Are UK Police Hacking File-Sharers' Computers?

superglaze writes "Following its takedown earlier this week of the music blog RnBXclusive, the UK's Serious Organised Crime Agency (SOCA) has claimed that "a number of site users have deleted their download histories" in response. Given that the site didn't host copyright-infringing files itself, how do they know? We've asked, but SOCA refuses to discuss its methods. A security expert has pointed out that, if they were hacking using Trojans, the police would themselves have been breaking the law. Added fun fact: SOCA readily admits that the scare message it showed visitors to the taken-down site was written 'with input from industry.'"

Re:Browser exploits?

[wvmarle]

This JS history snooping sounds plausible, technically, but maybe not so practically. Besides the question of whether running such a script is legal: how did they manage to run those scrips?

To run such a history snooping script, a user has to visit a web site that runs said script. It's not likely the torrent site will do this for the authorities. It is also not likely that users will regularly visit anti-piracy web sites. They may visit it once, to get some information or out of curiousity, but well not much to repeat visits for.

Or is it done by the ISP? Who then would basically inject a js part into web pages the user downloads? Doesn't sound like a nice thing to do, to say the least.

Besides, such scripts afaik can only do something like "did you visit slashdot.org?": asking for specific URLs. I have not heard of a way to ask a browser "please tell me all sites this user has visited, and all urls which include slashdot.org". The first example shows whether or not the user visited the home page, the second example would give a list of all stories the user has opened, comments they opened, etc. You'd need the second method to be able to query a user's history for specific downloads.

Information from the browser cache determines whether to redownload a file, but the cache should be site-specific. Even if one site asks to download parts from another site, the browser should just reply "done" when the request is processed, regardless of whether that bit is locally available already or that it had to be downloaded.

The only legal way to obtain download histories would be if the user has a public profile on a web site that lists that user's download history (not likely) or that they would indeed come with a search warrant, confiscate the user's computer, and analyse its contents (even less likely).

So all in all this sounds like an illegal hacking action by the UK police.

Re:Browser exploits?

[RagingMaxx]

My guess would be that the authorities may have included such a Javascript in the 'scare page' that is currently replacing the regular site. Regular visitors return to the site by following a bookmark, etc, and while the scare page is open in their browser the Javascript runs.

It would have likely been a part of the initial investigation to either set up a crawler to index the site before it was taken down, or simply pull down the RSS feed of new posts and scrape them for hrefs pointing to mp3s or otherwise. They could thus compile a list of "downloadable" files which had appeared on the blog.

Once the scare page has been put up, they could use the Javascript on the page to fetch lists of these download URLs, insert them into a hidden div on the page, and check each URL's "visited" status in unpatched browsers, sending the results back to the server asynchronously and logging them along with the IP and any other browser stats of the user in question. In this way they could glean data about which files from the site the current user had downloaded.

Now, assuming the above is even close to what happened in reality, I would guess that the site in question has had a large number of hits from curious bystanders (ie the slashdot / HN crowd) since the scare page went up, most of whom would have "clean" download histories as they had never visited the site during its operation. Maybe the people gathering stats have misinterpreted this as "lots of users who cleared their download history" before returning to the site.

Hooray for speculation!

Re:When the cops hack your computer ...

[dryeo]

Actually the whole feudal idea of felons and the segregation that goes with it is pretty disgusting. Basic rights should only be able to be taken away by the judiciary using due process. Even the American Constitution writers reconized that, which is why they have the ban on letters of attainment.
America and Nigeria I believe are the only countries still with the idea that whole classes of citizens should lose rights permanently for doing something stupid when young, even after they've payed the price.