Slashdot Mirror
FBI Posts Fake Hyperlinks To Trap Downloaders of Illegal Porn
mytrip brings us a story from news.com about an FBI operation in which agents posted hyperlinks which advertised child pornography, recorded the IP addresses of people who clicked the links, and then tracked them down and raided their homes. The article contains a fairly detailed description of how the operation progressed, and it raises questions about the legality and reliability of getting people to click "unlawful" hyperlinks. Quoting:
"With the logs revealing those allegedly incriminating IP addresses in hand, the FBI sent administrative subpoenas to the relevant Internet service provider to learn the identity of the person whose name was on the account--and then obtained search warrants for dawn raids. The search warrants authorized FBI agents to seize and remove any "computer-related" equipment, utility bills, telephone bills, any "addressed correspondence" sent through the U.S. mail, video gear, camera equipment, checkbooks, bank statements, and credit card statements. While it might seem that merely clicking on a link wouldn't be enough to justify a search warrant, courts have ruled otherwise. On March 6, U.S. District Judge Roger Hunt in Nevada agreed with a magistrate judge that the hyperlink-sting operation constituted sufficient probable cause to justify giving the FBI its search warrant."
So now if you develop a search engine, you get your computer confiscated?
Compromised web sites contain stealthed links to these honeypots?
With BotNets, Identity Theft and other serious on-line crime, I am so glad that the FBI has the resources to protect us from porn . . . Having had my Identity stolen (the old fashion way - postal theft) and haven gotten no response form any LE - local answer - not in our jurisdiction, FBI answer - not enough $$ involved. Thinking of that - how much $$ are they investigating in this sting operation? Cyber crime will not be a priority until either 1) we get an administration with a different set of priorities (I don't see hope on the horizon there) 2) someone important gets really gouged by Identity theft or a botnet 3) a magic unicorn arrives and makes everything nice
Hope is the worst of evils, for it prolongs the torment of man. -- Friedrich Nietzsche
Ok, I'm not one to throw around the term willy nilly, but this seems like it fits the very definition of entrapment.
This seems like entrapment to me, they are effectively soliciting child pornography. They are not allowed to solicit in prostitution stings, the john must make the solicitation.
I'm sure they get around this by claiming you must click the link, an affirmative action on your part, but wouldn't that be the same as putting up a sign advertising prostitution? (which is illegal too I might add)
This gives me an idea for an april fools joke. Now all I'll have to do is sneak over to my buddies house and browse the web and wait for the FBI to show up.
So the people that accidentally click on these ads (like the page moves down a little and they end up clicking on the pr0n ad) will get arrested to? This is looking even worse than the RIAA's legal fiasco... What's next, putting fake torrents of movies, TV shows, and music up on the Internet, and arresting anyone who downloads these torrents????
4chan party van anyone?
Post JB, get people v& for taking the bait. An interesting scheme. Now the FBI is almost as bad as that which it fights. I would almost care, if I didn't think pedos deserve it.
I was about to say 13256278887989457651018865901401704640, but it appears this number is private property.
You should be scared- you can have all your thousands of dollars of computer equipment and hard drives seized indefinitely just because you clicked on a link. I'm wayyyyyyyyy more terrified of the FBI than of terrorists, and I'm no criminal.
If someone started masking these kinds of links as legit links and sent them out in e-mails and such you could wind up with a lot of innocent people being raided by the FBI. And then how do you prove you didn't mean to click on the link?
What about hidden frames that open these kinds of links?
What about use of javascript, flash, java, or other embedded technology to make http requests in the background?
It just seems way too easy to get innocent people caught up in this sort of trap.
Does anyone still even give a shit about the innocent as long as some bad guys are caught? In the wars on drugs, terrorism, kiddie porn, and all other hot buzz quests, I was under the impression that innocent people caught up in their dragnets have been viewed as "acceptable collateral damage" for quite some time now.
"Every great cause begins as a movement, becomes a business, and eventually degenerates into a racket." -- Eric Hoffer
JB is not CP. Seeing as how half of 4channers are 15, jailbait-clickers are just interested in girls their age. Anyway, the FBI should be trying to take down the monsters who hurt these children instead of spending millions on prosecuting people who just copy files around the internet.
You could probably kill entire online communities by simply rickrolling them with these honeypot URLs. Through widespread application, we could raise the collective IQ of the internet by a good 10 points in one shot.
While this particular investigation may not raise many eyebrows, this could be a very bad precedent for future investigations. Once courts and juries routinely accept that clicking on links believed to be child porn=being a child pornographer=molesting children, anything goes. Literally anyone could be tricked into being directed to such a link. You'd have blanket permission for the Feds to get a search warrant for anyone they want, and no one would dare question it, for even questioning child pornography laws instantly draws suspicion.
A search warrant based on clicking links is very troubling. Before obtaining the warrant there was no evidence whatsoever that the suspect had ever even viewed child pornography, and of course the link the Feds provided didn't actually link to any.
The war on child pornography is expanding every year. More police are hired to investigate it, more funds are allocated for it, and penalties are made ever-harsher. In Arizona it's up to 10 years for each picture someone possesses. Other states consider burning pictures to a CD to be "manufacturing". People are being sentenced to 10, 20, even 200 (http://news.bbc.co.uk/2/6399471.stm) years in prison for possessing pictures.
At some point you have to wonder whether the damage this zealousness causes (throwing college students in jail for decades for possessing some pictures) is worth the benefits. The argument that child porn possessors are creating a market for the material grows ever more tenuous, as fewer investigations seem to be centered around people who pay or provide other compensation for child pornography, but rather are focused on downloaders and traders. Unfortunately, it seems there will be no rational discussion about these investigation techniques or the laws themselves anytime soon, since it seems that there is an army of millions who froth at the mouth anytime they hear the words "child pornography" and cannot or will not draw distinctions between viewing pictures and videos and actually committing sexual abuse.
1) Disconnect from my network.
2) Connect to his unsecured wireless router.
3) Visit FBI sting site (and also maybe do some Google searches for child porn topics to build a browsing history with the ISP they'll find worth checking out).
4) Sit back and wait.
People get really stupid when it comes to crimes involving children. They stop using their brains and get extremely emotional. Thus, law enforcement can get away with things they couldn't otherwise. When it comes to sex and children, all logic is out the door. The best example, which unfortunately I can't find a link to right now, is two minors, boyfriend and girlfriend, (they were in the 16-17 range) sent each other naked pictures of themselves via the Internet. This got found out and they were charged with possession, production and distribution of child pornography and sentenced to prison. This was then upheld on appeal. Yes, that's right, kids sentenced to jail and will be labeled as sex offenders for life for taking naked pictures of their own bodies.
Thus even if this is entrapment, it won't matter, because of the crime it involves. Logic and due process just get pushed aside for emotion and a witch hunt mentality.
Yes, 17 year olds are liek TOTALLY children.
Idiot
all you have to do is to use someone else's wireless access. oh wait, never mind. now that might get you jail time too...
I'd like to give a shout-out to all of the people on the "Stealing wireless has no victims" thread earlier today.
So is this illegal??
Click here for free beer!!!
Big brother seems to have fewer blocks from running over our rights these days. I have watched this country hand over it's basic civil rights since 9/11 in the name of patriotism, law and order and nationalism. Read some history, this is how the Nazi's rose to power, using dogma so akin to what we hear these days. Some people say the terrorists won, I disagree. Someone more sinister and evil than them won, they were just the vehicle for it, the excuse.
You do NOT take power away from a government once it has it without a great struggle. In our fear, we have with blind trust handed over our freedoms, leaving common sense behind us. This is just one dangerous step down a wide path to destruction by allowing such flimsy standards for law enforcement. Sure, the reasons they use may on the surface and the moment seem justified, but it sets a dangerous president that will erode our rights even further. Ask yourself, how far will they go to probe us to find our resistance? When will we if ever cry out for a stop to this madness? At what point will we say "enough is enough"?
History shows us how the people of Germany failed to stop the Nazis. The Nazis were few in number, one would think the German people could have rose up and crushed them. But they were fearful, law abiding and followed the dogma. They thought they were doing the right thing. A monster was loosed on the world because of their inaction. How much of a monster will we Americans unleash on the world if we fail to control our nation? If you don't think it can happen here, don't be foolish. The German people didn't think it could happen to them. They didn't all wake up and decide to be world villains, wringing their hands and laughing madly with each other over plans of world domination. How are we different than them? What strange magic protects us from evil men? Our Constitution? It is but a document, words on paper that can't stop an ant from crawling over it. It has to live in our hearts and minds and we have to be vigilant to defend what we believe in. Only then do those words have any power.
What can you do? For now you can vote. You should do it and be responsible to cast that vote to support your ideals, not the flavor of the year dogma. We should all be thankful that we can vote. When the day comes that we can't, we will wish so hard we could because the struggle back to the vote will be long and hard and most likely brutal.
Attacks on our freedoms cannot be suffered and ignored; tolerance in this case is a form of defeat.
Take the Red Pill.
The clicking of the link itself triggers a search warrant. The search warrant, in the case above, produced evidence that indicated that the suspect did, indeed, consume child porn. I would not like to see conviction based on a link-click, but as the basis for a search warrant, I'm not sure that's inappropriate.
Even worse, when malware makes owned computers hit the URLs, the FBI now has cause to permanently confiscate millions of dollars worth of equipment due to boxes getting pwned.
I may be thinking in a paranoid manner, but what's to stop someone from doing this just to cause an economic issue due to many, many people losing their equipment and having to repurchase it?
On the other hand, law enforcement under the current Administration hasn't been any too careful about Constitutionality. The thing is, regardless of whether these activities are in fact legal, once you've been subjected to a raid you've already suffered a punitive action, and will suffer further humiliation and expense defending yourself in court. And depending upon how that works out, you might find yourself in prison anyway, as some of that "acceptable collateral damage" the Feds talk about.
... maybe the rest will understand how abusive this is, given the inability of the technology to uniquely identify anyone.
There have been a number of Federal judges nailed on child pornography charges over the years: I sincerely hope that one of their number gets bitten by this nonsense. I especially hope that he's actually not guilty
The higher the technology, the sharper that two-edged sword.
JB is generally girls around 15-17 years old, whereas CP is younger than that, maybe they're both the same thing in the eyes of a court, but jailbait usually doesn't involve any exploitation of minors, since many girls that age are just attention whores anyway and would willing make those pictures, and many of the people who look at them would be the same age as the girls(/boys?) involved.
Of course the FBI links according to TFA were supposedly of 4 year olds, so debating the morality of jailbait has no place in this thread.
You are right to fear the FBI. Now they have a one click way to harass, smear and jail the political and economic opposition they have spent the last few years identifying. Detention centers have been built and police have been practicing mass arrests. Arbitrary arrest and torture of opposition, this is how democracy dies. The FBI program is so obviously flawed that it can only be useful for crushing opposition.
I'd be packing my bags if I thought there was a place to run. The only option is to crank up resistance and vote these evil bastards out of office. It's time to dismantle the police state.
No calls now, I'm
With what people do with RickRoll, I am scared what they will do with this.
It's even worse for you, buddy, because either:
1. You don't keep logs. Good luck getting anyone to believe it wasn't you.
2. Or you keep logs and they show 'your' MAC address.
I simple image tag pointing to this "bad" URL would get someone in major trouble. All those forums that allow you to put img tags in your sig. Bye-bye all forum members!
So in order to totall screw someone all you have to do is get on their box, phisically or by cracking and download some kiddy porn. Then drop a dime on them (just in case you did not click on the honey pot) and voila! Instant conviction. Yes. some men have been convicted of child port violations with zero evidence above the files in their cache.
"This message was sent from an Apple
It really is worse than that. Any site you go to can link any content from any other site, and not show it to you -- just load it transparently in the background. You will have downloaded the material without your knowledge and it will be in your cache when they break your door down.
The article plainly states that they do not even bother to record the referring URL or page, which means they don't care if you were prank porn'd. Considering some freaks are out there getting SWAT called on people it's realistic to expect that this will be a toy of choice for disgruntled former life partners and competetive coworkers with an evil bent. You'll be guilty of committing a crime completely without your knowledge. You won't just lose your equipment -- you will go to PMITA prison and spend the rest of your life on the registry. Same with if you have an HTML email with the content embedded but otherwise looking harmless. Since there are hundreds of thousands of compromised sites out there, and millions of spam bots the internet bad guys could get almost all of us on this list pretty quickly. Also some browser plugins automatically download all of the pages linked from your current page in the background to speed up browsing.
What this means is that this Internet is now useless with pictures. Or embedded content of any kind.
I'm all for catching and punishing the freaks that seek out this content and most especially the ones that publish it. But to leave enforcement this wide open to abuse is just wrong.
It's time to browse with Lynx again. Who would have thought that would come up again for people who weren't blind?
Just about the only alternative that works is browsing via secure remote desktop from offshore hosting.
Help stamp out iliturcy.
Let's say the FBI decides for reasons having to do with what they think your politics are to get you busted. (e.g. mistaking you for somebody else) You see a page of what interests you and you click on it. The FBI screenshot shows a bunch of naked juveniles.
Do YOU deserve it?
Tech Public Policy stuff
If I found out about the url and I had a bot net then I'd do it deliberately.
Heads would roll when they figured out that all the clicks they got were fake and they had siezed thousands of innocent people's stuff.
The courts would also think twice about approving stuff like this.
People who can't even manage encryption are supposed to run a dedicated server to receive and store logs from their low-memory routers?
Mod this guy up -- this is EXACTLY what needs to be done.
:P
Somebody needs to man up and crapflood the fuck out of the FBI. This is completely unacceptable practice.
Sure, they mislabel the link to deceive people to click on it who only want to see CP... raise your hand if you have or have ever seen someone click on a goatse or tubgirl or lemonparty after being TOLD not to click on it.
This sort of shit is RIPE for abuse, and WILL be abused, and until it is OVERabused will CONTINUE to be abused. It's just like any other bug in any other MMO, really.
... still waiting for this free-as-in-beer free beer I keep hearing about.
Many states of the USA have serious problems with the process of charging and convicting rapists even when DNA and medical evidence is available and the same people that would normally be working on this are trying to create some sort of thought criminal instead. When it comes down to it there is nothing at all here that actually has anything to do with child abuse - it's about asking somebody to look at something suspicious and seeing if they click on a link.
"The "pandering" provision of the PROTECT Act makes it illegal to claim you have child pornography, even if you don't."
Um... isn't this exactly what the FBI is doing??
~REZ~ #43301. Who'd fake being me anyway?
thegodmovie.com - watch it
... so the pedoporn surfers can hide their IP and use yours instead.
We live in a world where the reality is that the majority of computers are not in complete control by their physical owners. At least in the case descriped by TFA, the guy charged with the crime apparently had other evidence going against him. But it is rather scary that even if the FBI is using this as a lead to potential suspects, and not as the convicting evidence by itself, that they could still do an armed raid on someone's home just because they happened to load an app that is really providing someone else with a means to perform massive (through many such infected computers) trolls of porn sites (frequently done by porn site operators themselves, not to evade the FBI, but to just not show up with the same IP all the time).
The FBI needs to get a better handle on the reality of not just how the protocols work, but how the protocols get used, good or bad. Just because such and such IP address accessed some dirty picture or copyrighted song does not mean the physical computer owner had anything to do with it ... not even if a copy of it is cached on that same computer. And this doesn't even cover the many cases where IP addresses (and sometimes even MAC addresses) can get used by someone else where the original user shuts their computer off. A great many networks, in schools, businesses, and even ISPs, are not so tightly secured to prevent this (and it doesn't make economic sense to go to extreme efforts to secure them when there is relatively little economic impact as a result, which is the case if they are not charging by the byte).
now we need to go OSS in diesel cars
And all the people with link prefetching (like myself) turned on just "clicked" that link from the point of view of the FBI.
Not a sentence!
You know... i hate this mentality. I *like* people who leave their wireless routers open. I think they're friendly and good-neighborly and i think this attitude screws that all to hell. IANAL, but to the best of my legal knowledge you have almost no liability over someone else using your wireless *despite* what the RIAA says. Remember, they sue you becuase your IP address is being used, but if they don't find any corroborating evidence on your computer that you've violated copyright then they have nothing.
/.'ers don't seem to feel the same way???
The more you *bow* to the government and let them change your behavior even when what you're doing is not illegal, the more power you give them. I don't know how we let things get to this state in our country when it comes to wireless access.
I *want* people to leave their wireless access open, and I *don't* want people to feel that even though they're not doing something illegal they have to change their behavior because the police or other government folks are trying to push us into line.
Why is it that YOU guys, you
d
all language nazi's will burne in heil!
Too bad the FBI has perverted those principles in this witchhunt and too bad people like you seem to think the problem lies elsewhere.
According to this article the links were fake. So all you need is a link that says child porn here and people who click the link will go directly to jail. Or, at least, get their homes raided. Even if the link really didn't feature photos of exploitation of children. Nah, no way this rule could be abused.
URLs will work for that purpose anymore. The problem / challenge is to find the new ones without having the FBI breaking down your door.
Tech Public Policy stuff
So, the link prefetching that some browsers (or extensions) perform might take you into jail ?
See: http://fasterfox.mozdev.org/
You people are so insanely focused on privacy rights that you can't see there is no violation here.
IF you are surfing forums known to contain child pornography....
AND
IF you click on a link suggesting that behind the link is child pornography...
THEN I think there is probable cause to believe you are filthy scum and should be investigated further.
Could it be someone else was using your computer? Absolutely.
Could it be that you accidently ended up in the forum and pre-fetched the links? Absolutely not. You were browsing the forum.
But there is definitely probable cause. And if they find child porn in your house, you should be locked in jail for a very, very, very long time.
And if they don't find any child porn and there is any reason to believe someone else used your wireless/someone else used your computer/..., they should apologize and move on.
We aren't talking about some fuzzy borderline situation where an accidental click and prefetching could have done him in. We are talking about a guy who:
a) Was surfing a forum with child porn
b) Clicked on links to download child porn
c) Had child porn on his computer
d) Tried to destroy his hard drives and USB drives before the FBI could get to them.
This guy was obviously surfing for child porn and should be in jail a lot longer than he is likely to be in jail.
Unless they're using Fasterfox, or any of the dozen commercial 'accelerators' that do prefetching on all links, not just the ones marked. (Which incidentally is a slight abuse of the internet, but obviously not one that should result in jail time.)
If corporations are people, aren't stockholders guilty of slavery?
Personally because of the looseness of the whole internet, including ISPs recorded fro activities at specific times, the number of infected machines, IP spoofing etc. the recording of a data request from at IP address to another IP address is not really sufficiently valid for a destructive and life threatening raid.
Careful consideration needs to be made for the risks, ramifications and the damages caused by a raid and whether that record is really sufficient seeing that it can be so readily faked and an innocent party can suffer the repercussions.
The raid is an life threatening event (many innocent people have in fact died during raids), actual property damage can and does occur, confiscation of electronic equipment often for an indeterminate time also represents a significant burden especially as a lot of individuals are reliant upon the machines for business purposes, so the burden of proof should be sufficient to justify the harm caused.
There are a lot of people out there who think it would be hilarious to find that FBI address and hide it all over there internet camouflaged and try to get it clicked as often as possible, both to waste the FBI time as well as make strangers and sometimes known enemies suffer.
Chaos - everything, everywhere, everywhen
It's just like software/music piracy and drugs. Going after the people that might happen upon the material instead of going after the cause or the distributor. It far less expensive to scare people into believing they will be raided by instances like yours than it is to track down and research where it's coming from. Simply by posting that, you perpetuate the fear and support their cause. I'm not saying that you posting your history was wrong, but I'm using it to back my opinion on the whole matter.
Every time I start to have faith in humanity, I ruin it by driving to work between 7 and 8 am.
You have ample remedies if *any* law enforcement officer acts in bad faith. In order to get a search warrant, a police officer or Special Agent needs to state the facts that support that warrant in an affidavit sworn to under oath.
"Our informant said he did, and we can't name our informant because he would be compromised." What remedies do you have against that?
And finally, this would not be entrapment since entrapment is inducing someone to commit a crime they would not have done had it not been for the enticement. In these cases, the FBI is going after people who are already looking for kiddie porn.
You are missing it. There is no entrapment because there is no crime committed. You can't "entrap" someone for no crime that never happens. They will never be charged with kiddie porn for viewing or saving whatever was on that link. It's a link to nothing. The question is whether clicking a link to nowhere is probable cause for destroying someone's life. This is no different from a sign outside a building advertising "Free Prostitutes Inside" and when people come in, they are identified, tracked, and their life turned inside out to see if the FBI can prove they did use a prostitute before. It would be entrapment if they arrested them for soliciting for that act, but they aren't. They are using it as the reason to destroy someone's life looking to see if they committed other acts. Not entrapment, but possibly worse.
I cannot believe this shit gets modded up as, "informative."
He was wrong in that it was not entrapment. You were wrong in the reason you gave why it was not entrapment. So maybe you could be a little more tolerant.
Learn to love Alaska
Consider it the newest version of "swatting"...
/.'d, and the FBI gets a million IP addresses to sift through.
How hard would it be for some botnet manager to monitor the appropriate IRC channels, record the links posted, and command the zombies to fetch those URLs? Doesn't have to do anything with the data - just a simple GET.
One of 2 things could happen:
- Instantly, the honeypot server gets
- A bunch of innocent people are scared to death by dawn raids, and lose all of their electronic equipment and records. Even if they aren't convicted, they'll never get their stuff or lives back.
It's only a matter of time....
There are a lot of people out there who think it would be hilarious to find that FBI address and hide it all over there internet camouflaged and try to get it clicked as often as possible, both to waste the FBI time as well as make strangers and sometimes known enemies suffer.
I wouldn't call it hilarious, but I think if we could reach a point where there was a sufficient number of rich false positives, we might just get this stupidity shut down. While I agree with locking up pedos who go after 4 year olds; with the damage it does to someone's life to just be accused of such a thing, I think we need to be really careful about who we tar and feather.
If nothing else, just getting people to wardrive around affluent neighborhoods and have some sort of spider which starts off at known pedo sites and follows links for a few minutes might be a good start. If we can get a few judges and politicians nailed with this stupidity, even better.
Necessity is the mother of invention.
Laziness is the father.