FBI Dismisses Child Porn Case Rather Than Reveal Their Tor Browser Exploit (arstechnica.com) 244
An anonymous reader writes:
Federal prosecutors just dropped charges against a child pornography suspect rather than reveal the source code for their Tor exploit. Of the 200 cases they're prosecuting nationwide, this is only the second one where the FBI has asked that the case be dismissed. "Disclosure is not currently an option," federal prosecutors wrote in a court ruling Friday. The Department of Justice is still prosecuting 135 different people believed to have accessed an illegal child pornography web site. Before shutting it down, the FBI seized the site and operated it themselves for 13 more days, which allowed them to deploy malware to expose the users' real IP addresses.
Which is more important? (Score:5, Funny)
Secrecy or Child Pornography...
We report, you decide.
Re: Which is more important? (Score:4, Insightful)
Re: Which is more important? (Score:5, Insightful)
using an exploit that the FBI knew about but didn't tell the banks?
How many banks rely on Tor?
Re: Which is more important? (Score:5, Informative)
Bank infrastructure is typically less secure than Tor.
Re: Which is more important? (Score:5, Insightful)
Bank infrastructure is typically less secure than Tor.
Bullshit. I have worked for three banks and they all had the best IT security money can buy. One of my current clients has a core switch that's worth more than your house, it's crammed with IDS and IPS modules and whatnot.
Meanwhile Tor has been the source of many incidents, especially once people started putting up fake nodes.
Re: (Score:2)
Bank infrastructure is typically less secure than Tor.
Bullshit. I have worked for three banks and they all had the best IT security money can buy. One of my current clients has a core switch that's worth more than your house, it's crammed with IDS and IPS modules and whatnot.
Meanwhile Tor has been the source of many incidents, especially once people started putting up fake nodes.
And yet with all that technology, Tor can't even hold a fucking candle to the global impact Greed and Corruption have caused in the banking industry.
You can stop your bragging now, since it's clear no amount of security can detect or prevent that insider threat.
Re: (Score:2)
The exploit doesn't target Tor though, it targets the Tor Browser, which is a fork of Firefox. So it is very likely that the exploit exists in Firefox too. We don't know how severe it is, but potentially some bank employee could be compromised by it.
It's easy to imagine hospitals or air traffic control being hit by ransomware, or foreign powers gaining access to high ranking members government's computers this way. It's unlikely that they would have the kind of extreme IT security in place to avert that kin
Re: (Score:3)
Bank infrastructure is typically less secure than Tor.
Bullshit. I have worked for three banks and they all had the best IT security money can buy.
When we are interviewing mobile developers, the ones that come from banks are the worst. They never know how anything works, they have no concept of security, certificate pinning, encryption, buffer overflows or at-rest protection of data. Inevitably the explanation is that they are given a library which "does all that for us". I am not sure what this magical library does, but blind faith is not security and doesn't lead to security. I'm very wary of mobile banking apps as a result. Ever tried to MITM
wat (Score:3)
Don't get your panties in a bunch. The point is not about blaming people, the point is that Tor is not more secure than a typical bank infrastructure.
Re: Which is more important? (Score:4, Informative)
A system is only a good as i.t engineers set it up to be,it can have every bell and whistle possible,but if someone does something wrong or stupid,then possibly all the bells and whistles etc are no use..
When it comes to high-end hardware, be it storage or networking, the vendor sends its own team to install and configure the device, and keeps monitoring and patching it. And guess what, that's what they do for a living and they're usually very good at it.
Horror stories can and do happen. I've seen IBM wiping out huge SAN subsystems by mistake during an upgrade, or an HP engineer tripping on a power bar and pulling out a handful of optical fibers, disrupting networks in a whole building.
What I have never seen or heard about is someone putting a misconfigured 1/2 million dollar core switch in production and nobody noticing the problem. Could it happen? Maybe. But that's not "typical".
Re: Which is more important? (Score:5, Informative)
I'll counter, how many CIA agents rely on TOR? "The core principle of Tor, "onion routing", was developed in the mid-1990s by United States Naval Research Laboratory employees, mathematician Paul Syverson and computer scientists Michael G. Reed and David Goldschlag, with the purpose of protecting U.S. intelligence communications online. Onion routing was further developed by DARPA in 1997."
Re: Which is more important? (Score:2)
It's likely a exploit with Firefox, not your specifically that they don't want patched
Re: Which is more important? (Score:5, Interesting)
This is not a "Tor" exploit. It is a Firefox exploit against the version of Firefox used in the Tor browser bundle. It may well still be exploitable in current Firefox versions, including the one used in the current Tor browser bundle versions. Otherwise there really would be no point in keeping it secret.
Hence the FBI is actively and knowingly endangering anybody using Firefox. That seems to be legal, but it is hugely unethical.
Re: (Score:2)
I guess the exploit is not too well known, or someone else would have found it, and possibly reported it.
So if it's not very well known, I guess the FBI feels that the information it can obtain is worth the risk to others who might possibly be exploited by it.
Re: (Score:3)
It may also be known to criminals that use it sparingly and carefully. Or to foreign intelligence agencies that are allowed to do industrial espionage (for example, the French). It may also be become widely known but patching it may require a few weeks. And so on. I think the FBI just does not care.
Re: (Score:3)
Given that one of the FBI's mandates is to stop foreign spying, I think it would be treason if they knowingly do nothing about that. Not that I think the FBI is above treason. A brief look at their history is pretty illuminating.
Re: (Score:3)
Re: (Score:2)
Be fair, there aren't going to be more than a few banks operating on Tor. They will likely be operating bitCoin to real cash services, be somewhat less law abiding than average and charge exorbitant fees.
At least a decent sized minority part of government would actually be for taking those banks down, with exceptions of course.
Re: (Score:2)
Re: (Score:3)
Government Agencies? Banks? really? since when the fuck did they start using Tor for Business?
Since never. This was complete bullshit coming from someone with obviously no experience in this industry.
Blockchain is getting traction in big business. It's even available on the IBM cloud platform (Bluemix). But this has nothing to do with Tor; for secure networking IBM is working on their own protected network, which will be similar to good old VAN for EDI.
Re: Which is more important? (Score:4, Interesting)
The FBI does not care about prevention. They care about locking up people. Hence this is exactly as they want it.
Re: (Score:3)
"They care about locking up people"
This is the FBI organizational mandate and their reason for existing.
Re: (Score:2)
You should have a look at their official mission statement. That says something different.
Re: (Score:3)
Every org has a propaganda statement
Re: (Score:3)
Re: (Score:2)
Re: (Score:3)
I'd argue the misuse of the term "treason" is a sign of mental health issues.
Re: Which is more important? (Score:5, Insightful)
"Treason" has a very clear definition under US law, and you apparently do not know or perhaps even do not care what this definition is. My guess is that this is because it's a word you like to use purely for effect, rather than for actual communication.
Re: (Score:3, Insightful)
Treason is the actual charge with which the FBI intended to charge Hillary Clinton.
The FBI never intended to charge Hillary Clinton with treason. If they had, they would have recommended exactly that. They didn't even intend to charge her with mishandling classified information. If they had, they would have done so as well. The only thing that happened was that in deciding that she had done nothing worth an indictment over, Director Comey decided to violate protocol and offer critiques about her email practices. Presumably because he was Ken Starr's right hand man all during the 1990s, tr
Re: (Score:2)
Re: (Score:2)
Re: (Score:3)
You posit wrong. Treason is defined in the Constitution, and the legal barrier for treason is so high that only 13 people have ever been so convicted, and two of those were pardoned by the Pres later....
Re: (Score:2)
You mean, which is more important: being allowed to manufacture allegations or being exposed for manufacturing evidence.
I hope the judge and the defendant doesn't just let this go, you can't just go around accusing people of doing CP and then totally drop it when you have to come up with the evidence.
In other news: Obama and the FBI also say they never wiretapped US citizens using FISA courts.
Re: (Score:2)
I'll take the optimistic route here and say that the FBI isn't using this on people without cause - e.g. they've found people with CP and are bringing them to court. That should scare them hopefully into stopping. Yes - I'd prefer that they were punished.
Call me naive, but I don't think they are using this as a smear/insinuation tactic against those who aren't looking at child porn.
It would be interesting to see the tipping point (Score:5, Interesting)
Where is the point where the crime is so egregious that the FBI is willing to publish the exploit? I presume their keeping the exploit secret because once it's known, it will be fixed and they will no longer be able to monitor the "deep, dark, black, web"?
What if there was a terrorist attack and the FBI knew about it and sat on it because they thought the expected value of the property and lives lost was less than the value of the exploit and the intelligence received from it?
Would the FBI (and the US government) be liable for damages because they could have prevented the crime?
Re: (Score:2)
"Where is the point where the crime is so egregious that the FBI is willing to publish the exploit? "
Probably prosecution of a live, thwarted US citizen terrorist that they couldn't deport to Gitmo or rendition and could only deal with in US courts.
They probably looked at the kiddie porn guy and decided he wasn't a high threat based on a propensity of evidence. It makes sense to save this exploit (which all the CIA/US assets already probably have a workaround for) and keep using it against significant crim
Re: (Score:2)
Or rather, does that point even exist? They may feel that it is worthwhile to keep using it to catch as many as they can and just dismiss the cases with competent defense.
Re:It would be interesting to see the tipping poin (Score:5, Interesting)
There is another explanation. They might not want to release it because it might not stand up in court. If it gives them the ability to run arbitrary code on the target machine, if they can places files on that machine, the defendant will claim that the FBI planted those images. I'm no expert on US law but it seems like there would be some issue with the evidence being tainted too, and then everything else i s fruit of the poisoned tree.
Re: (Score:2)
There is a well-known historical case where this decision was made: https://en.wikipedia.org/wiki/... [wikipedia.org]
Re: (Score:2)
Traveling back in time to "kill Hitler" has become so synonymous with time travel fantasies that it's unlikely future time travelers would actually do it for fear of divulging the existence of their powers and contaminating their preferred timeline. If people in current time knew th
So 135 more dismissals in queue? (Score:5, Interesting)
Sounds like there is a very simple formula for defense now and forever for any of their tor tapping. Smart, very smart.
Now we know where the moral compass is pointing. (Score:5, Interesting)
Re: (Score:2)
Or catching 10 trumps catching 1.
Re:Now we know where the moral compass is pointing (Score:5, Insightful)
Or letting one more child be raped and murder equals what the fuck exactly? Those child porn rings require content and every time a content producer is exposed, an arrest and rescue should immediately occur, 'IMMEDIATELY', fuck future prosecutions.
Re:Now we know where the moral compass is pointing (Score:5, Interesting)
Or letting one more child be raped and murder equals what the fuck exactly?
There are many myths about "snuff films" that record actual murders, but none have ever been verified. In the most famous case Ruggero Deodato [wikipedia.org] was prosecuted for murder, but was acquitted when the actors and actresses that he had allegedly murdered showed up to testify in his defense. It is hard to imagine how some scenes in his films could have been made without killing someone, but they obviously were, since the people "killed" were still alive and healthy.
Re:Now we know where the moral compass is pointing (Score:5, Insightful)
There is actually some genuine "murder porn" out there: You get to see it on the news, perfectly legally. Think for example, the footage exposed by Manning. It even comes with mocking comments by the murderers while they kill innocent civilians.
Comment removed (Score:4, Informative)
Re:Now we know where the moral compass is pointing (Score:5, Informative)
Uhh there was one busted in Australia not too long ago who was raping, torturing, and murdering kids on a private darknet PPV.
Peter Scully [wikipedia.org]. He is accused of murdering one girl, but he didn't film it. The things he did film were horrific, but did not include any killings. So no "snuff film".
Re: (Score:3)
There was this guy too:
Luka Rocco Magnotta [wikipedia.org] (born Eric Clinton Kirk Newman; July 24, 1982) is a Canadian murderer, convicted of killing and dismembering Lin Jun, a Chinese international student, before mailing Lin Jun's limbs to elementary schools and federal political party offices.[9] This act gained international notoriety. After a video depicting the murder was posted online in May 2012,
Re:Now we know where the moral compass is pointing (Score:5, Insightful)
This guy was charged with accessing and possession, not creation. If he had been a content creator then prosecution would not have been stopped.
Lets put this a different way. Would you grant pardon to a person who viewed child porn if it meant you could catch someone who made it? It's the same as offering deals to a street drug dealer to catch their supplier.
Re:Now we know where the moral compass is pointing (Score:5, Interesting)
Even better would be to stop the victimization happening in the first place. The only way to do that, which was suggested in the UK recently and shot down by the majority of reactionary commentators, is to decriminalize viewing such images. Instead focus on helping people who feel attracted to children to get help, discreetly and without threat of prosecution or persecution, to prevent the future crimes they might otherwise commit.
In the current atmosphere, if someone did feel that way, what are the chances they would go to their doctor and ask for help with a mental illness? No, more likely they will turn to the internet, where there are sites normalizing and justifying their feelings and where the community of fellow paedophiles will accept them.
The way to protect children is not to catch the offender after they already hurt them, it's to stop them breaking the law in the first place.
Re: (Score:3)
I agree whole heartedly with this. But I think we are a long long way away from that kind of rational discourse.
I have 2 young kids and so am involved in lots of conversations around safety, paedophiles and murderers from other parents and their compass for risk assessment is so far off it's scary. They genuinely believe that every public toilet has a child molester waiting inside for the chance to grab their kid. The fact that where I live there are almost no cases of strangers attacking children (it's
Re: (Score:2)
Re: (Score:3, Interesting)
There's also a possibility that they haven't got anything as much to disclose as they'd like us to believe. Maybe some of the evidence supposedly gathered through the exploit, was instead obtained through another, possibly illegal, method or fabricated.
Re: (Score:2)
Of course it does, even if consider child porn the worst crime imaginable (I would consider going around killing children worse), disclosing this would mean the vulnerability would be fixed and they would no longer be able to use it to find more offenders. You could still identify them this way and then gather other evidence.8
Re:Now we know where the moral compass is pointing (Score:4, Insightful)
If you look at it rationally, you will see it's the best approach for getting the highest quantity of jailings versus the highest quality of cases. That seems like the most likely justification. This doesn't address whether they are doing more or less harm than good by withholding the information but I think their view should be obvious.
Re: Now we know where the moral compass is pointin (Score:2)
Re: (Score:2)
Re:Now we know where the moral compass is pointing (Score:4, Insightful)
Or rather locking people up trumps protecting children. That is also why they kept running the site for 13 days. By the very definition of the DoJ, they committed child abuse for 13 days. Seems to me the FBI is part of the problem now.
Re:Now we know where the moral compass is pointing (Score:5, Insightful)
Considering that the argument for why distributing and owning (as opposed to producing) child porn is that the images actively harm children, I do not think there is any way to justify the FBI's behavior. I think its been generally established that law enforcement cannot commit felonies in order to gather evidence. Otherwise we could have police informants carrying out gang hits in order to capture higher level crime bosses. This is not the start of a slippery slope, it is well down the slope.
They can't have it both ways. If the images don't do actual harm to children, the people who posses the images are only guilty of a minor crime. If the images do harm children, then the FBI should destroy them as soon as they are discovered to prevent continuing harm .
On the central topic there need to be clear rules about what capabilities we want law enforcement to have. It is probably technologically possible for law enforcement to scan all of the records of the great majority of citizens to look for criminal activity. Is that what we want?
Personally I would vote to reduce surveillance and accept a higher rate of criminal activity.
Re:Now we know where the moral compass is pointing (Score:5, Interesting)
Exactly. Freedom always includes the freedom to do wrong and a realistic chance to get away with it (depending on the magnitude of the crime). I believe freedom is of critical importance and the only purpose of law-enforcement is to keep crime at a level that society continues to function reasonably well. They are clearly not doing that, or the banksters would all be in prison now for a long, long time. Nobody on recent memory did this much damage to society and individuals.
Re:Now we know where the moral compass is pointing (Score:4, Interesting)
Maybe, maybe not. Having charges dropped doesn't mean they can't file charges again later as long as it wasn't dismissed with prejudice.
I think either they are currently using this exploit for other active investigations or they used an illegal exploit and don't want to implicate themselves.
More likely they're still using the exploit and don't want to tip their hand. They could be monitoring another ring, terrorists, etc. If they give up the code, Tor would release a patch, and they'd be done. Stating that they can't offer up the code "at this time" is their key phrasing... as if there's something important riding on this code remaining a useful tool. Or, I could be wrong and they just want to keep using the tool when and where they can and manufacture alternate evidence to point the finger to the bad guys without disclosing the true source of intel.
Re: (Score:2)
Re: (Score:2)
Wrong focus. (Score:5, Interesting)
The question is if the FBI is actively seeking the child abusing producers of child pornography or if they are really only interested in catching the people who download it. It's all very distasteful but I'm more interested ending the abuse than throwing every twisted individual in jail for a period of time. I understand that it's a global problem which is why governments should work together to stop the madness.
Re: (Score:2)
Re:Wrong focus. (Score:4, Interesting)
Actually, it seems that they are wrong. First, most child abuse obviously does not end up on film. That part they are completely ignoring. Second, even if they are not saying it loudly, there are statements by law-enforcement in different countries that there is no "industry" behind child abuse, it is mostly amateur stuff and it is mostly traded without money involved. Incidentally, follow-the-money is something law-enforcement is very, very good at, so if this really was mostly commercial, they would long since have stopped the whole thing with ease.
Re:Wrong focus. (Score:4, Insightful)
That argument cannot hold water. The "big" law-enforcement actions against downloaders in Europe in the last few years have yielded no or nearly no children to be freed of their abusers.
Re: (Score:3)
In general, people who look at child pornography are people who have a sexual interest in children. And if you're trying to find people who are sexually abusing children then finding people with a sexual interest in children is a great way to start.
By the same argument, anyone who looks at porn involving adults is a potential rapist. It's pretty obvious that anyone who sexually abuses children is going to enjoy child pornography (though it's not clear that they're going to successfully find any). It's far less obvious that child pornography is some kind of gateway to child abuse, especially given that the vast majority of cases of child abuse are by the child's own parents.
But I doubt they'd be very interested in the downloaders if they didn't have a huge overlap with abusers.
Why? Both groups are about as unpopular in the media, one is a lot harder to
Re: (Score:2)
In general, people who look at child pornography are people who have a sexual interest in children. And if you're trying to find people who are sexually abusing children then finding people with a sexual interest in children is a great way to start.
By the same argument, anyone who looks at porn involving adults is a potential rapist.
Nope, because two adults can have a consensual sexual relationship.
Re:Wrong focus. (Score:5, Interesting)
Well, judging from their tactics in "fighting terrorism", they would produce child pornography themselves, if they legally could. They have been producing "terrorists" for a while now. Hence my take would be they have zero interest in in actually doing anything real about the problem because that could dry up the ready supply of downloaders that they can catch and prosecute easily. And with that supply drying up, their funding and power would get reduced. If that is not a perfectly fine motive explaining what they are doing, then I do not know what is.
Re: (Score:2)
But the point is the were no danger because they had zero chance of pulling it off alone. If you start to lock up anybody that would do a crime but cannot and claim them to be a real danger, then you are massively inflating the perception of the problem. And that is the issue here.
Your argument fails, BTW, because if they had been in contact with real terrorists, then real terrorists would have been in the picture and there would hence have been a real danger. There was not.
Ran it for 13 days (Score:3, Insightful)
First I heard it was a month.
But anyways, they got zero producers.
Distributed over a million images, which means they revictimized children over a million times. This is their own logic on sharing these images btw.
None of this is effective. None of this is okay. Get the producers FFS or keep the op going until you do.
This doesn't feel right at all.
Re: (Score:3)
Indeed. But if they go after the producers (which I have no doubt they could do), they would stop the ready supply of easily identified consumers. And that would cut into their convictions, and hence into their funding and power. It is rather obvious why they do not do that.
Re: (Score:2)
Unfortunately, yes.
Doesn't this make it trivial (Score:3)
What authority is FBI using to NOT disclose? (Score:2, Insightful)
Simply dropping the charges is not enough. The only exception for not divulging method to the courts is National Security. The accused, even if charges dropped, should be able to pursue disclosure of methods. The government should not be able to pick and choose after filing charges unless a valid national security claim.
Re:What authority is FBI using to NOT disclose? (Score:5, Insightful)
Child abuse, horrible as it is, does not qualify as "National Security". Also, because they did disclose the name of the accused, they should be sued into the ground after dropping the charges. While it is not pretty, civil liberties need to be defended, even if it means defending scumbags. Otherwise they can just destroy anybody in the future by first publicly accusing them and then dropping the charges, possibly without ever providing any evidence or only fake evidence they then withdraw when asked to prove that it is genuine and how they obtained it. Not good at all.
To avoid public scrutiny (Score:5, Informative)
https://arstechnica.com/tech-policy/2015/04/fbi-would-rather-prosecutors-drop-cases-than-disclose-stingray-details/ April 7, 2015
The FBI actually has a policy to drop cases instead of revealing their detection (spying) methods, to avoid public scrutiny of what they're doing.
The new document, which was released Tuesday by the New York Civil Liberties Union (NYCLU) in response to its March 2015 victory in a lawsuit filed against the Erie County Sheriff’s Office (ECSO) in Northwestern New York, includes this paragraph: "In order to ensure that such wireless collection equipment/technology continues to be available for use by the law enforcement community, the equipment/technology and any information related to its functions, operation and use shall be protected from potential compromise by precluding disclosure of this information to the public in any manner including but not limited to: press releases, in court documents, during judicial hearings, or during other public forums or proceedings."
That has to do with their 'Stingray' technology, but I'm sure it applies to any kind of digital surveillance.
Besides, if they didn't drop the case the court would have probably ruled against them, like what happened in a case that slashdot mentioned last year: https://yro.slashdot.org/story/16/07/13/0411255/us-judge-throws-out-cell-phone-stingray-evidence-for-the-first-time
Think of the children... (Score:5, Insightful)
It's funny how often child porn is used as a justification for more spying.
But when actually dealing with child porn goes against more spying, well, fuck children, literally.
Odd (Score:5, Interesting)
Should the FBI have the ability to not prosecute in a child porn case ? In California there are several types of cases that failure to pursue result in criminal liabilities for the prosecutor's, among them spousal abuse, child abuse, child porn. It is one thing to lack the evidence or documentation to pursue, or to continue to investigate but to dismiss with jeopardy attached should be a crime in itself.
Screw Child Porn (Score:2, Insightful)
Re:Deploy malware? (Score:5, Interesting)
I would not be surprised if the FBI has learned of an exploit for one of these or in the Tor implementation itself, and has chosen to not disclose it because they can continue to use it for parallel-construction cases, or because their knowledge of it came from another agency that still wants to use it for international crimes.
Re:Deploy malware? (Score:5, Interesting)
Tor disables javascript, java, and flash by default... so the exploit must have been in the mozilla firefox code base or the onion routing protocol -- unless they run and/or spy on all the Tor nodes to figure out where things are really being routed.
I've read stories where the feds attempted to shake down libraries to get them to close their Tor nodes, yet the feds run their own. If you control all the nodes, it's easy to figure out the real routing through the onion network.
Re:Deploy malware? (Score:4, Informative)
Tor does NOT disable Javascript by default. It ought to, but it doesn't. The last official statement was they felt nobody would use Tor if it shipped with Javascript disabled, because so much of the web depends on it.
Re:Deploy malware? (Score:5, Insightful)
Good catch! You're right. It instead has NoScript installed, but not even configured properly.
I'm frankly surprised anyone there would even argue to leave it on. Better to have a web site break than have a malicious site track you when the purpose of using it is to NOT be tracked.
Re: (Score:2, Informative)
> Tor disables javascript, by default...
It absolutely does not. It has noscript by default, but you have to make that change. With javascript disabled by default, many websites simply fail to function.
Tor project seems to assume that javascript is simply vulnerable permanently, which is generally what all sane computer users should assume at this point. Their solution seems to be to put some kinda sandbox around it, which should at least give them a bit of a race to run versus attackers.
Your other ass
Re: (Score:3)
Re: Deploy malware? (Score:3)
In the 30+ years that I've been using computers, I've had 4 viruses. Two of them came through Adobe exploits. (Both were served by web ads on mainstream sites, which downloaded and auto-opened PDF files which in turn deployed and opened executables.)
Re: (Score:2)
A modern browser will respond to a to more than http and https. A well crafted request to different media or peering support in a browser might result in the correct IP been sent due to default settings.
Also given what a modern OS had at the time to make the internet work.
The next issue would be a browser in a VM using onion routing?
Finally a full onion routing OS as a computer.
The ability to send commands to a browser expecting it to be working in a normal OS might be a
Re: (Score:2)
Run the browser in a separate VLAN and only allow that VM to communicate with a VM that runs the node. There would be no way for the browser VM to find out the real IP. The node can also be made to use a VPN service or something to complicate matters more.
Re: (Score:2)
The earliest browsers also responded to more than HTTP and HTTPS. Ever heard of gopher?
Now git off er my lorn!
Re: (Score:2)
Except they just gave the other 135 people a free pass with this. All they have to do is demand the source code as well.
Re: (Score:2)
Re: (Score:2)
I suspect that they are hiding some fatal flaw in the evidence collection method, which will invalidate the evidence (or at least violate the warrant) if the full method is revealed.
Other sites have mentioned that the malware may have been loaded too early, before the target had actually broken the law (which takes it beyond the scope of the warrant)
Re: (Score:2)
Re: (Score:2)
It was loaded as part of the login screen, before the person had actually gotten into the site (and onion addresses are intentionally nonsense, so there is no way to know what site you are actually going to end up at when you click a link).
They are charging people on the basis that the presence of the FBI spyware alone is proof of guilt, whether or not they find any child porn on the persons computer, and more importantly, whether or not they had actually accessed anything illegal.
It's like setting up a cam
Re: (Score:2)
That's how they did it. They didn't exploit TOR directly, all they did was planting a 'tracking beacon' on the target computer, then wait for the target to reconnect outside of TOR
Re: (Score:3)
From what I read, the FBI's real problem is that the malware was sent to every visitor to the main login screen, BEFORE they had a chance to log in, and BEFORE any child porn had actually been viewed.
Re: (Score:2)