have a problem with feds running a kiddy porn site for a few months. There are limits to what law enforcement should be doing, and using kids as bait is one of the things where you don't just step over the lines but actually throw up on it. Especially when so little is accomplished by doing it.
Re: (Score:2)
Re:No Problem Here (Score:4, Insightful)
I wouldn't be surprised if a large number of them were different "law enforcing agents" from different countries :D
Re: No Problem Here (Score:5, Insightful)
Maybe more than actual users.
Remember, the internet is where men are men, women are men, and kids are FBI agents.
Re: (Score:2, Insightful)
Maybe more than actual users.
Remember, the internet is where men are men, women are men, and kids are FBI agents.
Women are bots, and the bots are traps. Ashley Madison Used Chatbots to Lure Cheaters, Then Threatened to Expose Them When They Complained [fortune.com]
Re: (Score:2)
Maybe more than actual users.
Obligatory. [wikipedia.org]
Re: (Score:1)
Even if they were all in the US that would still mean one out of ten thousand people. That probably doesn't even account for all the Catholic priests in the US.
Re: (Score:2)
I'm kinda wigged out that this site had 29,000 users! Not that all of them were in the US, but there are a lot of pedos out there.
Assuming there are 7.4 Billion people [google.com] and 40% [google.com] of them have internet access, then the proportion on that site is 29,000/2960000000 = 9.79e-6. So that is a little less than 1 in 100,000 people.
The world has a lot of people in it.
Re: (Score:3)
Assuming there are 7.4 Billion people and 40% of them have internet access, then the proportion on that site is 29,000/2960000000 = 9.79e-6. So that is a little less than 1 in 100,000 people.
Don't forget, this is only the number of people who were savvy enough to find a dark-web site and maintain an account with monthly submissions, so you're probably off by an order of magnitude.
Re: (Score:2)
Assuming there are 7.4 Billion people and 40% of them have internet access, then the proportion on that site is 29,000/2960000000 = 9.79e-6. So that is a little less than 1 in 100,000 people.
Don't forget, this is only the number of people who were savvy enough to find a dark-web site and maintain an account with monthly submissions, so you're probably off by an order of magnitude.
Yes. If I'm off by two orders of magnitude, it still isn't a very high proportion of people.
Re: (Score:2)
there are a lot of pedos out there.
The FBI could probably tell you how many pedos are on sex offenders lists. Note that I specifically said pedos, because you can probably get on one of those list by peeing behind a bush or walking into the wrong bathrooms in a restaurant.
And, of course, these are only the ones who got caught. If even the Catholic Church covers them up in their organization, imagine what goes on elsewhere . . .
Re: (Score:2)
Keep in mind that not all pedophiles are sex offenders.
Also, not all sex offenders associated with CP are pedophiles.
Some are far worse - they're in it for the money.
And some are neither - they downloaded a trove of pics or videos, and missed filtering out some that were CP, or were unable to remove the traces.
Re: (Score:2)
Re:No Problem Here (Score:5, Interesting)
I have to agree with you. From the quick google search I did possession and distribution of CP is prima facie illegal in the US. There are no special exceptions for LEOs conducting strings. Obviously we have a big general exception for storage of evidence etc, maybe it was the Aussies that did most of the objectionable hosting etc but its still highly questionable for the DOJ to cooperate in an investigation using such methods. If that is "ok to do" than pretty much all the DOJ need do is find some banana republic somewhere to hire some work out to and basically anything they do on the Internet is suddenly above and beyond the reach of law.
The other issue is hacking suspects computers without a search warrant seems like a plain violation of the CFAA to me. So again the feds cooperating with an other nation using such methods should be illegal as they are accessories to the crime.
If Law Enforcement can't follow the law the rest of us should not have to either.
Re: (Score:2)
... If that is "ok to do" than pretty much all the DOJ need do is find some banana republic somewhere to hire some work out to and basically anything they do on the Internet is suddenly above and beyond the reach of law.
Yeah, if only there were a banana republic conveniently located 300 miles or so offshore with a military base or something where the US government could operate extrajudicially...
Re: (Score:2)
No comment on the legalities of what occurred, though.
Re: (Score:1)
Re: (Score:2)
No, because then they don't address the problem but add to it. That's exactly the point here. In my opinion law enforcement should do what its name implies, enforce and uphold the law. I cannot uphold the law by breaking it, that makes zero sense.
Re: (Score:2)
Re: (Score:2)
So if I shoot the cop I go free when I then also shoot the robber?
Re: (Score:2)
Re: (Score:1)
That's the problem though...
"I don't mind if you ignore the law for *X* because I find *X* repugnant."
"Well, I suppose you could also skirt the law for *Y* because that's pretty bad, too."
"HEY, why are you ignoring the law for *Z*, that wasn't part of the deal."
While I absolutely agree that the CP ring needed to be shut down, we need to go about it the legal way. There are mechanisms in place to apprehend these criminals, without becoming criminals yourself.
Re: (Score:2)
Nothing but hyperbole (Score:3)
Queensland Police Service's Task Force Argos, a small, specialised unit focused on combating child exploitation crimes, identified the site's Australian administrator in part because of a localized greeting he signed messages with.
In other words, an Australian law enforcement agency was going after an Australian running a child porn site. Yeah, that is totally out of bounds for them. Who would ever think a country would have jurisdiction over people committing crimes in their country.
Child pornography has no borders. Based on the hyperbole from Motherboard we can presume they support child pornographers to be protected so they can continue raping one and two-year olds because that's what's most important.
Re: (Score:2)
TOR END POINT = chilld sex offender (Score:2)
TOR END POINT = chilld sex offender that after they get out will be blacked listed form just about all work and may just do what it takes to get back in.
Re: (Score:2)
What do you mean by Tor end point? A Tor exit node only finds you traffic to non-dark web sites.
A Tor relay only shares encrypted data between other nodes. You have to target the actual end user with malware to succeed in identifying them. And that's what this article is about - hacked PCs.
Re: (Score:2)
What about just using the public points as exit nodes or even some ports in a office with poor IT in place.
Re: (Score:2)
What about making sense with your question/statement? I couldn't decipher that.
Was it hacking or just good police work? (Score:5, Informative)
Did the Queensland Police hack any computers? They appear to have simply sent emails containing links. When the link was clicked, the IP address of the mail client as recorded.
From the TLA:
>> Details on how exactly this was achieved are limited, but according to a court document from another case [documentcloud.org],
>> “When a user clicked on that hyperlink, the user was advised that the user was attempting to open a video
>> file from an external website. If the user chose to open the file, a video file containing images of child pornography
>> began to play, and the FLA [foreign law enforcement agency] captured and recorded the IP address of the user accessing the file.”
So it doesn't appear that any code was inserted into the target computer. The offenders didn't follow good opsec - they clicked on a link while they were not connected to a TOR proxy.
As for jurisdiction - it appears that the server was moved to Brisbane. Again from the TLA:
>> At one point, The Love Zone server was also reportedly moved to Brisbane, giving Task Force Argos,
>> the Queensland Police Service unit that took over the site, access to every private message on the site.
If the server was located in Queensland, then Queensland court orders could legitimately apply to it. So no evidence of hacking or of extra-territoriality. Move along folks, no misconduct, just good police work.
One World Governemnt (Score:2)
Well, Righties, it appears the extra-judicial organs of state security have already faited that accompli.
Yes and no... (Score:2)
Anyone in Australia hacking anything in the US should result in criminal charges (not that it'd ever go to trial unless the perpetrator actually found his or her way to US soil). Period. It doesn't matter if the person doing the hacking is a private citizen or the prime minister.
That said, the "hacking" they're talking about seems to have been giving the guy a link a hyperlink. Calling giving someone a hyperlink and them clicking it a "hack" is a stretch, imo, if that hyperlink doesn't do anything other
Re: (Score:2)
Anyone in Australia hacking anything in the US should result in criminal charges (not that it'd ever go to trial unless the perpetrator actually found his or her way to US soil). Period. It doesn't matter if the person doing the hacking is a private citizen or the prime minister.
That said, the "hacking" they're talking about seems to have been giving the guy a link a hyperlink. Calling giving someone a hyperlink and them clicking it a "hack" is a stretch, imo, if that hyperlink doesn't do anything other than connect to a web site. If it downloaded malware or something similar, then ok, but it doesn't sound like that's what happened.
Why should it be illegal if they are law enforcement? We don't go after the thousands of hacks that occur on a daily basis yet you want to single out police by doing it for a good cause?
Re: (Score:2)
There's no exemption in the law that allows agents of other governments to compromise .us systems.
You know, that's a fair point. My intention wasn't to say that I think they should be singled out, but rather that what they did should be considered a criminal act, and that their being Australian LEO is completely irrelevant t
Re: (Score:2)
Newsflash: I don't control American policy, nor do I always agree with it. As I said in response to another AC, I fully support other countries prosecuting US citizens who violate their laws, whether or not those US citizens are law enforcement agents.
Re: (Score:2)
Of course not. If US law enforcement hacks Australian systems, I'd 100% support Australia prosecuting.
Re: (Score:2)
The US could apply to have the foreign citizen extradited to face trial. It would depend on the extradition treaty the two nations have in place.
e.g. Australian Silk Road employee Peter Nash was extradited from Queensland to face trial in the US.
Silk Road member Peter Nash avoids further US prison time [smh.com.au]
Pedophiles Run Pedophile Website (Score:1)
What if the cops are actually pedophiles? There are cops that are convicted of child porn. There are 3 in the past decade in Florida alone and most of them worked either with or along side cyber crime units. My guess is they are introduced to it and/or obtain most of it from work. One guy took an entire flash drive of content and kept it in his locked gun case at home. Another guy was jerking off at his desk in the fucking police station when no one was around. Yet another was touching kids in his squa
There is no jurisdiction issue (Score:2)
They were running a child pornography website in their own jurisdiction, if that's illegal over there, then they should be prosecuted by their authorities (I think they should, it's disgusting to think police is distributing cp).
They sent links that directed people outside of the tor network to a "clear web" cp website they also run. People that accepted to go to that website were subjected to the same "privacy" they are subjected to when visiting any other website. If recording visitors ips and sessions is
100% normal and expected behavior (Score:1)
That's what the "Five Eyes" group is primarily for: Hacking citizens in other countries, for those countries.
So the US spy agencies can not "work" on American citizens without a lot of legal problems. They might suspect someone, but the evidence is weak, to weak to use the normal, legal ways to find out more. So they ask their friends, e.g. the Australians: Could you please hack this guy? For the Aussies, this guy is a foreigner and therefor a legal target. If they find something that would make the person