Are UK Police Hacking File-Sharers' Computers?

superglaze writes "Following its takedown earlier this week of the music blog RnBXclusive, the UK's Serious Organised Crime Agency (SOCA) has claimed that "a number of site users have deleted their download histories" in response. Given that the site didn't host copyright-infringing files itself, how do they know? We've asked, but SOCA refuses to discuss its methods. A security expert has pointed out that, if they were hacking using Trojans, the police would themselves have been breaking the law. Added fun fact: SOCA readily admits that the scare message it showed visitors to the taken-down site was written 'with input from industry.'"

Remember: The police are allowed to lie to you

Cool when you're watching nefarious plotting on Taggert or Law and Order: UK but not so funny when it's you. And the accusation is that you're depriving a Hollywood mogul .00000001 per cent of a payment on this third Mercedes.

Re:Remember: The police are allowed to lie to you

[Kijori]

No - do not remember that because it isn't true.

The police in the UK are not allowed to lie to you in an interview. Lying to a suspect in order to elicit information is an example of "oppression" and is grounds for the evidence obtained to be struck out.

And before someone responds with "ah, but that doesn't stop them doing it before the interview" - interview, in this context, is defined very widely in UK law. I don't think you could engineer a situation in which you could lie to the suspect without it becoming part of the interview.

Re:Remember: The police are allowed to lie to you

[HopefulIntern]

Cops in the UK don't understand the laws they are enforcing. They break the law all the time without knowing it, and spread misinformation about the law. Take the knife law, for instance. Some cops will tell you carrying any knife in public is illegal, unless you have a valid reason. The fact is, any folding knife that does not lock and has a cutting edge of under 3 inches is legal to carry by anyone, for no reason at all (so most Victorinox are perfectly legal to have in your pocket). It only becomes an offense if it is brandished or used in an unlawful manner.

huh?

"a number of site users have deleted their download histories" What does that even mean? Cleared their IE Browsing History? Deleted their Chome cache? Removed things from FireFox's "Recent Downloads" folder?

Re:huh?

[dgatwood]

It probably means that the JavaScript/CSS trick for determining what sites you've visited no longer shows that the IP number of believed downloaders have visited those sites. Which probably just means the government authorities in question don't know what "dynamic IP" means, but I digress....

Re:huh?

[SuricouRaven]

Depends what browser you use, and what version of that browser. IE6 is still around, remember.

Well...

SOCA, How about a message from the people that pay you, "You are not above the law".

First Rule of Media Manipulation

[deweyhewson]

Never let the facts get in the way of good propaganda.

SOCA on the case

Shit just got serious!

Re:SOCA on the case

[biodata]

and organised!

Re:SOCA on the case

[garrettg84]

and criminal!

right department for the job

[Gravis+Zero]

UK's Serious Organised Crime Agency

The Internet is Serious Business

Re:right department for the job

[SuricouRaven]

Barely.

Commit or prevent?

These has been widespread suspicion that SOCA commits serious crimes. Whether it prevents them or captures the villains is also doubtful.

Browser exploits?

[AmiMoJo]

Perhaps they were using browser exploits to determine if people had cleared their history or cache. Most (all?) of the major browsers used to allow Javascript to detect if links had been visited, so it could check known pages on the site to see if they had been accessed. Similarly the server can tell if files are in the browser's cache because it doesn't re-download them.

Combine that information with IP address logs and you know... well, nothing actually, but if the message they posted on the site is anything to go by they either don't understand that or are just lying deliberately. My guess is that this claim is the latter.

If you look at the site now the threats have been removed, like someone told them to stop breaking the law themselves. The result of IPCC complaints probably.

Re:Browser exploits?

[Captain+Hook]

My guess would be the former... They just don't understand the technology.

Don't get me wrong, they probably do have staff who do understand, it's just that those staff aren't the ones communicating with people outside SOCA. For that matter, I don't think those people even understand criminal investigation either. Look at that industry sponsored message they had on the domain seizure notice.

Re:Browser exploits?

[wvmarle]

This JS history snooping sounds plausible, technically, but maybe not so practically. Besides the question of whether running such a script is legal: how did they manage to run those scrips?

To run such a history snooping script, a user has to visit a web site that runs said script. It's not likely the torrent site will do this for the authorities. It is also not likely that users will regularly visit anti-piracy web sites. They may visit it once, to get some information or out of curiousity, but well not much to repeat visits for.

Or is it done by the ISP? Who then would basically inject a js part into web pages the user downloads? Doesn't sound like a nice thing to do, to say the least.

Besides, such scripts afaik can only do something like "did you visit slashdot.org?": asking for specific URLs. I have not heard of a way to ask a browser "please tell me all sites this user has visited, and all urls which include slashdot.org". The first example shows whether or not the user visited the home page, the second example would give a list of all stories the user has opened, comments they opened, etc. You'd need the second method to be able to query a user's history for specific downloads.

Information from the browser cache determines whether to redownload a file, but the cache should be site-specific. Even if one site asks to download parts from another site, the browser should just reply "done" when the request is processed, regardless of whether that bit is locally available already or that it had to be downloaded.

The only legal way to obtain download histories would be if the user has a public profile on a web site that lists that user's download history (not likely) or that they would indeed come with a search warrant, confiscate the user's computer, and analyse its contents (even less likely).

So all in all this sounds like an illegal hacking action by the UK police.

Re:Browser exploits?

Besides which, last I checked even the domain-specific js snoop didn't work anymore in FF or Chrome.

Given that they both basically keep themselves up-to-date, I don't think you could ever reliably say anything about hit rates. And certainly not well enough to claim people are actively clearing their histories.

No idea on IE, but no matter how you cut it, it's most likely total bullshit. More scare tactics from scumbags.

Re:Browser exploits?

[RagingMaxx]

My guess would be that the authorities may have included such a Javascript in the 'scare page' that is currently replacing the regular site. Regular visitors return to the site by following a bookmark, etc, and while the scare page is open in their browser the Javascript runs.

It would have likely been a part of the initial investigation to either set up a crawler to index the site before it was taken down, or simply pull down the RSS feed of new posts and scrape them for hrefs pointing to mp3s or otherwise. They could thus compile a list of "downloadable" files which had appeared on the blog.

Once the scare page has been put up, they could use the Javascript on the page to fetch lists of these download URLs, insert them into a hidden div on the page, and check each URL's "visited" status in unpatched browsers, sending the results back to the server asynchronously and logging them along with the IP and any other browser stats of the user in question. In this way they could glean data about which files from the site the current user had downloaded.

Now, assuming the above is even close to what happened in reality, I would guess that the site in question has had a large number of hits from curious bystanders (ie the slashdot / HN crowd) since the scare page went up, most of whom would have "clean" download histories as they had never visited the site during its operation. Maybe the people gathering stats have misinterpreted this as "lots of users who cleared their download history" before returning to the site.

Hooray for speculation!

Re:Browser exploits?

[jeti]

And if after the reporting on slashdot and other sites, a lot of first-time users had a look at the page, their browser history would be dramatically different than that of regular users.

Re:Browser exploits?

[Captain+Hook]

Besides which, last I checked even the domain-specific js snoop didn't work anymore in FF or Chrome.

Which to a clueless investigator who know that method once worked would look like everyone running the js script had deleted their histories because he wouldn't be getting any browser history hits.

Re:Browser exploits?

[dissy]

So basically their illegal shenanigans make the global news (including slashdot), and tens to hundreds of thousands of people world wide go clicking links in the article to see the take down notice.

They interpret this as tens to hundreds of thousands of returning pirates, who must have cleared their cache and history!

Now they get to claim the site was WAY more popular in members than it actually was, and some huge conspiracy is going on to keep them hidden and secret.

In their minds, they are not doing anything wrong, and in fact are heros for this action.
So why would anyone be upset at rights violations and want to see if the news stories are true?
That's simply impossible. We are all long time members using the site to download trillions of songs, and we all clear our history daily to avoid getting caught, because their javascriptlet told them so.

It's almost funny in a way

That's a bit of a leap

[sangreal66]

I did actually RTFA and my conclusion from the comments attributed to the police is that they are either full of shit or they just read some forum posts. Hacking never would have entered my mind.

Serious?

[mwvdlee]

If SOCA, Serious Organised Crime Agency dealing with serious organized crime is fighting copyright infringement, then what is the agency called that deals with such things as mobsters, thieves, assassinations and illegal prostitution gangs? Those organized crimes aren't serious enough for SOCA? They sure are causing a lot more harm to the tax-payers.

Re:Serious?

[whyloginwhysubscribe]

It is funny that their take-down notice is copyrighted itself too. They should take-down the zdnet article for re-printing a screenshot of it, and then replace it with the actual page that the screen shot is of.

It is worth following JackOfKent on twitter for his insight into this. He noted that the take-down notice could actually be a contempt of court.

Re:Serious?

[MysteriousPreacher]

Are you suggesting that torrenting a movie isn't a serious crime worthy of attention from an agency tooled-up for tackling mobsters and terrorist threats? I look forward to the SAS being deployed by local councils to deal with people who sneak for free in to concerts.

SOCA - Serious Organised Crime Agency

[Nursie]

Jesus.

These cretins ought to be dealing with people traffickers, gang crime and other actual Serious Organised Crime.

That they are taking down music sharing sites is ridiculous. The justification I heard recently was even more laughable. It was serious organised crime because it cost the record labels 15 million.

Ah, record label mathematics, even better than cop math!

I don't doubt that these sites are hives of illegal activity. What they are not is a serious threat to the British public, which SOCA should be concentrating on, not pissing into the wind trying to clamp down on piracy.

Re:SOCA - Serious Organised Crime Agency

[wvmarle]

I see you're not a politician, so you see it totally wrong.

For starters, it's crime. It's murderous even: it kills music, it kills artists, it kills the studios and labels. And it is theft too, of course.

It's also serious, see above. Murder is a serious crime. So is theft - that's what I see on stickers pasted in shops against shoplifting. "Theft is a serious crime". I'm not going to argue with that, theft is a crime. So is murder. And it's serious.

And organised those web sites are. A large organisation, with its tentacles all over the place. They have hackers gaining access to unreleased music for them, other hackers that post complete albums or illegal recordings of concerts and whatnot. Well organised they must be, how else could they serve those thousands upon thousands of customers every day.

So of course it's a task for the SOCA. Drug dealers be damned, that're minor guys, not worth bothering with. But those music thieves must be stopped!

OK politician mode off. Have a nice day :-)

Re:SOCA - Serious Organised Crime Agency

[BlueStrat]

It's simply not possible to stop it, or even slow it down that much.

Sure you can. You underestimate the lengths they will go to.

All they have to do, is to do away with the user-controlled general-purpose computer, the open internet, and any individual rights you were under the illusion of having.

They're already well on the way to accomplishing all of those goals, while many cheer them on.

Strat

Re:SOCA - Serious Organised Crime Agency

[SuricouRaven]

A lot of pirates seem to get into piracy for the free stuff, but turn political once they realise how potentially dangerous anti-piracy efforts are. It's easy to conclude that effective copyright enforcement and freedom on the internet are mutually incompatible - and if one has to go, make it copyright.

Re:SOCA - Serious Organised Crime Agency

[Kijori]

I've posted about this above but I'll repeat it here.

The fact that SOCA is investigating is not because music sharing is the most serious type of crime. It's because the e-crime unit is under the auspices of SOCA (rather than a local police force). A lot of online crime is referred to SOCA for this reason despite the fact that it would not normally be of the type they investigate. Frankly I think that in a lot of cases this makes sense rather than each local force maintaining a cyber-crime division, although it might prevent misunderstandings if they didn't use the SOCA 'branding'.

Regarding the idea that "[t]hese cretins ought to be dealing with people traffickers, gang crime and other actual Serious Organised Crime", the people who deal with people trafficking and gangs are not the same as the people who investigate online crime. There are specialist departments for each of those.

Best wishes.

So write them a letter if you are not in the UK

[Mitsoid]

So write them a letter if you are not in the UK
http://www.soca.gov.uk/contact-soca/complaints

I personally linked the definition of terrorism ( http://www.merriam-webster.com/dictionary/terrorism ) in my e-mail and called them out on their terrorist actions

Sure, it's non-violent terrorism.. but it STILL IS terrorism....

Re:So write them a letter if you are not in the UK

[Xest]

Write them a letter if you are in the UK even. In fact, it'll probably be more effective.

Personally for me, as a British citizen living in the UK, admittance by a police officer that my PC may have been hacked simply for visiting a site linked in a news article gives me all the justification I feel I need to submit a formal complaint to the IPCC and to my MP.

Whether it has or not, and whether the officer knew what he was on about is neither here nor there, the fact he believes that it's legitimate policing needs to be stamped right out.

Re:So write them a letter if you are not in the UK

[TheRaven64]

If it is an admission by a police officer, then don't write to SOCA, write to the IPCC, who have the power to investigate claims of misconduct by members of SOCA.

Huh!

[TheP4st]

In what parallel universe were the RnB exclusive blog activities Serious Organized Crime? Okay, modern RnB could be considered a crime, but still...

What Judge?

[dutchwhizzman]

What judge granted the 15 million claim? You can't take down people's businesses just because someone claims they are costing them money in illegal damages. If that's the truly a fact, they could sue in court for the losses. Once the losses were validated by a Judge, they could first ask the losses to be paid. If those weren't paid, they could have the assets of the business confiscated. Maybe *then* you would have a case for taking down the website, but not before.

Prejudiced the prosecution

What they did there was make a false allegation against him and anyone who downloaded music. He can't now get a fair trial because he's been accused of theft by the police publicly but they haven't brought a theft charge against him confirming it is a false claim.

They prejudiced his trial.

So what they need to do at this point is get back within the limits of the law, and stop propagandizing. The police have no place in society as a political campaign group.

Also they need to recognize that RIAA now represents less than 30% of music sold, and that 2011 was the biggest year for music sales on record. Copyright infringement is copyright infringement, it's dealt with by copyright laws, not theft laws. The only input they should be seeking on a take down notice is LEGAL input on the LAWS as they stand in the UK. Nothing else.

http://blog.nielsen.com/nielsenwire/consumer/cue-the-music-driven-by-digital-music-sales-up-in-2011/

What will happen now, is those false claims they made will be used in court as evidence of police misrepresentation of evidence.

Re:Prejudiced the prosecution

[SuricouRaven]

Here in the UK and most of Europe, we get the levy... and it's *still* illegal to download or copy*. Is it any wonder people are starting to dislike the media industry so much?

* It's actually illegal to so much as rip your purchased CD onto a portable player for convenience in the UK, but no-one bothers to enforce that one.

Re:Prejudiced the prosecution

[Whibla]

* It's actually illegal to so much as rip your purchased CD onto a portable player for convenience in the UK

Not for long, hopefully! Proposed Changes

As one of the talking heads is quoted as saying in the above linked article:

"The review pointed out that if you have a situation where 90% of your population is doing something, then it's not really a very good law,"

A 'rare' and sensible insight! Now let's hope the government can get a move on actually passing it, as a bill, through Parliment.

Its their network, from your ip to the world

[AHuxley]

Its their "network" and your ip and usage is logged for a short time in some detail. Ip and billing data might be kept for many, many months, but if your quick :) They know the site, the names of the files and have a time frame. The rest is UK wide database work.
This was done with very unique data from newsgroup posts. Take the data to the isp's and do a massive search seeking people who downloaded the file/s.

When the cops hack your computer ...

[Taco+Cowboy]

... it's legal, and you end up in jail

When you hack cops' computers, it's illegal, and you end up in jail

Head you lose, tail, you also lose

Re:When the cops hack your computer ...

[Moryath]

Proving that megacorps have more rights than people... I'll believe corporations are people when texas successfully executes one.

Till then:
- You commit a felony, you go to jail and lose your voting rights.
- Corporation commits a felony: no jail time, a pittance of a settlement/fine, and they still have the right to buy off elected representatives with unlimited campaign contributions.

Anyone else disgusted?

Re:When the cops hack your computer ...

[dryeo]

Actually the whole feudal idea of felons and the segregation that goes with it is pretty disgusting. Basic rights should only be able to be taken away by the judiciary using due process. Even the American Constitution writers reconized that, which is why they have the ban on letters of attainment.
America and Nigeria I believe are the only countries still with the idea that whole classes of citizens should lose rights permanently for doing something stupid when young, even after they've payed the price.

Re:When the cops hack your computer ...

[AngryDeuce]

Anyone else disgusted?

Of course! The question is, what are people going to do about it? We can't vote our way out of this mess because becoming a part of the system requires one to be corrupted by it first. Boycotts are ineffective because many of these companies have so many millions of customers that it's virtually impossible to effect their bottom line (besides the fact that they just make up the difference by ripping off their remaining customers), and others are so deeply enmeshed with the government that it would be pretty much impossible to send a message there, like our DoD contractors.

I fully believe that there's going to be armed insurrections within a decade in this country, but there's still a lot of people out there that refuse to entertain the notion that there would be any justification for it. I can't tell you how often I hear people tell me that revolution is ridiculous because we're not being starved, raped, and murdered by warlords and dictators like the people of Africa and The Middle East. I just do not understand why so many people are so willing to accept a "long train of abuses and usurpations" as long as massive quantities of blood aren't being spilled. It's ridiculous that it's going to have to get to that point...as a nation our ignorance of history (even our own history, let alone the rest of the world) is deplorable. If more people were cognizant of it than we would be able to see the slippery slope we're rocketing down and how it's going to end before it gets to the point of massive bloodshed, but as education is dismissed by a large portion of this country as propaganda and lies, it'll probably never happen.

Just speculation here...

[jimicus]

Take this with as much salt as you think it needs.... but the easiest way I can think of to do this is actually quite possible with no hacking.

Step 1: Take over the site through legal means.
Step 2: Troll through the server logs, getting the IP addresses of everyone that's downloaded a .torrent file in the last month. There's a good chance the configuration for how much to keep in the way of logs won't have been nailed down to "almost nothing" because until recently, most of the sites that hosted nothing but .torrent files thought they were on fairly solid legal ground so didn't need to worry about that sort of thing.
Step 3: Filter the list you got in step 2 for all IP addresses assigned to UK ISPs.
Step 4: Contact those ISPs with a court order requesting:
- Identity of who had IP address XX.XX.XX.XX at the appropriate date/time.
- What else those people had been downloading. You don't need DPI-type information; if a customer has also been downloading lots of other .torrent files over an insecure link (dead easy to find out because many ISPs operate transparent proxy servers for HTTP traffic) and subsequently used a lot of bandwidth, that may well be enough to get a court order to seize the customer's own computer equipment.

You want a higher burden of evidence before getting a court order? Fine, limit it to IP addresses that have been visiting the site regularly and downloaded a lot. Yes, dynamic IP addresses do change but they don't typically change on an hourly basis. A single IP address that downloads a lot over the course of a couple of hours could easily be enough.

There. You've now got enough information to monitor the UK without having to plant a single trojan or do a single thing illegally.

Bootlegging Piracy

[ninsega]

It's bootleggers we need to worry about. Piracy is pretty much try-before-you-buy.

Re:history

[TaoPhoenix]

I dunno,

Firefox has this creepy new dashboard on New Tabs that shows parts of your history, and it's semi-permanent-sorta even if you delete parts of your history in the settings. I didn't do any exhaustive research, just that I noticed a top level partial history delete didn't work. All I'm saying is that stuff like the new Google data-merge is gonna intersect eventually with the cops/govt spreading their fear campaigns.

Re:Same Country

[Cederic]

Harrassment is illegal. Get him to formally complain to the police, his MP and the local council, demand action and if necessary ask a court for an ASBO.

Use the system against itself.

My letter to SOCA

[ODBOL]

Here's what I sent them. If I had been wider awake, I would have skipped the last paragraph. I enjoyed writing it, but sarcasm is almost always counterproductive.

Dear SOCA,

When I saw the takedown notice at RnBXclusive, I was sure that it was a spoof. The bald statements about the guilt of "the individuals behind this website," apparently unproved in court, the threats of prosecution to myself, and the speculative claims about the "future of the music industry," seemed too absurd to be written by a serious law enforcement agency. Then, the advertisement for pro-music.org at the end made it clear that this was either a spoof by pro-music, or more likely by an opponent trying to embarrass pro-music.

I was astonished to find acknowledgment on your own web site that this absurd text was indeed your own.

I never heard of RnBXclusive before, and have no opinion whatsoever regarding the legality of the behavior of "the individuals behind" that website, nor your takedown of the site and reported arrest of the "individuals." But I hope that you will be more careful in the future to post only relevant and sensible notices that stay well within the scope of your legal mission.

I recommend to you the Electronic Frontier Foundation (www.eff.org) as a source of careful analysis of online behavior by individuals, corporations, governments, and law enforcement agencies. They do not appear to have posted any specific comments about RnBXclusive, SOCA, or your recent arrest and DNS takeover, but they can provide some of the best advice available when consulted.

If you must advertise legal sources of music downloads, let me recommend my favorite, magnatune.com, which is not represented by those "behind" the pro-music.org website, and which will perhaps suffer competitively from your public endorsement of pro-music.org.

Sincerely Yours,

Michael J. O'Donnell
The University of Chicago