Police Could Charge Data Center Operators In the Largest Child Porn Bust Ever

← Back to Stories (view on slashdot.org)

Police Could Charge Data Center Operators In the Largest Child Porn Bust Ever

Posted by Soulskill on Monday March 2, 2015 @01:11PM from the enforcing-due-diligence dept.

sarahnaomi sends this report from Motherboard: Canadian police say they've uncovered a massive online file sharing network for exploitative material that could involve up to 7,500 users in nearly 100 countries worldwide. But unlike past investigations into the distribution of child porn, which typically involve targeting suspects individually, police have instead seized over 1.2 petabytes of data ... from a data center responsible for storing the material, and may even attempt to lay criminal charges against its operators, too.

"What we are alleging is occurring is that there are individuals and organizations that are profiting from the storage and the exchange of child sexual exploitation material," Scott Tod, Deputy Commissioner of the Ontario Provincial Police (OPP), told Motherboard at a conference late last month, after speaking to a crowd of defense specialists. "They store it and they provide a secure website that you can log into, much like people do with illegal online gaming sites."

21 of 199 comments (clear)

Min score:

Reason:

Sort:

1.2 what? by Anonymous Coward · 2015-03-02 13:14 · Score: 5, Funny

1.2 pedobytes.
1. Re:1.2 what? by hawguy · 2015-03-02 13:23 · Score: 4, Funny
  
  1.2 pedobytes.
  According to the article, they seized more than 4 times more child porn than the Library of Congress has.
  
  But unlike past investigations into the distribution of child porn, which typically involve targeting suspects individually, police have instead seized over 1.2 petabytes of data—more than four times the amount of data in the US Library of Congress
  I'm kind of surprised that all congress could only manage to accumulate 300TB of child porn.
2. Re:1.2 what? by Shoten · 2015-03-03 00:55 · Score: 4, Insightful
  
  1.2 pedobytes.
  According to the article, they seized more than 4 times more child porn than the Library of Congress has.
  
  But unlike past investigations into the distribution of child porn, which typically involve targeting suspects individually, police have instead seized over 1.2 petabytes of data—more than four times the amount of data in the US Library of Congress
  I'm kind of surprised that all congress could only manage to accumulate 300TB of child porn.
  Actually, they seized 1.2 petabytes of data, not child porn.
  The situation is that this is a data center. So that means SANs and virtual hosts. SANs mean that you don't just have a 1-to-1 relationship between a hard drive (or even a hard drive array) and a computer. And virtual hosting means you don't have a 1-to-1 relationship between a server and a website. So I'd bet my paycheck that they went in with a broad net, grabbing every SAN that they thought contained child porn. In essence, they grabbed the whole data center so that they can figure out just how much of it...and which of it...is actual evidence.
  
  --
  
  For your security, this post has been encrypted with ROT-13, twice.
Secure is now illegal by oic0 · 2015-03-02 13:19 · Score: 4, Interesting

So they are guilty for providing secure online storage. Apparently you aren't allowed to supply secure storage, you have to snoop through your users content to make sure its not illegal... Also land lords much search all apartments, banks must search safety deposit boxes, storage rental owners must search their units.
1. Re:Secure is now illegal by s.petry · 2015-03-02 15:55 · Score: 3, Interesting
  
  For posterity, nowhere does the article claim that the 1.2 Petabytes is all child pornography. The company claims that most of the data is not, but I guess that is a secondary issue. Holding the company responsible is idiotic unless they were complicit in the crime. Did they refuse to take action that the courts claimed they needed to with the data? Try to hide the data when cops came looking? I don't see any of those things, so IMHO this is a scare tactic attempting to get people to do what GP stated: "have companies snoop through all user data" which is asinine.
  I'm of the personal opinion that people involved in child porn should be jailed for life without parole if they are found guilty. The rule of law can not be tossed out the window because of my emotion on the topic. That is called chaos or anarchy, and we are supposed to be civilized.
  
  --
  -The wise argue that there are few absolutes, the fool argues that there are no probabilities.
So what, the DC are gonna be gatekeepers now ? by ScottJermaineGuyton · 2015-03-02 13:26 · Score: 3, Informative

“There's no proactive obligation to investigate what happens on your service," said Tamir Israel, a staff lawyer at the Canadian Internet Policy & Public Interest Clinic (CIPPIC). “If you do become aware that something is there, there's a reporting obligation. But usually data centers aren't actively looking through their stuff, so it's reasonable to say that they wouldn't have come across that." Nobody's got time for that!
1. Re:So what, the DC are gonna be gatekeepers now ? by BitterOak · 2015-03-02 16:16 · Score: 4, Insightful
  
  "Ignorance is no excuse." ...ahem...even if there's no possible, reasonable, or legal way of ever knowing.
  I believe the phrase is "Ignorance of the law is no excuse." It means that if you willfully commit an act, and that act happens to be illegal, then you are criminally liable even if you didn't know the act in question is illegal. That is to say, you don't have to have to form an intent to break the law, you merely have to form an intent (and act on that intent) to commit some action, and that action has to be illegal.
  What's at issue here isn't ignorance of the law, but ignorance of the facts, and that, oftentimes, is an excuse. Although possession of child pornography is illegal in most jurisdictions, almost all the statues generally say something along the lines of "it is unlawful to knowingly possess...". There is a very practical reason for this: absent the word "knowingly", anyone could simply e-mail anyone else some images that are illegal, and the recipient could be criminally liable for possession even if they hit the delete key immediately upon seeing it. Defendants could e-mail such images to prosecutors and judges and said prosecutors and judges would be guilty of the same crime the defendant is accused of.
  So it is very relevant here whether or not the owners, administrators, or employees of the data storage service knew that they were storing child pornography.
  
  --
  If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
Not Dumb.... by GrumpySteen · 2015-03-02 13:28 · Score: 5, Informative

Not stupid. Just clickbait.
If you actually read the article, it says "charges will likely hinge on the degree to which employees knew such activity was taking place." Nobody is going to get charged unless there's evidence that they knew they were hosting child porn and did nothing about it.
1. Re:Not Dumb.... by ganjadude · 2015-03-02 14:32 · Score: 5, Informative
  
  really??? you mean that the CIO should be looking at encrypted data that he has no rights to???
  
  --
  have you seen my sig? there are many others like it but none that are the same
2. Re:Not Dumb.... by Antique+Geekmeister · 2015-03-02 15:02 · Score: 3, Informative
  
  Given storage work I've done, when you're hosting that much content and that much traffic, it's almost _always_ pornographic. I do hope that the Canadian courts can be sensible about what is specifically and knowingly hosted, and what is treated in a hands-off fashion like US "common carrier" standards require.
  I'll be even more fascinated to see if any intelligence agencies know about child porn and refused to reveal or prosecute its source, due to a desire to keep their monitoring secret. We've certainly seen that in the USA.
3. Re:Not Dumb.... by Antique+Geekmeister · 2015-03-02 16:17 · Score: 3, Interesting
  
  I was referring to the various reports around 2010 and 2011 saying that over 30% of the Internet content was porn. Those numbers have been called into question (http://www.bbc.com/news/technology-23030090), but from network experience and dealings with bulk storage and network traffic, I'll continue to claim that it's the most _likely_ content of any single Petabyte sized archive. I'll agree that it's not the only possible content of such a large repository.
  You've a valid point that "it''s still legal" for ordinary pornography, at least in most countries. Child porn is the political leverage used to censor or filter Internet content in many countries. I'll be quite curious to see if this case actually involved child porn, or if it was merely distasteful or a means to get other traffic data for the prosecutors.
  There was n infamous case about Amateur Action BBS, a very popular porn site that was framed for dealing in child porn. The frame failed, since they did not even open the box of content they hadn't ordered, but the postal inspector from Tennessee succeeded in convicting a California couple for content that was previously ruled to be constitutionally protected in California.. The history is fascinating: there was a good thread at the time in EFF discussion groups, still available at http://groups.csail.mit.edu/ma... b
1.2 PETABYTES??? by Anonymous Coward · 2015-03-02 13:40 · Score: 4, Interesting

Something isnt adding up. That's the kind of volume I would expect for an aspiring XHampster and a much wider legit audience, petabytes of child porn just doesn't seem possible. That's what, a couple of hundred gigabytes for each of the accused? Potentially hundreds of thousands of hours of video? Who the hell could have produced that much????
This sounds like BS to force datacentres to give backdoors to the feds.
1. Re:1.2 PETABYTES??? by gweihir · 2015-03-02 14:11 · Score: 4, Insightful
  
  Same here. If we assume 1GB/h, that would be 1.2 million hours of film, i.e. 140 years. That is a bit much to be credible. Seems to me some people are trying to abuse the victims even more in order to get more funding and more surveillance laws.
  
  --
  Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Re:Why stop at Operators? by AK+Marc · 2015-03-02 13:40 · Score: 3, Interesting

Why charge anyone? Civil forfeiture of all assets held by Intel, MS, and anyone associated with making any of the servers or owning any of the servers in this case. When civil forfeiture is used as broadly as used in the drug war, it would be ended quickly.

--
Learn to love Alaska
SummaryBait by michaelmalak · 2015-03-02 13:43 · Score: 3, Informative

charges will likely hinge on the degree to which employees knew such activity was taking place
Re:Terms of Service by Runaway1956 · 2015-03-02 14:22 · Score: 5, Interesting

Yes - and THAT is what is wrong with the cloud. Unless you are encrypting it independently before uploading, your stuff is going to be scanned for various purposes. All of those purposes are detrimental to your privacy. It's great that they took down a pedo ring - IF they really took down a pedo ring. But, they are going to use this as an excuse or reason to continue spying on all honest citizens.

--
"Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
Great cause, dumb ass cops by LostMyBeaver · 2015-03-02 14:23 · Score: 5, Interesting

I hate articles like this.

They say "To access the files, many of which are password protected, the cops developed password-cracking software in-house that is slowly sifting through the mountain of information."

Uh... I'll translate this to, the files are all protected with easy to remember, dictionary based passwords and they wrote a script which uses a rainbow list to try each one which is why it's so damn slow.

When you read shit statements made by whoever provided the interview to whoever actually performed it and realize they're both clueless, it becomes really hard to take the rest of the article seriously. It's like when you read a CV from a fry boy at McDonalds who writes "Food preparation technician", you just can't expect everything else to be embellished in order to sound more important.

Another example of "STUPID!!!" is :
"The volume of information is so expansive that in order to store and analyze the data safely and securely, police had to purchase storage hardware similar to what was used by Canadian military forces in Afghanistan."

Computer crimes forensics has to be handled very carefully. If you alter the data, it's inadmissible in most courts as it's tampering with evidence. The FBI paid millions to write data handling procedures following the public beating they took on the gloves in the OJ case. So, it's important to have a backup and some way to read the data without altering it... or they need to keep a copy.

A 1.2 petabyte SAN can be done in 16U for analysis using 6TB drives and Cisco 3160 servers. For unaltered storage, there are tape drives. They're slow and they're inefficient, but they're an accepted medium for evidence.

So, making dumb ass statements like "we needed 1.2TB of hard drives and a workstation" as making some idiotic remark like how they've gone war zone grade was just LAME!

Nailing the data center is a great idea EXCEPT!!! they probably run almost all that crap through Tor and use BitCoin now. So, if there is actually any real traceable information to be had, they just passed up their best opportunity to planting a proper honeypot and actually busting the people using the site. They could have put "dating sites" like "find an anonymous live show in your area" and the pervs who are using telephones can provide their locations via GPS. Then they can track and bust them.

Instead, they've just done what the police have found so successful with the Pirate Bay and the site will be moved somewhere else next week or month and they won't have a clue what to do about it.

Let's be honest, these fool cops probably just secured the safety of the pedophiles for a while longer.
1. Re:Great cause, dumb ass cops by complete+loony · 2015-03-02 16:30 · Score: 4, Insightful
  
  To access the files, many of which are password protected, the cops developed password-cracking software in-house that is slowly sifting through the mountain of information.
  So the real take away is that they have no idea how much of this 1.2 PB is actually child porn. What they have is a file sharing / web hosting service with 1.2 PB of data, provided by users, some of which they know is child porn.
  
  --
  09F91102 no, 455FE104 nope, F190A1E8 uh-uh, 7A5F8A09 that's not it, C87294CE no. Ah! 452F6E403CDF10714E41DFAA257D313F.
Re:Why stop at Operators? by bobbied · 2015-03-02 14:28 · Score: 4, Funny

Charge Intel for making CPU's!
Charge Microsoft for making computer software!
Charge Alexander Graham Bell for inventing the telephone!
Charge Al Gore for inventing the INTERNET! Now that's a crime...

--
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
Great... by Mashiki · 2015-03-02 15:10 · Score: 3, Interesting

These are the same fucking retards that can't even properly secure evidence when Wynns government decided to violate the data protection laws and deleted not only primary, but backup data when there was a standing warrant regarding to the massive scandal relating to the gas plants. You'll have to excuse me if I don't have any faith in the information provided at all. Hell, their general force is in 80/90's era computer technology.
What's gonna get good is that they pulled a blanket seizure with a warrant that was for specific data. That's a no-no guys, the judge stated one thing you stupid idjits did something else. I'm going to hazard it'll get to court and the entire thing will be thrown out because they overstepped the bounds of the original seizure warrant.

--
Om, nomnomnom...
Just because they call it pedo doesn't mean it is by Anonymous Coward · 2015-03-02 16:12 · Score: 5, Insightful

This is a file sharing site, it almost certainly is 1.2 petabytes of regular porn, movies and music. But its encrypted so they don't know.
How do you force decryption? You play the "think of the children" card.
So they threaten the file host to get them to install some sort of webbugs and remove the decryption. Presumably they're threatening lots of the file hosts in a similar fashion.. "remove the encryption or well find one pedo file on there and claim its all pedo and bust you with screams of 'military grade hardware' and 1.2 TB drives.. blah blah blah.
What this means is that a file host refused to comply with their mass surveillance demands and so they're playing their pedo panic card. Perhaps the terrorist card will be played after that.
And people like you will do your marketing (and it is clearly marketing) for this. You even talk like one " If they were providing secure online storage to people whom they knew or should have known". Right.