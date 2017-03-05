FBI Dismisses Child Porn Case Rather Than Reveal Their Tor Browser Exploit (arstechnica.com) 28
An anonymous reader writes: Federal prosecutors just dropped charges against a child pornography suspect rather than reveal the source code for their Tor exploit. Of the 200 cases they're prosecuting nationwide, this is only the second one where the FBI has asked that the case be dismissed. "Disclosure is not currently an option," federal prosecutors wrote in a court ruling Friday. The Department of Justice is still prosecuting 135 different people believed to have accessed an illegal child pornography web site. Before shutting it down, the FBI seized the site and operated it themselves for 13 more days, which allowed them to deploy malware to expose the users' real IP addresses.
You think the FBI doesn't have access to browser exploits that haven't been patched? That is what we pay our FBI/NSA folks for.
I would not be surprised if the FBI has learned of an exploit for one of these or in the Tor implementation itself, and has chosen to not disclose it because they can continue to use it for parallel-construction cases, or because their knowledge of it came from another agency that still wants to use it for international crimes.
Tor disables javascript, java, and flash by default... so the exploit must have been in the mozilla firefox code base or the onion routing protocol -- unless they run and/or spy on all the Tor nodes to figure out where things are really being routed.
I've read stories where the feds attempted to shake down libraries to get them to close their Tor nodes, yet the feds run their own. If you control all the nodes, it's easy to figure out the real routing through the onion network.
Tor does NOT disable Javascript by default. It ought to, but it doesn't. The last official statement was they felt nobody would use Tor if it shipped with Javascript disabled, because so much of the web depends on it.
A modern browser will respond to a to more than http and https. A well crafted request to different media or peering support in a browser might result in the correct IP been sent due to default settings.
Also given what a modern OS had at the time to make the internet work.
The next issue would be a browser in a VM using onion routing?
Finally a full onion routing OS as a computer.
The ability to send commands to a browser expecting it to be working in a normal OS might be a
Sounds like there is a very simple formula for defense now and forever for any of their tor tapping. Smart, very smart.
Or catching 10 trumps catching 1.
Or letting one more child be raped and murder equals what the fuck exactly? Those child porn rings require content and every time a content producer is exposed, an arrest and rescue should immediately occur, 'IMMEDIATELY', fuck future prosecutions.
Of course it does, even if consider child porn the worst crime imaginable (I would consider going around killing children worse), disclosing this would mean the vulnerability would be fixed and they would no longer be able to use it to find more offenders. You could still identify them this way and then gather other evidence.8
If you look at it rationally, you will see it's the best approach for getting the highest quantity of jailings versus the highest quality of cases. That seems like the most likely justification. This doesn't address whether they are doing more or less harm than good by withholding the information but I think their view should be obvious.
The question is if the FBI is actively seeking the child abusing producers of child pornography or if they are really only interested in catching the people who download it. It's all very distasteful but I'm more interested ending the abuse than throwing every twisted individual in jail for a period of time. I understand that it's a global problem which is why governments should work together to stop the madness.