Slashdot Mirror

← Back to Stories (view on slashdot.org)

Police Could Charge Data Center Operators In the Largest Child Porn Bust Ever

Posted by Soulskill on from the enforcing-due-diligence dept.

sarahnaomi sends this report from Motherboard: Canadian police say they've uncovered a massive online file sharing network for exploitative material that could involve up to 7,500 users in nearly 100 countries worldwide. But unlike past investigations into the distribution of child porn, which typically involve targeting suspects individually, police have instead seized over 1.2 petabytes of data ... from a data center responsible for storing the material, and may even attempt to lay criminal charges against its operators, too.

"What we are alleging is occurring is that there are individuals and organizations that are profiting from the storage and the exchange of child sexual exploitation material," Scott Tod, Deputy Commissioner of the Ontario Provincial Police (OPP), told Motherboard at a conference late last month, after speaking to a crowd of defense specialists. "They store it and they provide a secure website that you can log into, much like people do with illegal online gaming sites."

38 of 199 comments (clear)

  1. 1.2 what? by Anonymous Coward · · Score: 5, Funny

    1.2 pedobytes.

    1. Re:1.2 what? by hawguy · · Score: 4, Funny

      1.2 pedobytes.

      According to the article, they seized more than 4 times more child porn than the Library of Congress has.

      But unlike past investigations into the distribution of child porn, which typically involve targeting suspects individually, police have instead seized over 1.2 petabytes of data—more than four times the amount of data in the US Library of Congress

      I'm kind of surprised that all congress could only manage to accumulate 300TB of child porn.

    2. Re:1.2 what? by Anonymous Coward · · Score: 2, Funny

      Budget cutbacks.

    3. Re:1.2 what? by davester666 · · Score: 2

      And then there is the one guy in the basement, whose job it is to decide "is this child porn good enough for Congress" and then upload it to a server for Congressmen to access...

      --
      Sleep your way to a whiter smile...date a dentist!
    4. Re:1.2 what? by Shoten · · Score: 4, Insightful

      1.2 pedobytes.

      According to the article, they seized more than 4 times more child porn than the Library of Congress has.

      But unlike past investigations into the distribution of child porn, which typically involve targeting suspects individually, police have instead seized over 1.2 petabytes of data—more than four times the amount of data in the US Library of Congress

      I'm kind of surprised that all congress could only manage to accumulate 300TB of child porn.

      Actually, they seized 1.2 petabytes of data, not child porn.

      The situation is that this is a data center. So that means SANs and virtual hosts. SANs mean that you don't just have a 1-to-1 relationship between a hard drive (or even a hard drive array) and a computer. And virtual hosting means you don't have a 1-to-1 relationship between a server and a website. So I'd bet my paycheck that they went in with a broad net, grabbing every SAN that they thought contained child porn. In essence, they grabbed the whole data center so that they can figure out just how much of it...and which of it...is actual evidence.

      --

      For your security, this post has been encrypted with ROT-13, twice.
  2. Why stop at Operators? by Anonymous Coward · · Score: 2

    Charge Intel for making CPU's!
    Charge Microsoft for making computer software!
    Charge Alexander Graham Bell for inventing the telephone!

    1. Re:Why stop at Operators? by AK+Marc · · Score: 3, Interesting

      Why charge anyone? Civil forfeiture of all assets held by Intel, MS, and anyone associated with making any of the servers or owning any of the servers in this case. When civil forfeiture is used as broadly as used in the drug war, it would be ended quickly.

      --
      Learn to love Alaska
    2. Re:Why stop at Operators? by bobbied · · Score: 4, Funny

      Charge Intel for making CPU's!

      Charge Microsoft for making computer software!

      Charge Alexander Graham Bell for inventing the telephone!

      Charge Al Gore for inventing the INTERNET! Now that's a crime...

      --
      "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
  3. Secure is now illegal by oic0 · · Score: 4, Interesting

    So they are guilty for providing secure online storage. Apparently you aren't allowed to supply secure storage, you have to snoop through your users content to make sure its not illegal... Also land lords much search all apartments, banks must search safety deposit boxes, storage rental owners must search their units.

    1. Re:Secure is now illegal by ArchieBunker · · Score: 2

      Were they aware of the contents?

      --
      Only the State obtains its revenue by coercion. - Murray Rothbard
    2. Re:Secure is now illegal by blueg3 · · Score: 2

      In my limited experience seeing these cases go by, no.

      It's usually hard to convict these child porn cases unless you can demonstrate that the perpetrator action's were knowing and willful. Yes, some of the laws aren't like that and are strict liability, which sucks. Yes, some unwise prosecutors indict on absolutely ridiculous cases, and that sucks. But in general, if you're going to actually get a conviction in court, you really need to be able to demonstrate that the guy did it knowingly and willfully.

      Even then, if your evidence of intent is too deeply technical, you conviction is at risk, because a jury absolutely hates any deep technical discussions (they are not, in general, technically-minded people). So Web browser data, for example, sucks. If you find CP images in a browser cache, then you've got to demonstrate that they got there by willful action and not by mistake. (After all, both the forensic investigator and the defense know full well that you can get porn in your browser cache with one accidental misclick.) So you've got to connect Web browser history (which used to be shorter-lived than cache entries) to the CP, which is somewhat technically complicated, and as mentioned, technical explanations are looked down on. It's worse if you find CP in unallocated space on a hard drive -- now you've really got your work cut out for you. But, I digress.

      Fortunately for the prosecutor, the gross majority of people they catch make it easy. They take zero of the half-assed paranoid steps that any armchair expert on Slashdot will tell you to follow. No encryption, no "download and secure erase" policy, etc. No, they download, organize, and label hundreds of gigabytes of child porn.

      Anyway, in practice, mens rea really is necessary to get a conviction. Which means one of two things here: either the prosecutor in this case is looking to make headlines and is making a bad decision (namely, they'll get their headlines but not a conviction); or, more likely, the host has knowingly harbored CP -- perhaps even specifically sought out this business, has chosen to do nothing about it, and there is substantial evidence to demonstrate this. (I think the latter is more likely not because of my faith in prosecutors, but rather because businesses providing "secure storage" but explicitly and knowingly catering to this kind of business abound.)

    3. Re:Secure is now illegal by compro01 · · Score: 2

      Pros3cut0rz need to periodically run for reelection.

      Not in this case. Crown Attorneys in Canada are civil employees, not elected positions.

      --
      upon the advice of my lawyer, i have no sig at this time
    4. Re:Secure is now illegal by s.petry · · Score: 3, Interesting

      For posterity, nowhere does the article claim that the 1.2 Petabytes is all child pornography. The company claims that most of the data is not, but I guess that is a secondary issue. Holding the company responsible is idiotic unless they were complicit in the crime. Did they refuse to take action that the courts claimed they needed to with the data? Try to hide the data when cops came looking? I don't see any of those things, so IMHO this is a scare tactic attempting to get people to do what GP stated: "have companies snoop through all user data" which is asinine.

      I'm of the personal opinion that people involved in child porn should be jailed for life without parole if they are found guilty. The rule of law can not be tossed out the window because of my emotion on the topic. That is called chaos or anarchy, and we are supposed to be civilized.

      --

      -The wise argue that there are few absolutes, the fool argues that there are no probabilities.

    5. Re:Secure is now illegal by Firethorn · · Score: 2

      You are a little off track in you car analogy. The space in not just rented it is managed and redistributed to more akin to a taxi service.

      I stand by 'rental car' as opposed to 'taxi' because of the level of hands-on personal interaction required of the data, IE 'none'.

      I agree though, they need to go after the producers. Though at this point I can't help but think that many of them have probably already been punished, or are even dead.

      --
      I don't read AC A human right
  4. So what, the DC are gonna be gatekeepers now ? by ScottJermaineGuyton · · Score: 3, Informative

    “There's no proactive obligation to investigate what happens on your service," said Tamir Israel, a staff lawyer at the Canadian Internet Policy & Public Interest Clinic (CIPPIC). “If you do become aware that something is there, there's a reporting obligation. But usually data centers aren't actively looking through their stuff, so it's reasonable to say that they wouldn't have come across that." Nobody's got time for that!

    1. Re:So what, the DC are gonna be gatekeepers now ? by BitterOak · · Score: 4, Insightful

      "Ignorance is no excuse." ...ahem...even if there's no possible, reasonable, or legal way of ever knowing.

      I believe the phrase is "Ignorance of the law is no excuse." It means that if you willfully commit an act, and that act happens to be illegal, then you are criminally liable even if you didn't know the act in question is illegal. That is to say, you don't have to have to form an intent to break the law, you merely have to form an intent (and act on that intent) to commit some action, and that action has to be illegal.

      What's at issue here isn't ignorance of the law, but ignorance of the facts, and that, oftentimes, is an excuse. Although possession of child pornography is illegal in most jurisdictions, almost all the statues generally say something along the lines of "it is unlawful to knowingly possess...". There is a very practical reason for this: absent the word "knowingly", anyone could simply e-mail anyone else some images that are illegal, and the recipient could be criminally liable for possession even if they hit the delete key immediately upon seeing it. Defendants could e-mail such images to prosecutors and judges and said prosecutors and judges would be guilty of the same crime the defendant is accused of.

      So it is very relevant here whether or not the owners, administrators, or employees of the data storage service knew that they were storing child pornography.

      --
      If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
  5. Not Dumb.... by GrumpySteen · · Score: 5, Informative

    Not stupid. Just clickbait.

    If you actually read the article, it says "charges will likely hinge on the degree to which employees knew such activity was taking place." Nobody is going to get charged unless there's evidence that they knew they were hosting child porn and did nothing about it.

    1. Re:Not Dumb.... by ganjadude · · Score: 5, Informative

      really??? you mean that the CIO should be looking at encrypted data that he has no rights to???

      --
      have you seen my sig? there are many others like it but none that are the same
    2. Re:Not Dumb.... by GrumpySteen · · Score: 2

      âoeIf you do become aware that something is there, there's a reporting obligation. But usually data centers aren't actively looking through their stuff, so it's reasonable to say that they wouldn't have come across that."

      Most data centers don't make a point of snooping through all of their customers' data. If you want to open a data center that does so, let us know just how many customers found that to be an acceptable practice during your bankruptcy.

    3. Re:Not Dumb.... by Antique+Geekmeister · · Score: 3, Informative

      Given storage work I've done, when you're hosting that much content and that much traffic, it's almost _always_ pornographic. I do hope that the Canadian courts can be sensible about what is specifically and knowingly hosted, and what is treated in a hands-off fashion like US "common carrier" standards require.

      I'll be even more fascinated to see if any intelligence agencies know about child porn and refused to reveal or prosecute its source, due to a desire to keep their monitoring secret. We've certainly seen that in the USA.

    4. Re:Not Dumb.... by Antique+Geekmeister · · Score: 3, Interesting

      I was referring to the various reports around 2010 and 2011 saying that over 30% of the Internet content was porn. Those numbers have been called into question (http://www.bbc.com/news/technology-23030090), but from network experience and dealings with bulk storage and network traffic, I'll continue to claim that it's the most _likely_ content of any single Petabyte sized archive. I'll agree that it's not the only possible content of such a large repository.

      You've a valid point that "it''s still legal" for ordinary pornography, at least in most countries. Child porn is the political leverage used to censor or filter Internet content in many countries. I'll be quite curious to see if this case actually involved child porn, or if it was merely distasteful or a means to get other traffic data for the prosecutors.

      There was n infamous case about Amateur Action BBS, a very popular porn site that was framed for dealing in child porn. The frame failed, since they did not even open the box of content they hadn't ordered, but the postal inspector from Tennessee succeeded in convicting a California couple for content that was previously ruled to be constitutionally protected in California.. The history is fascinating: there was a good thread at the time in EFF discussion groups, still available at http://groups.csail.mit.edu/ma... b

    5. Re:Not Dumb.... by Antique+Geekmeister · · Score: 2

      > Adult pornography on the internet is actually illegal in the US

      Could you provide a citation or evidence of this, please? There have certainly been attempts to regulate it, with mixed results. But even casual research leads very quickly to the Supreme Court case that struck down porongraphy provisions of the Communications Decency Act. ( http://en.wikipedia.org/wiki/R...) And even that unconstitutional law attempted to restrict pornography to minors, not pornography as a whole.

      There was a particularly memorable quote in the Supreme Court case, one to keep in mind when filtering Internet traffic. That includes this, and the recent blocking of ISIS traffic on twitter.

      > Through the use of chat rooms, any person with a phone line can become a town crier with a voice that resonates farther than it could from any soapbox. Through the use of Web pages, mail exploders, and newsgroups, the same individual can become a pamphleteer.

  6. 1.2 PETABYTES??? by Anonymous Coward · · Score: 4, Interesting

    Something isnt adding up. That's the kind of volume I would expect for an aspiring XHampster and a much wider legit audience, petabytes of child porn just doesn't seem possible. That's what, a couple of hundred gigabytes for each of the accused? Potentially hundreds of thousands of hours of video? Who the hell could have produced that much????

    This sounds like BS to force datacentres to give backdoors to the feds.

    1. Re:1.2 PETABYTES??? by gweihir · · Score: 4, Insightful

      Same here. If we assume 1GB/h, that would be 1.2 million hours of film, i.e. 140 years. That is a bit much to be credible. Seems to me some people are trying to abuse the victims even more in order to get more funding and more surveillance laws.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  7. SummaryBait by michaelmalak · · Score: 3, Informative

    charges will likely hinge on the degree to which employees knew such activity was taking place

    1. Re:SummaryBait by SecurityGuy · · Score: 2

      Yes, but it's interesting it's even being talked about. Normally, when a crime is committed, you don't also immediately consider indicting the owner of the facility it happened in...unless there's specific evidence they're involved that isn't being made public.

      If this is the garden variety case where there's no reason to think the data center operators are involved, then of course this is massive overreach.

  8. Re:Good question by nedlohs · · Score: 2

    How does that make a difference in Canada?

  9. Re:Everyone Must Police their users! by gweihir · · Score: 2

    First, the DC would not know the number of users. Second, 1.2PB is not that much. It can fit into a single rack, of which a DC may have hundreds.

    My guess would be that whoever is suspecting DC personnel does not understand the technology involved. Same as you.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  10. Re:Terms of Service by Runaway1956 · · Score: 5, Interesting

    Yes - and THAT is what is wrong with the cloud. Unless you are encrypting it independently before uploading, your stuff is going to be scanned for various purposes. All of those purposes are detrimental to your privacy. It's great that they took down a pedo ring - IF they really took down a pedo ring. But, they are going to use this as an excuse or reason to continue spying on all honest citizens.

    --
    "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
  11. Great cause, dumb ass cops by LostMyBeaver · · Score: 5, Interesting

    I hate articles like this.

    They say "To access the files, many of which are password protected, the cops developed password-cracking software in-house that is slowly sifting through the mountain of information."

    Uh... I'll translate this to, the files are all protected with easy to remember, dictionary based passwords and they wrote a script which uses a rainbow list to try each one which is why it's so damn slow.

    When you read shit statements made by whoever provided the interview to whoever actually performed it and realize they're both clueless, it becomes really hard to take the rest of the article seriously. It's like when you read a CV from a fry boy at McDonalds who writes "Food preparation technician", you just can't expect everything else to be embellished in order to sound more important.

    Another example of "STUPID!!!" is :
    "The volume of information is so expansive that in order to store and analyze the data safely and securely, police had to purchase storage hardware similar to what was used by Canadian military forces in Afghanistan."

    Computer crimes forensics has to be handled very carefully. If you alter the data, it's inadmissible in most courts as it's tampering with evidence. The FBI paid millions to write data handling procedures following the public beating they took on the gloves in the OJ case. So, it's important to have a backup and some way to read the data without altering it... or they need to keep a copy.

    A 1.2 petabyte SAN can be done in 16U for analysis using 6TB drives and Cisco 3160 servers. For unaltered storage, there are tape drives. They're slow and they're inefficient, but they're an accepted medium for evidence.

    So, making dumb ass statements like "we needed 1.2TB of hard drives and a workstation" as making some idiotic remark like how they've gone war zone grade was just LAME!

    Nailing the data center is a great idea EXCEPT!!! they probably run almost all that crap through Tor and use BitCoin now. So, if there is actually any real traceable information to be had, they just passed up their best opportunity to planting a proper honeypot and actually busting the people using the site. They could have put "dating sites" like "find an anonymous live show in your area" and the pervs who are using telephones can provide their locations via GPS. Then they can track and bust them.

    Instead, they've just done what the police have found so successful with the Pirate Bay and the site will be moved somewhere else next week or month and they won't have a clue what to do about it.

    Let's be honest, these fool cops probably just secured the safety of the pedophiles for a while longer.

    1. Re:Great cause, dumb ass cops by complete+loony · · Score: 4, Insightful

      To access the files, many of which are password protected, the cops developed password-cracking software in-house that is slowly sifting through the mountain of information.

      So the real take away is that they have no idea how much of this 1.2 PB is actually child porn. What they have is a file sharing / web hosting service with 1.2 PB of data, provided by users, some of which they know is child porn.

      --
      09F91102 no, 455FE104 nope, F190A1E8 uh-uh, 7A5F8A09 that's not it, C87294CE no. Ah! 452F6E403CDF10714E41DFAA257D313F.
    2. Re:Great cause, dumb ass cops by zildgulf · · Score: 2

      No, these cops want to scare the sh*t out of data center employees because they can. They don't care that they probably cannot convict a single person, the process of arrest and the prospect of months of imprisonment without any evidence, and withholding necessary medical care, is enough for people to make a plea deal.

      When the police want to make your life hell they can arrest you every other week, trumping up charges and dropping them within hours, and seize your property until you can't pay your lawyer anymore. Nothing short of them being fired or prosecuted would make it stop.

  12. Re:don't for get google for linking to sites as we by ganjadude · · Score: 2

    might as well take it to the next logical step.

    its on the internet....

    you are on the internet.....

    therefore you are guilty for possessing illegal materials!

    --
    have you seen my sig? there are many others like it but none that are the same
  13. Re:Roads are now illegal by ganjadude · · Score: 2

    yes... what reason did this officer stop you to begin with???? if you werent breaking any law, there is no good reason for it*

    * - if it were in america, i will admit i dont know canadas laws all too well

    --
    have you seen my sig? there are many others like it but none that are the same
  14. Great... by Mashiki · · Score: 3, Interesting

    These are the same fucking retards that can't even properly secure evidence when Wynns government decided to violate the data protection laws and deleted not only primary, but backup data when there was a standing warrant regarding to the massive scandal relating to the gas plants. You'll have to excuse me if I don't have any faith in the information provided at all. Hell, their general force is in 80/90's era computer technology.

    What's gonna get good is that they pulled a blanket seizure with a warrant that was for specific data. That's a no-no guys, the judge stated one thing you stupid idjits did something else. I'm going to hazard it'll get to court and the entire thing will be thrown out because they overstepped the bounds of the original seizure warrant.

    --
    Om, nomnomnom...
  15. Re:Roads are now illegal by AJWM · · Score: 2

    You don't have to be actually breaking the law, the cop just has to have a reasonable suspicion that you might be.

    Many, many years ago as a teenager I got stopped by an on-foot cop (I was pulling out of a fast food place). Turns out he recognized the license plate because the car (my mom's) had been stolen (for joy rides) several times before (easy to hotwire, and predating ignition locks in the steering column). I wasn't breaking any law, but the stop was justified on suspicion. Since the last name and address on my license matched the registration, of course he waved me on as soon as I'd shown them to him.

    --
    -- Alastair
  16. Just because they call it pedo doesn't mean it is by Anonymous Coward · · Score: 5, Insightful

    This is a file sharing site, it almost certainly is 1.2 petabytes of regular porn, movies and music. But its encrypted so they don't know.

    How do you force decryption? You play the "think of the children" card.

    So they threaten the file host to get them to install some sort of webbugs and remove the decryption. Presumably they're threatening lots of the file hosts in a similar fashion.. "remove the encryption or well find one pedo file on there and claim its all pedo and bust you with screams of 'military grade hardware' and 1.2 TB drives.. blah blah blah.

    What this means is that a file host refused to comply with their mass surveillance demands and so they're playing their pedo panic card. Perhaps the terrorist card will be played after that.

    And people like you will do your marketing (and it is clearly marketing) for this. You even talk like one " If they were providing secure online storage to people whom they knew or should have known". Right.

  17. Re:Child Gender by c6gunner · · Score: 2

    I can answer your question: yes, they do. You don't have to look for illegal content, you can:

    1. Look for "fantasy stories" published by "child lovers". You'll find plenty that involve female adults with male or female children, indicating a - for lack of a better term - demand for that market.
    2. Google "woman charged for creating child porn". You'll find at least a few cases of women who molested young children (preteens) and distributed the resulting material.

    You can also look up cases like Karla Homolka, an infamous Canadian woman who was charged and sentenced for helping her husband rape and murder several young girls, including her own sister.

    The depravity of the human mind is certainly not limited to the male sex.