As Ars has reported, federal investigators temporarily seized a Tor-hidden site known as Playpen in 2015 and operated it for 13 days before shutting it down. The agency then used a “network investigative technique” (NIT) as a way to ensnare site users. However, according to newly unsealed documents recently obtained by the American Civil Liberties Union, the FBI not only temporarily took over one Tor-hidden child pornography website in order to investigate it, the organization was in fact authorized to run a total of 23 other such websites.
According to an FBI affidavit among the unsealed documents:
In the normal course of the operation of a web site, a user sends "request data" to the web site in order to access that site. While Websites 1-23 operate at a government facility, such request data associated with a user's actions on Websites 1-23 will be collected. That data collection is not a function of the NIT. Such request data can be paired with data collected by the NIT, however, in order to attempt to identify a particular user and to determine that particular user's actions on Websites 1-23. “That paragraph alone doesn't quite say the FBI is operating them,” Fred Jennings, a cybercrime lawyer, told Ars. “But definitely no other way to read that than websites 1-23 were hosted at a government facility, with the FBI's knowledge and to the FBI's informational benefit. It's clever phrasing on their part.”
Security researcher Sarah Jamie Lewis told Ars that “it’s a pretty reasonable assumption” that at one point the FBI was running roughly half of the known child porn sites hosted on Tor-hidden servers. Lewis runs OnionScan, an ongoing bot-driven analysis of the Tor-hidden darknet. Her research began in April 2016, and it shows that as of August 2016, there were 29 unique child porn related sites on Tor-hidden servers.
“Doing the math, it’s not zero sites, it’s probably not all the sites, but we know that they’re getting authorization for some of them," she said. "I think it’s a reasonable assumption—I don’t think the FBI would be doing their job if they weren’t.”
That NIT, which many security experts have dubbed as malware, used a Tor exploit of some kind to force the browser to return the user’s actual IP address, operating system, MAC address, and other data. As part of the operation that took down Playpen, the FBI was then able to identify and arrest the nearly 200 child porn suspects. (However, nearly 1,000 IP addresses were revealed as a result of the NIT’s deployment, which could suggest that even more charges may be filed.)
In the Playpen case, the NIT’s deployment was signed off by one magistrate judge in Virginia, and it was used to target child porn users both in the United States and abroad. "Websites 1-23" were signed off by a different judge in Maryland. Under one part of the current rules of federal jurisprudence, known as Rule 41, only more senior federal judges, known as district judges, have the authority to issue out-of-district warrants. However, a change in this rule set to take effect on December 1, 2016 will expand this power to magistrate judges, absent Congressional action.
Of the more than 100 Playpen-related child pornography cases that have been prosecuted, federal judges in Iowa, Massachusetts, and Oklahoma have ruled that such a search violated current laws of federal procedure and was in fact so egregious that the evidence collected as a result should be tossed. Other judges have rebuked prosecutors for unlawful searches, but they have not gone so far as to suppress evidence.
Ars asked FBI spokesman Christopher Allen if at one point the FBI was running half of all child porn sites on the Tor-hidden Web, and if so, was this still true. “I would refer you to public documents on the Playpen investigation, in which we seized and operated a darkweb child pornography site for a period of less than two weeks,” he e-mailed. “That was an extraordinary investigation, and to my knowledge may be the only time that has occurred. So to suggest this is a common thing is patently not true.”
Lewis is herself a former computer scientist at the Government Communications Headquarters (GCHQ, the British-equivalent of the NSA). She could imagine reasons for the agency to keep the child porn sites online.
“I have no direct evidence to the contrary, but based on what I know about past investigations, not just CP but drugs market investigations, and the trends we have seen in security, hacking investigations—and the direction of other nations' authorities—I expect that we will see more busts where taking over the site plays a role,” she added.
How was this malware deployed exactly? They got everyone that was running javascript like a retard?
Matthew Garcia
gotta love the fbi sometimes
thanks for all that delicious pepperoni
Sebastian Johnson
Well, if you control the hidden service, targetted traffic confirmation becomes much easier since you are no longer a third party listener.
But yeah, it's probably just javascript again.
Owen Rodriguez
It's always been a JS exploit. if it wasn't JS, it was a browser exploit. The tor network itself has yet to be actually compromised.
Noah Barnes
They pose as prostitutes, run cp tor sites and more than likely sells drugs and arms. You're sure they're still cops at this point? Or is entrapment just a facade to actually just run every illegal traffic imaginable under the sun? wtf america?
Matthew Cooper
Entrapment only occurs if you encourage the person to commit a crime they wouldn't have normally committed without coercion. As long as they don't tell someone to commit a crime then it isn't entrapment.
Christian Price
Awhile back(maybe a month) I heard on the No Agenda show that users were amazed at how well the sites were running and showering the new admins with praise. The news report they played on it even had quotes from their discussion forum about how great the place never ran so well before.
Whenever I see CP spam posted here or on other imageboards I automatically assume it's law enforcement. Jim removing pedos from here was a good thing for the long term health of this site.
Aaron Powell
It's hotdogs, you sick fuck.
t. John Podesta
Carson Evans
Me too. I can't think of any other reason why someone would be so dedicated to spaming that shit. I don't necessarily agree with deleting the pedo boards, but I do thing they were a big reason as to why we were attracting bots.
Jacob Foster
A better option would be to cut the LEO's budgets so they can concentrate on actually solving real crimes instead of constantly having to fish for manufactured ones. Would be a good thing for the long term health of the country.
Colton Stewart
I know a lot of autists browse Holla Forums, but surely even you can understand that pedophilia is as disgusting as furfaggotry.
Jayden Baker
B-b-but Holla Forums said that tor, that thing made by the NAVY and DARPA, is secure!
Kayden Jenkins
Good one retard
Jackson Morris
I don't recall an incident where the actual network itself has been compromise. Up till now, it's either been a browser exploit or a JavaScript exploit. If I'm wrong, please point it out.
Anthony Gutierrez
Not the user you're replying to but doesn't the FBI control an alarming amount of the exit nodes in Tor? Doesn't that compromise the network?
On a semi-unrelated note, has the cloudflare issue in Tor been fixed yet?
Matthew Perez
godspeed FBI
Ryder Thomas
I fucking love tor, degenerates think they're safe using that shit until the government agencies find it useful to arrest them.
Bentley Nelson
This story has gotten out of control. There were from recent FOIAed documents about the 2013 Freedom Hosting bust.
These 23 sites were all on the same host, Freedom Hosting. This happened back in 2013. Over half of all onions were hosted on FH. FH hosted thousands of sites, anyone could sign up for free web hosting with PHP+MYSQL. The problem was that the operator, Eric Eoin Marques, didn't moderate any of the content.
And the FBI didn't run the sites, they replaced them with an 'down for maintenance' page that had a javascript exploit.
But the FBI fucked up and the exploit showed up on every Freedom Hosting site, including Tormail.
John Williams
I remember when this happened, I ran some troll "human experiments" sites on Freedom Hosting. My site was replaced with an exploit and I was one of the many people who reported it to Mozilla.
Here is the 74 page document listing the 23 Freedom Hosting sites they were authorized to deploy malware from.**
**The FBI fucked up and deployed malware from thousands of FH sites (on accident probably)
Justin Sullivan
Isn't this a criminal offense? They intentionally possessed and distributed child pornography.
Kayden Ross
Not according to the justice department
>The FBI was first known to have operated a child porn site in 2012, when agents seized control of three sites from their operator in Nebraska. FBI Special Agent Jeff Tarpinian testified that the government “relocated two servers to an FBI facility here in Omaha and we continued to let those child pornography run – websites operate for a short period of time."
They probably did shut down some sites and replaced it with an 'under maintenance' page. But they also ran sites that distributed child pornography, they've admitted it in court.
Hunter Moore
It's only illegal when you do it, pleb
Grayson Cruz
Go to /pol and look up spirit cooking, John Podesta's emails on wikileaks, and the child porn code words they use. Also, this
James Morris
The fact is, they controlled the website to exploit via JS. If the network itself was fully compromised, they wouldn't need to do that.
Isaiah Gonzalez
It looks like a bruteforce solution. I wouldn't call it network exploitation.
John Powell
Did they catch the Clintons yet?
Isaiah Adams
Those are different cases, not related to the 2013 Freedom Hosting bust. That story is about the 2012 operation called Torpedo and the 2015 playpen case.
In 2015, The FBI ran Playpen for 6 weeks. Compared to the Freedom Hosting bust, they were more careful. they only exploited people who logged in and clicked on a subforum clearly labeled as containing child porn.
Ryan Johnson
Australia actually ran a dark web CP site called TLZ (the love zone) for over 5 months..
And users had to upload material at least one a month to stay on the site..
Think that's just a meme, haven't seen any evidence supporting it. Not really. An exit node operator would see any plaintext but they wouldn't know where it's going. What does compromise the network is if they also simultaneously control the entry point because then they can correlate traffic going into and out of the Tor network. This is nothing new and has been acknowledged as a possible attack for as long as Tor's been around. See blog.torproject.org/blog/improving-tors-anonymity-changing-guard-parameters for a good discussion. Yes, you still get annoying pick 3 pictures captchas but you can solve them with javascript disabled.
Tor is not some magic wand that can fix all security. It never claimed to be. Anything that does is snake oil. Do your homework. For myself, it works great to avoid commercial profiling with no particular effort.
Jace Brown
i would disagree there, i dont think its acceptable for the state to bend the rules under which it operates, especially if it makes them complicit in criminal activity.
Landon Moore
How are they supposed to catch them then?
If they immediately close down the site, or disable images and links, the users will be suspicious, probably find the exploit and wipe their computers.
Jack Martin
actual police work, you know, how police generally catch criminals. i cant imagine you can produce that kind of shit and not give off enough information to catch you.
Brandon Hernandez
Producers are rare. Most of them are distributors and possessors. They need to be caught too.
Matthew Peterson
Shill, or genuinely this retarded?
Mason Wright
do they though? to the extent that youre willing to allow the police to engage in aiding the distribution themselves? call me crazy, but i dont think the consumers and petty redistributors are doing anything like as much harm as the molesters.
Connor Wright
If distributors don't do much harm then what's wrong with the FBI doing it?
Eli Myers
There needs to be some kind of incentive or deterent to prevent people from consuming or distributing this content because: 1. it gives the "industry" enough legitimacy to encourage people to start producing their own 2. it still does harm to the consumers themselves.
Personally I don't agree with giving extremely harsh penalties for merely consuming/distributing CP, but we need to draw a line and say no, it's still bad for all parties involved, not just the children. Personally I think an internet ban would suffice the the consumers/distributors of CP and other illegal porn, and then enroll them in some kind of porn rehab.
Colton Gomez
an internet ban would suffice for* the consumers/distributors of CP
Wyatt Long
What part was unclear? Did you not do your homework?
Juan Thomas
So... What other sites were compromised other than playpen?
Nathan Cook
This is a fantastic idea. Hey, while we're at it how about a gun ban for anyone who shoots a human being. Self-defense not being used as an official excuse of course. Then we lock them up in a "society rehab".
Hey, what about a "automobile rehab" for people who drive SUVs?
Tyler Garcia
Your arguments are trash, the examples you gave don't even correlate to mine. You're talking 1st parties, I'm talking 3rd parties.
I said internet bans would suffice for consumers/distributors, not actual child molesters. Child molesters should, without a doubt, serve prison sentences.
I don't even know what the fuck you mean by "society rehab" and "automobile rehab". If you mean that convicted murderers who've served a prison sentence should be psychologically evaluated before they are released to the public, I would only half agree. Giving the state the power whether or not to release you based on arbitrary "psychological tests" is too much power for my tastes. If you have a violent history even in prison, then yeah, maybe you should serve some fucking society rehab. Stop being a violent fuck and maybe we'll consider you safe for society. As for the automobile rehab, I don't see why you shouldn't retake a driver's test if you're repeatedly crashing into other vehicles or people.
Ryan Kelly
How would a Tor exit node operator not be able to tell where Tor traffic is going?bjtQxH
In 2011-2012 3 sites (Pedobook, Pedoboard, TB3) run by Aaron McGrath was compromised in Operation Torpedo. The FBI found the server by logging into the admin account with a blank password and found the server IP. The guy was running the servers at his work. They used a flash file generated by metasploit to decloak users.
In 2013, Freedom Hosting was compromised. It was ran by Eric Eoin Marques. No one knows how they found the server but it ran for 5 years. Freedom Hosting hosted half of all hidden services. (He hosted thousands of sites, so it probably a lucky correlation attack) All 23 sites in OP were hosted there, the most famous one was en.wikipedia.org/wiki/Lolita_City . The FBI used a javascript exploit that only worked on outdated browsers. ( mozilla.org/en-US/security/advisories/mfsa2013-53/ )
In 2014, Australia's Task Force Argos took over The Love Zone (TLZ) after tracking down the admin (Shannon McCoole) because of his unusual greeting (hiyas). They went undercover as Shannon McCoole for months and caught/hacked many people. They used exploits in video files too.
In 2014-2015, PedoEmpire and Hurt2TheCore admin was arrested (Lux aka Matthew David Graham), he had ties with Peter Scully.
In 2015, Playpen was found because the admin (Steven Chase) fucked up and allowed direct IP connections, someone scanning all IPv4 addresses found the true IP. The admin SSHed into his server with his bare IP 6 times. He also payed for the server with a personal paypal account. The FBI ran the server for 2 weeks and used an unknown browser exploit to decloak over a 1000 users.
Parker Ward
Entrapment requires that a law enforcement agent induces someone to commit a crime that they otherwise wouldn't. Running honeypots doesn't meet that standard.
Imagine him crying holding on to his laptop. Also, how does a federal cybersecurity get caught by a flash exploit..
Adam Evans
i never said it was ok, simply a significantly lesser evil
citation or expansion of argument needed there 1: prove it 2: who are you to dictate what one cant do with their own body if it harms nobody else?
Lucas Brooks
But honeypots are still violating the law.
Dylan Garcia
It depends on the circumstances of how they set it up. For example, if they had put CP in an otherwise unconspicous /hebe/ thread or similar, and then went after anyone who clicked on that thread, that would be entrapment. Ditto if they post link to external site that's not what is advertised. They could also post CP to a site they want to take down, or were ordered to take down by (((someone))). Don't forget how many file-sharing and torrent search engines went down over recent years, even though those didn't break any laws. But those unconvenient details don't matter, and in the end you get this
Austin Richardson
I worked at a large file host. They got hundreds of CP takedown requests a day while I was there. They are still up and running.
Jordan Barnes
People who watch CP want new material. The fact they are looking at it and distributing it creates demand for new material to be made.
People rape children and film it because of the demand for it.
Christian Bailey
That just means you didn't end up on The List. If you did, nothing your company had done would have made any difference. Unless of course, they're run by kikes, in which case they get a free pass.
Liam Nguyen
Any large site with user generated content has to deal with CP on a daily basis. They aren't gonna shut you down because someone uploaded CP.
If you are using a shitty cheap host, the host might pull the plug, but that's a different issue.
Hunter Gonzalez
i dont think thats how it works m8
Colton Morris
Honeypots doesn't violate US law.
and FBI mostly use honeypots to deter people anyway.
Charles Stewart
...
Nathan King
...
Alexander Sanders
natural selection lad
David Nguyen
I'd post a smug image but Tor so.
Brandon Clark
The government can. That's why the government and laws exist, to enforce morality. Most people hate pedophiles for good reason.
Carter Nguyen
...
Colton Lewis
Some obscure websites still sell those.
Tyler Carter
Operation Pin was in 2003. Before Tor existed.
Yes, and police have learned their lesson from the 1999-2001 landslide case. They received a lot of criticism for how they handled it.
Exit nodes don't matter for hidden services. Exit nodes are only used when accessing the clearnet through tor. And if the website your on uses HTTPS then there's nothing they can do anyways.
Hudson Hernandez
They can log the request and potentially correlate it with your use of Tor.
Nicholas Ward
correlation attacks against hidden services is cheaper though.
Relative to exit nodes, HSDir relays cost nothing to run. Hidden Services advertise to 6 new HSdir relays a day. If you run 20 HSdir relays and 3 entry guard relays with high selection probability, you'll be able correlate Hidden Service lookups when a target is using your guard and HSDir in the same circuit. You can't control which hidden services advertise their descriptors to your relay or who uses your guard, but eventually you'll catch somebody.
The attacker won't be able to see what you are doing or how long you browsed the site (the Tor client uses a new circuit to connect to the rendezvous point)
btw, when the revamped hidden services come out, this attack will no longer be possible.
Also, in the real world, the false positive rate on a correlation attack like this would probably be too high. They would need something like the RELAY_EARLY exploit to tag requests.
Parker Young
You're confusing legality with morality.
Ayden Walker
The laws ideally represent the morality of the people. This is why we write laws against gays doing gays things, because it doesn't exist in our ideal world.
John Hall
But when will they come? Isn't it years ago since they announced them?
Justin Nelson
Bullshit
Jackson Davis
And this is a bad thing for what reason?
Dylan King
it wouldn't be bad if the FBI did it right, but in this case, the FBI fucked up and deployed exploits from hundreds, maybe even thousands of legal sites on Freedom Hosting.
If it was actually limited to the 23 sites that were clearly CP, then sure, I don't care.
Daniel Bell
well, if youre going down that route, so can anyone with a gun, or a sword, or a large stone and sufficient brute strength to overpower you john locke would like a word with you theres no good reason to hate people you dont know.
Jayden Gutierrez
Yes, that is correct. I don't care what he has to say. I could list other writers who disagree with Locke. That doesn't mean what any of them say is more or less correct. It only means people believe different things. I don't need to know a murderer to hate them for being a murderer. Same with a jew or furry.
Aiden James
The FBI committed crimes even though their supposed job is to fight crime?
Juan Barnes
Freedom hosting was bad because they compromised every site on the service, not just pizza.
As for playpen, imagine if it was reported that ...because that's what happened according to their own rhetoric.
Andrew Martinez
indeed, would you like to live in a society where that way of thinking prevails? good job on missing the point lad. well arent you edgy? personally im rather partial to english liberal philosophy, but if you want to be an edgy little natsoc kid by all means take your arse over to continental europe, you might actually do some good there.
Alexander Miller
I actually tried to access Tormail back in Aug 2013 when Freedom Hosting was compromised. I saw the maintenance page with the embedded exploit.
I thought it was a random blackhat at the time, there were rumors that Tormail was run by the Russian government too. I was pissed when I learned the FBI tried to hack me for accessing an email I used for throwaway accounts.
Nicholas Cox
Do you think you don't live in such a society right now? So long as the power lives in an institution we can trust, there will be no problems. Which was what exactly? Namedropping to sound intelligent?
Gavin Harris
mind if i ask where youre from, lad? this is an english imageboard, which hosts predominantly anglo imageboard culture, and here in the anglosphere we dont worship authority youre not on reddit lad, thats not how we do things here
Brayden Baker
Look at your post again.
Jose Smith
i see them quite clearly lad, its just that youre not currently in your little corner of Holla Forums where everyone jerks off to natsoc bullshit
Samuel Morgan
No, you just jerk off to Locke and refuse to acknowledge contrary viewpoints because you believe anything else is not anglosphere and therefor incorrect. You're probably incapable of proving your point of view anyways.
David Taylor
gtfo fbi
Levi Parker
yeah, we were only the last great empire left standing, and the greatest liberator of peoples ever to grace gods green earth, but by all means continue to indulge in your backwards illiberal philosophy, its what makes us better than you
Levi Sullivan
So you can't prove a single point you made? Maybe you should just stick to saying >>>Holla Forums, it would work out better for you.
Charles Gutierrez
oh, so might only makes right when it suits you then? besides, youve failed to respond to any of mine, so i dont see why i should do anything other than mock you for clinging to a failed worldview.
Ryder Allen
OK, Allahu Akbar. Maybe that's how things work in whatever desert country you come from but in the US there's a thing called separation of church and state. How it's supposed to work is if there's no victim, there's no crime.
Cameron Hernandez
Firstly, I never said might makes right. I said might = power = control. You should live by natures rules but we can still temper it with human reason. That being said, what exactly do you think the British Empire was? How exactly do you think they got such a large empire in the first place? They conquered other people. Might does not make right, but might does make control. It's just that we hope and try to make it so that might operates on what we agree to be moral.
Church != morality Victim is not so easily defined. You can easily argue that because ones actions influence the people around them, any harm you do to yourself is also a harm to them. Can you really say drug addicts do not harm their friends and family?
Aiden Bell
see
not so, first they grew their economy, then they grew their military, much of the british empire was oriented towards economic domination
Jaxson Allen
Not to create it. Did they rule over India and half of Africa with just an economy? Of course not. They had soldiers, soldiers they used to conquer other lands, they used the wealth there to fuel a larger, more power navy and army, which in turn conquered more territory, which created further wealth. Are you going to seriously argue the British empire did not conquer other peoples?
Thomas Evans
It's great that this guy was v& and all, but the end doesn't justify the means...
Brody Scott
Same difference. Once you start trying to legislate morality you no longer have a free country.
Yes, unless you are talking about feels but then you are basically taking the side of the SJWs. They are "victims" too when somebody says something offensive to them.
Jace Foster
Can you prove that statement? There's ample evidence drug users are a drain on society, they bring crime and spread disease. They also form an underclass that could not exist without the charity of honest society. Can you really say such things are only of their concern? Of course you can't. A society is not a bunch of individuals living in the same area, it is a union of individuals, each contributing and taking as needed to maintain order. The individual can bring nothing without the society around them. Similarly, the society around them is nothing without the individuals. You cannot separate the two.
What do you imagine a law against murder is? It only codifies that murder is bad. If we lived in a society where murder was seen as good, there would be no law against it.
Ryan Hall
If drug users bring crime then prosecute them for any actual crimes committed against actual people a.k.a. victims. Murder, for example. Not interested in playing word games.
Robert Cox
Thanks for ruining this thread with Holla Forumscrap, guys. Would be nice if you could limit yourself to Holla Forums with the other twelve year olds. Thanks.
Kevin Murphy
That's like saying laws against "hate speech" and "offensive" things are valid. They're horribly vague and both are euphemisms for censorship. The 1st Amendment protects ALL free speech, including speech that may offend.
There are already laws against actual crimes so there's no need for unconstitutional laws other than gaining illegitimate power and control.
Cameron Sullivan
irrelevant
no, but they required it to do so, and were motivated by the prospect of further economic expansion. britain has been an economically driven nation for quite some time, and the purpose of the british military has long been to protect economic interests.
Blake Hall
They may be, depending on your point of view and what you value. Except yelling fire in a crowded theater :^)
haha Which is exactly what I told you. The British Empire was dominated by the reality of life, that the stronger side wins and the weaker perishes. The British were stronger and so they got to control India, not the Indians. You can't get around this law.
Angel Peterson
If you wanna be smart, adopt harm-based morality. Not principle-based morality.
Make it illegal to cause harm and damage, not simply offend or violate a "principle".
Thomas Lopez
Since when is morality a tech subject? Would you pretentious retards fuck off back to Holla Forums?
