SoylentNews is people
SoylentNews
The FBI is not eager to reveal (more) details about methods it used to identify Tor users as part of a child pornography case. FBI's Operation Torpedo previously unmasked Tor users by serving them malicious scripts from secretly seized .onion sites.
The FBI is resisting calls to reveal how it identified people who used a child pornography site on the Tor anonymising network. The agency was ordered to share details by a Judge presiding over a case involving one alleged user of the site. Defence lawyers said they need the information to see if the FBI exceeded its authority when indentifying users. But the Department of Justice (DoJ), acting for the FBI, said the details were irrelevant to the case. "Knowing how someone unlocked the front door provides no information about what that person did after entering the house," wrote FBI agent Daniel Alfin in court papers filed by the DoJ which were excerpted on the Vice news site.
The Judge ordered the FBI to hand over details during a court hearing in late February. The court case revolves around a "sting" the FBI carried out in early 2015 when it seized a Tor-based site called Playpen that traded in images and videos of child sexual abuse. The agency kept the site going for 13 days and used it to grab information about visitors who took part in discussion threads about images of child abuse.
(Score: 2, Disagree) by jmorris on Thursday March 31 2016, @06:44PM
If the FBI is forced to reveal their sources and methods after every major bust there is no way they are going to be able to maintain an effective law enforcement operation. Does anyone doubt that anything revealed will be on Wikileaks within 24 hours? There is no Constitutional duty for law enforcement to operate with both hands behind their backs, wearing a blindfold and saying "I'm a cop" every thirty seconds.
The defense must have access to the evidence itself but as a general rule they have no need to know the method by which it was obtained unless the authenticity is disputed.
(Score: 5, Insightful) by Anonymous Coward on Thursday March 31 2016, @06:56PM
as a general rule they have no need to know the method by which it was obtained
And what if that evidence is illegally obtained? Warrantless mass surveillance is unconstitutional, regardless of what some kangaroo court says about it. "Parallel construction" sophistry is also an affront to our justice system.
If you're being charged with some crime, you ought to want to know how the evidence was obtained. If it was obtained illegally you can get it thrown out. Our justice system does have an obligation to operate in this way.
(Score: 4, Interesting) by bitstream on Thursday March 31 2016, @07:09PM
If court isn't willing to prove the evidence was collected legally can one dismiss the case on legal grounds then? or even using the constitution?
That is unless the whole system is just because-we-can-style a la Soviet 1960-style.
Just because they refuse to provide the means of evidence gathering one might actually accuse them of collaborating with that less than four letter agency to triangulate by the means of routing traces. This of course is against any policy of those systems only to be used for serious matters for which this case isn't.
(Score: 0) by Anonymous Coward on Thursday March 31 2016, @07:55PM
That is unless the whole system is just because-we-can-style a la Soviet 1960-style.
I, for one, would like to welcome you into proper adulthood. You now see the world closer to the way it is. Your membership card is on its way!
(Score: 2) by bitstream on Thursday March 31 2016, @08:17PM
Countries based on western values are supposed to follow the law and not allow for loose wild west cops.
It's quite well known what that 1960's soviet country ended up.
Even worse there's a reason why western countries got ahead of the rest for a few hundred years starting with Magna Carta in 1215 and acceleration since 1845, something about a specific set of structural killer-apps..
(Score: 0) by Anonymous Coward on Thursday March 31 2016, @08:23PM
"are supposed to" being the keyword. We've diverted from that path a while ago now...
(Score: 2) by bitstream on Thursday March 31 2016, @08:45PM
Thus America is perhaps Russia light?
(Score: 0) by Anonymous Coward on Thursday March 31 2016, @09:08PM
Russia hi-tech.
(Score: 2) by butthurt on Thursday March 31 2016, @10:30PM
Gorbachev called [slate.com] the Chernobyl disaster “perhaps the real cause of the collapse of the Soviet Union.” Although the meltdown at Santa Susana was uncontained [wikipedia.org], American reactors often have containment buildings. Long live America.
(Score: 2) by MostCynical on Thursday March 31 2016, @09:59PM
Russia with more tv advertising and better "circuses" (viz. Fox 'news' and all the others)
"I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
(Score: 2) by JoeMerchant on Thursday March 31 2016, @08:10PM
If the means of identifying the Tor users was (hypothetically) breaking in to every single Windows user's PC and planting a trojan, would that constitute illegal search?
🌻🌻🌻 [google.com]
(Score: 3, Touché) by bitstream on Thursday March 31 2016, @08:38PM
It means breaking into every network exchange.. oh wait that sounds familiar! ;-)
(Score: 1, Interesting) by Anonymous Coward on Thursday March 31 2016, @09:11PM
Why would they do that when they can simply wait for Windows 10 to send them the info in your computer's regularly scheduled "telemetry transmission"?
(Score: 3, Insightful) by HiThere on Thursday March 31 2016, @07:28PM
No, it doesn't have to operate that way, it was officially decided to operate that way because the alternative that was seen as equally just was to convict the officer of criminal activity on the ground of officially admitted testimony.
Personally, I'm more in favor of the second option, but that's not what the courts decided.
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
(Score: 3, Interesting) by Anal Pumpernickel on Friday April 01 2016, @12:59AM
Personally, I'm more in favor of the second option, but that's not what the courts decided.
The second option would allow martyrs to illegally collect evidence to convict someone even if we properly held cops accountable, which we probably wouldn't. I care more about stopping abuses of government power than stopping bad guys.
(Score: 4, Insightful) by frojack on Thursday March 31 2016, @10:44PM
To that, you have to add that running a kiddy porn site is illegal.
And so is entrapment, in most cases.
But for the FBI to do both together, seems doubly bad.
Just about every terrorist the FBI catches these days are clueless idiots induced into taking delivery of inert weapons or explosives.
These wanna-bes probably would never progress to that level of stupid without the FBI egging them on.
No, you are mistaken. I've always had this sig.
(Score: 0) by Anonymous Coward on Thursday March 31 2016, @07:53PM
It wasn't exactly buried info here...
I think this falls under "...unless the authenticity is disputed" thus invalidating the little rant before. Basically you are spinning the truth to match a narrative... did you realize that?
(Score: 1, Troll) by jmorris on Thursday March 31 2016, @08:01PM
Not at all. They do not appear to be disputing the guilt of the suspects or the reality of the evidence collected, only the methods used. And they aren't asserting the methods were improper since they don't know what they are. They are demanding to know the methods so as to warn others and permit the Tor Project to update their software. It is the classic ACLU "Muh Constitution!" defense of the indefensible.
(Score: 2) by tibman on Thursday March 31 2016, @08:35PM
Summary:
You:
The FBI using illegally obtained evidence is a problem because it changes their powers from an "ask permission" model to a "do whatever they want" model. It's possible they are already doing that and using parallel construction as their cover (it looks legal). Having any law enforcement group be able to magic evidence into existence is extremely dangerous. How do you know the evidence is even real? https://www.washingtonpost.com/local/crime/fbi-overstated-forensic-hair-matches-in-nearly-all-criminal-trials-for-decades/2015/04/18/39c8d8c6-e515-11e4-b510-962fcfabc310_story.html [washingtonpost.com]
SN won't survive on lurkers alone. Write comments.
(Score: 2, Insightful) by Anonymous Coward on Thursday March 31 2016, @08:41PM
Nah, just typical JMorris sticking to his guns come hell or high water. Simple facts are simply denied with cute phrases bordering on insanity with the crazy internal logic they apply.
(Score: 1) by fustakrakich on Friday April 01 2016, @03:22AM
Private communications are indefensible?
La politica e i criminali sono la stessa cosa..
(Score: 0) by Anonymous Coward on Friday April 01 2016, @04:54PM
Its not indefensible. All laws in the US flow from the Constitution, for it is the document by which they gain their authority. If the constitution is ignored, then all the laws based on it are equally meaningless.
(Score: 3, Interesting) by sjames on Thursday March 31 2016, @09:55PM
And if they don't reveal their methodology, how are we to know it's even valid? What if some fundamental assumption of the form A=B so guilty is incorrect?
(Score: 2, Interesting) by anubi on Friday April 01 2016, @02:58AM
I have often wondered if some authority can "crack" an encrypted disk with their own custom "one-time-pad" so that the communication, when "decoded", will say anything they want it to say.
( You know about the one-time-pad... you XOR your cleartext against a long file of random characters of the one-time-pad.... unless it is decoded by XOR against the identical file of random characters, it won't XOR out correctly... but in this case they simply encrypt any incriminating text they want to, using the nailee's encrypted file as the one-time-pad file. When they run it again in the courtroom, the output is, naturally, the incriminating text - that had nothing in common with the nailee's file but file length. )
Probably make for good courtroom theater, especially if presented by the suit-and-tie types who are really good at projecting credibility when none exists.
By only revealing the cleartext they arrived at, without revealing how they arrived at it, they have carte blanche to pull off anything against anyone.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 2) by sjames on Friday April 01 2016, @01:10PM
Doing so would be easy. At one time I might have discounted the possibility of it, but sadly these days I wouldn't put it past them.
(Score: 2) by tangomargarine on Thursday March 31 2016, @10:17PM
Sometimes when it's really difficult to do something, it's a sign that you shouldn't be doing the thing in the first place.
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 0) by Anonymous Coward on Friday April 01 2016, @09:15AM
You mean like participating in the Civil Rights Movement or defending yourself against a powerful invading force?
Your logic is.. lacking somewhat.
(Score: 2) by tangomargarine on Monday April 04 2016, @02:17PM
Sometimes
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 1) by anubi on Saturday April 02 2016, @03:52AM
Ever tried to fish through publication 19 and try to figure out how to pay tax?
Unless one is paid a lot, it often costs you what you earned to pay your expenses, taxes, and the fees invoked to prepare them. For me, tax preparers charge more fee than the tax I owe... so I do my best with downloadable forms and pen. If I know that accepting some job is going to trip off a bunch more tax forms, I won't do it... not unless he pays me enough to cover the costs of additional tax help... he then hires a H1-B.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 4, Insightful) by BK on Thursday March 31 2016, @11:30PM
I for one expected better of you jmorris.
The constitution authorizes congress to make appropriate and necessary laws(article 2, section 8), but as amended, there are limits to how laws can be enforced. The 4th amendment limits searches and the 5th amendment requires due process which includes the right to confront all witnesses and to have evidence explained by primary sources.
For some laws. There are two ways to look at this.
It may be that the constitution allows congress to make valid laws that cannot be universally enforced. Or it may be that those laws are invalid on their face because effective enforcement would violate everyone's rights.
In this case, the defendant has asked for information about how and why he was searched. If the search was illegal, the defendant is entitled to relief. It is a reasonable question... More to the point, if we can't answer the question, how can we prove that the evidence supporting the search, or possibly even arrest, was not fabricated?
If the law can't be enforced if a truthful answer is given, that tells us something about the law or its enforcers.
"trust us, we're the government"
You should know better.
...but you HAVE heard of me.
(Score: 2) by jmorris on Thursday March 31 2016, @11:43PM
The government seized an illegal child porn website and by means undisclosed harvested the userbase. One assumes they went before a judge to get the warrants used to seize the users PCs and gain the evidence which will now be used to send them off to be sodomized in Federal prison for the rest of their probably short lives. The details of the exploit used should only be disclosed to the judge or to Congressional oversight because, as I said in the first post and is a point very conspicuously ignored by all the outraged replies, the only actual purpose in demanding to see the exploit is to close the hole in Tor and prevent the government from using it again. Sources and methods are the crown jewels in both intelligence work and law enforcement.
(Score: 4, Insightful) by BK on Friday April 01 2016, @12:06AM
Except that, in the United States, law enforcement is obliged to follow a set of rules that make it fundamentally different in its responsibilities than a national intelligence agency.
The defendant in this case is pretty unsympathetic. The problem is that these cases are used to build precedent, and not just for thought criminals. The government always pushes the limits in these cases.
I suppose that since I've done nothing wrong, I should be quiet since I have nothing to fear…
...but you HAVE heard of me.
(Score: 0) by Anonymous Coward on Friday April 01 2016, @12:28PM
Evidence can be provided to lawyers with the obligation of non-disclosure. Courts can hold closed sessions and seal evidence. The defence lawyers could be given everything they demand, and the Tor project itself needn't get a whiff.
The only reason for a party to withhold evidence is if that evidence would be harmful to their case.
(Score: 4, Insightful) by stormwyrm on Thursday March 31 2016, @11:52PM
Let's take the child pornography angle out of this first, because that's such a hot button that turns off people's brains. Let's make the crime different. Say you're accused of murder and are on trial. Evidence is presented that shows you might have committed the crime but the FBI refuses to tell you the methods by which it was obtained. Some secret method that analysed evidence found at the crime scene, that points to you as the murderer is all they tell you. If it were me, though, I'd sure as hell want to know what methods they used to obtain it!
The FBI has to reveal its methods in court if there is to be some semblance of justice. Otherwise you might as well call it the Star Chamber.
Numquam ponenda est pluralitas sine necessitate.
(Score: 0) by Anonymous Coward on Friday April 01 2016, @07:11AM
The problem is, it is supposed to be impossible to get the link between the tor address and the computer using it.
This is not a case of "tell me how you got into my house", but "how did you prove that it was even my house you found the stuff in?"
All we know is that somebody on Tor has child porn (nobody is surprised)and then - magic happens - he did it.
(Score: 2) by bitstream on Thursday March 31 2016, @07:11PM
So how did they do it?
* Javascript seems to been blocked.
* Drive by download?
* Buffer overflow (fonts, images, anything that loads etc)
Sandbox folks!.
(Score: 0) by Anonymous Coward on Thursday March 31 2016, @07:36PM
diffing the captures from traffic through/from tor exit nodes and traffic of all the fiber taps and using tcp sequence numbers, timestamps and what ever thats somewhat sequential, then co-relating those to a certain % of confidence?
(Score: 2) by bitstream on Thursday March 31 2016, @07:54PM
Between each node sequence numbers will be unique and only relevant between two nodes. Not the whole way. Timestamps probably have the same properties, thus not particular useful. But the time that you register a traffic pattern, and in particular the size of the flow could be correlated. But this requires intercepts at multiple points. And that almost only one actor that has that..
(Score: 0) by Anonymous Coward on Friday April 01 2016, @02:56AM
(Score: 0) by Anonymous Coward on Thursday March 31 2016, @09:14PM
Pervs who are into kids are not thinking about "system security". They're thinking about kids ...
(Score: 4, Funny) by Anonymous Coward on Thursday March 31 2016, @09:48PM
But I thought we were supposed to be thinking of the children!
(Score: -1, Troll) by Anonymous Coward on Thursday March 31 2016, @09:25PM
They can have my identification method for free.
The Tor user is the fat, unshaven wheezy guy at the back with tux stickers all over his ancient laptop.
(Score: -1, Offtopic) by Anonymous Coward on Thursday March 31 2016, @10:39PM
Right, because Macintosh computers and shaving the beard are Haram.
(Score: 0) by Anonymous Coward on Friday April 01 2016, @06:21AM
it's likely some sort of packet beacon, not at the html / java script level, but something at a lower level that causes a direct circuit to be established.
(Score: 2) by bitstream on Friday April 01 2016, @09:23AM
So a sandbox would eliminate such possibility?
Could one nail this breach down to two possibilities? 1) Code that grabs the identity and report back 2) Phone home.
Or are there others that are likely?
(Score: 4, Insightful) by digitalaudiorock on Thursday March 31 2016, @07:13PM
This reminds me a bit of this whole "We don't need Apple, we got into the phone anyway" stuff. In that case, assuming they're even telling the truth, they're admitting that they are aware of an exploit...and that rather than doing what everyone else is expected to do, and bring it to the public's attention to protect everyone...they're choosing instead to save it in their own personal arsenal. So I guess that's the approach exclusive to either truly evil black hat hackers, and our own government...interesting.
This sounds very similar...that possibly they're guarding some Tor exploit. Again...must be nice not to have to follow the rules like the rest of us.
(Score: 0) by Anonymous Coward on Thursday March 31 2016, @10:55PM
It's not unique to the U.S. government. Other governments do it too.
I suspect that most of the exploits they're sitting on only affect computers connected to a network, or computers with removable storage—not that standalone computers are totally safe.
(Score: 5, Insightful) by Dunbal on Thursday March 31 2016, @07:24PM
Only the FBI has the right to distribute and traffic child porn, it seems. When the cops pretend to sell drugs to you, they don't actually sell you drugs. When the cops pretend to be a hooker, you don't actually get to sleep with the officer first. But somehow with child porn it's a-ok - look at all the porn we put on the internet and we'll pick you up later.
(Score: 2) by takyon on Thursday March 31 2016, @08:14PM
And cops end up using and selling a lot of drugs. Draw your own conclusions.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 1, Touché) by Anonymous Coward on Thursday March 31 2016, @11:27PM
I'm going to off-topic nitpick for no reason here but just say suck/fuck/screw/bang/etc. Sleep is a silly euphemism made up for the sole purpose of bypassing the puritan filters imposed on and by the media. We are all adults here (well, most of us) and we can handle the reality of what happens when you solicit a prostitute. You sure aren't looking for someone to spoon with at night.
(Score: 0) by Anonymous Coward on Friday April 01 2016, @02:13AM
But, after I'm sucked/fucked/screwed/banged/etc. I always fall asleep. This is due to a chemical release in my brain, which is normal male physiology -- otherwise we'd probably fuck/screw/bang/etc. our partners raw.
The association with sleep is more than arbitrary.
(Score: 0) by Anonymous Coward on Friday April 01 2016, @05:10PM
Not true at all. Buying a prostitute is a method of obtaining companionship for a night, not necessarily just sex.
(Score: 2) by c0lo on Friday April 01 2016, @06:22AM
The old meme said it funnier:
Seems to be still valid.
https://www.youtube.com/@ProfSteveKeen https://soylentnews.org/~MichaelDavidCrawford
(Score: 1) by esperto123 on Thursday March 31 2016, @09:05PM
ahhhhhh I see what you did there FBI, you have a joker in the naming department
(Score: 0) by Anonymous Coward on Friday April 01 2016, @12:24AM
"Knowing how someone unlocked the front door provides no information about what that person did after entering the house"
So the FBI had a key (or other unlocking device) to access the Tor browsers? Who gave them that device? Were they permitted to have access to that device?
... but that's essentially just repeating the view of the defence lawyers. What could this access lead to?
Knowing how someone unlocked the front door may provide information about what a person could do after entering the house.
Suppose the FBI have a key to an exclusive place, and none of the users of that place were aware of this access. This would mean the FBI can enter and leave at their leisure without anyone else knowing about it, and potentially without it being logged. This may give them the ability to plant things with impunity -- the only way things can get into that place is by being put there by the users, so if it's there then it must have come from one of the users.
If that access is not logged, then there's no guarantee that the FBI only made one access, and no guarantee that they did nothing other than observing things. It is established that malicious scripts were used, so why not plant files as well?
(Score: 0) by Anonymous Coward on Friday April 01 2016, @02:16AM
From the wiki [wikipedia.org]
The core principle of Tor, "onion routing", was developed in the mid-1990s by United States Naval Research Laboratory employees, mathematician Paul Syverson and computer scientists Michael G. Reed and David Goldschlag, with the purpose of protecting U.S. intelligence communications online. Onion routing was further developed by DARPA in 1997.[17][18][19]
The alpha version of Tor, developed by Syverson and computer scientists Roger Dingledine and Nick Mathewson[20] and then called The Onion Routing project, or TOR project, launched on 20 September 2002.[1][21] On 13 August 2004, Syverson, Dingledine and Mathewson presented "Tor: The Second-Generation Onion Router" at the 13th USENIX Security Symposium.[22] In 2004, the Naval Research Laboratory released the code for Tor under a free licence, and the Electronic Frontier Foundation (EFF) began funding Dingledine and Mathewson to continue its development.[20]
In December 2006, Dingledine, Mathewson and five others founded The Tor Project, a Massachusetts-based 501(c)(3) research-education nonprofit organization responsible for maintaining Tor.[23] The EFF acted as The Tor Project's fiscal sponsor in its early years, and early financial supporters of The Tor Project included the U.S. International Broadcasting Bureau, Internews, Human Rights Watch, the University of Cambridge, Google, and Netherlands-based Stichting NLnet.[24][25][26][27][28]
From this period onwards, the majority of funding sources came from the U.S. government.[20]
GEE! I FUCKING WONDER HOW THIS GOVERNMENT PROGRAM IS COMPROMISED BY THE US GOVERNMENT, FUCKING RETARDS!
(Score: 0) by Anonymous Coward on Friday April 01 2016, @06:24AM
yea because the guberment is just one big thing, with no independant sub organizations that have opposing interests...
(Score: 0) by Anonymous Coward on Friday April 01 2016, @08:53AM
Haven't you heard? The government is either 100% bad or 100% good. There are no in-betweens.
(Score: 0) by Anonymous Coward on Friday April 01 2016, @09:01AM
Mandy Rice-Davies applies.
(Score: 0) by Anonymous Coward on Friday April 01 2016, @09:23AM
they got the server so they can tell it to send all kind of stuff to the browser ...