Slashdot Mirror
Australian Authorities Hacked Computers in the US (vice.com)
Motherboard is reporting that Australian authorities hacked Tor users in the United States as part of a child pornography investigation. The revelation comes through recently-filed US court documents. The incident underscores a trend where law enforcement around the world are increasingly pursuing targets overseas using hacking tools, raising legal questions around agencies' reach. From the report: In one case, Australian authorities remotely hacked a computer in Michigan to obtain the suspect's IP address. "The Love Zone" was a prolific dark web child abuse site, where users were instructed to upload material at least once a month to maintain access to the forum. By July 2014, the site had over 29,000 members, according to US court documents, constituting what the US Department of Justice described as a "technologically sophisticated conspiracy." In 2014, Queensland Police Service's Task Force Argos, a small, specialised unit focused on combating child exploitation crimes, identified the site's Australian administrator in part because of a localized greeting he signed messages with. The unit quietly took over his account, and for months ran the site in an undercover capacity, posing as its owner. Task Force Argos' logo includes a scorpion, and the tagline "Leave No Stone Unturned." Because The Love Zone was based on the dark web, users typically connected via the Tor network, masking their IP addresses even from the law enforcement agents who were secretly in control of the site. Task Force Argos could see what the users were viewing, and what pages they were visiting, but not where they were really connecting from.
While the question of foreign police and governments using their resources to hack into computers and civilians of other nations is an interesting one, I have NO problem with using all technology and methods available to shut down child porn rings.
No, fire your lawyer. Compiling with GCC is explicitly called out as not making your code GPL.
raising legal questions around agencies' reach.
Queensland Police Service's Task Force Argos, a small, specialised unit focused on combating child exploitation crimes, identified the site's Australian administrator in part because of a localized greeting he signed messages with.
In other words, an Australian law enforcement agency was going after an Australian running a child porn site. Yeah, that is totally out of bounds for them. Who would ever think a country would have jurisdiction over people committing crimes in their country.
Child pornography has no borders. Based on the hyperbole from Motherboard we can presume they support child pornographers to be protected so they can continue raping one and two-year olds because that's what's most important.
We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
This doesn't surprise me. Now if they would just track down that Nigerian Prince and all the other scammers that are preying on the elderly and uninformed. Instead, when someone reports that they were scammed out of their life savings, they get told "Man, that must suck. There isn't anything we can really do about it because they are in [Insert Country Here] and we don't have a way to get to them."
I have started holding free internet safety classes at our public library to try to help curtail things like this, but I still see / hear about someone new having been scammed almost daily.
The US does it all the time to our allies. No one has any reason to whine.
Redundant troll post...
Happiness in intelligent people is the rarest thing I know.
Ernest Hemingway
TOR END POINT = chilld sex offender that after they get out will be blacked listed form just about all work and may just do what it takes to get back in.
I know you're just a redundant copy-paste asshat troll. But seriously, GPL got you down with Linux? Just move to BSD. Problem solved.
First, your claims about the GPL are simply incorrect. And even if they were, you still started doing something without having a clue about what you were dealing with. So, nice cry story, but completely your own fault.
It doesn't have to be like this. All we need to do is make sure we keep talking.
Did the Queensland Police hack any computers? They appear to have simply sent emails containing links. When the link was clicked, the IP address of the mail client as recorded.
From the TLA:
>> Details on how exactly this was achieved are limited, but according to a court document from another case,
>> “When a user clicked on that hyperlink, the user was advised that the user was attempting to open a video
>> file from an external website. If the user chose to open the file, a video file containing images of child pornography
>> began to play, and the FLA [foreign law enforcement agency] captured and recorded the IP address of the user accessing the file.”
So it doesn't appear that any code was inserted into the target computer. The offenders didn't follow good opsec - they clicked on a link while they were not connected to a TOR proxy.
As for jurisdiction - it appears that the server was moved to Brisbane. Again from the TLA:
>> At one point, The Love Zone server was also reportedly moved to Brisbane, giving Task Force Argos,
>> the Queensland Police Service unit that took over the site, access to every private message on the site.
If the server was located in Queensland, then Queensland court orders could legitimately apply to it. So no evidence of hacking or of extra-territoriality. Move along folks, no misconduct, just good police work.
Remember the right-wing screaming the phrase 'One World Government!' at the top of their lungs during the nineties?
Well, Righties, it appears the extra-judicial organs of state security have already faited that accompli.
Anyone in Australia hacking anything in the US should result in criminal charges (not that it'd ever go to trial unless the perpetrator actually found his or her way to US soil). Period. It doesn't matter if the person doing the hacking is a private citizen or the prime minister.
That said, the "hacking" they're talking about seems to have been giving the guy a link a hyperlink. Calling giving someone a hyperlink and them clicking it a "hack" is a stretch, imo, if that hyperlink doesn't do anything other than connect to a web site. If it downloaded malware or something similar, then ok, but it doesn't sound like that's what happened.
If the Australian authorities found any of the 30k emails from the notorious HRC, we'd love to see them.
What if the cops are actually pedophiles? There are cops that are convicted of child porn. There are 3 in the past decade in Florida alone and most of them worked either with or along side cyber crime units. My guess is they are introduced to it and/or obtain most of it from work. One guy took an entire flash drive of content and kept it in his locked gun case at home. Another guy was jerking off at his desk in the fucking police station when no one was around. Yet another was touching kids in his squad car. Did they get permission from parents of these children to use that content? I highly doubt it. They broke more laws than the criminals they sought to put in jail. That cannot be legal. I wouldn't be surprised to find out the person in charge of the entire thing is a pedophile. Perhaps even a network of pedophile cops? Seriously this is a case for the FBI to investigate.
Glad they put these abusive fuckers away even if a few rules were broken. It's not like the US itself recognizes foreign sovereignty so why should the upside-downers.
darn you black bart!!!1
So I guess America has no other option than to give more money for counter-spy hack technology?
those australians, always just trying to tear america to shreds.
(AC for a reason)
Actually he was an acquaintance my friend was living with. He would get notoriously drunk and browse the darker corners of the web on his computer in the living room.
In his own words he said "I got drunker and the girls got younger" I never witnessed any of it and heard of it only by proxy. I actually told him about TOR and TAILS and he laughed me off as being paranoid. Any hows lets just say this guy wasn't posting material, wasn't posting on forums, wasn't fetishising the material. He just browsed a few sites in a drunken stupor.
Anyhows this guy gets a knock on the door. Its two detectives. They take his whole Win7 gaming machine - all external hard drives etc. Coerce Him to make a statement (he royally fucked up that statement) Drag him through the courts for 2 years. Accuse him of having 10 000 infringing images - huge penalties/possible jail time etc. Later gets Dropped down to 100 images all in the browser cache . (They really really like counting tiny image thumbnails as infringing content)
The whole time we were wondering how the fuck this happened. He offered many excuses - hacking etc.... but i told him straight up he got caught in a honeypot and his didn't hide his IP. Now this all makes sense. Yes he lives in Brisbane Australia. Yes the QPS seems to be spending a large amount of its resources on this kind of crime.
After 2 years in court and dealing with the wonderfull legal aides ( he was unemployed and on disability )he ended up with a 1 year suspended sentence, 2 years Probation and is now a registered sexual offender. I was told this was one of the lightest sentences ever recorded for CP related crime.
I am really at odds with this. It really rattled him badly. He lost family and friends. He doesnt drink anymore. He gtot his benifits threatened/reviewed. All his computer gear got disappeared. He is too scared to own a computer now and just does all of his gaming and communicating and light browsing through a PS4.
Yeah he fucked up, but really all he did was view a few websites at a lowpoint in his life..... The response was uncompromisingly heavy.
[Spoiler] We later found out a hamplanet SJW girlfriend / housemate made a statement to QPS when their relationship ended. It literally would of been a 5minute job to reference his name to a list of IP's if a honeypot was already up and running. Add a gold star to Detective ************'s and ******'s records. Scary.
They were running a child pornography website in their own jurisdiction, if that's illegal over there, then they should be prosecuted by their authorities (I think they should, it's disgusting to think police is distributing cp).
They sent links that directed people outside of the tor network to a "clear web" cp website they also run. People that accepted to go to that website were subjected to the same "privacy" they are subjected to when visiting any other website. If recording visitors ips and sessions is hacking, then facebook is hacking everyone.
They knew it was illegal to posses and distribute cp in the US, they knew some people with US ips were doing it, so they informed the proper authorities (the FBI) that had jurisdiction to investigate based on the evidence that was handed over and later prosecute. The proper authorities did that.
The only problem I see in this is that it's becoming common for law enforcement to run cp websites. It's entrapment. If there was no website, the "criminals" wouldn't have the pictures they are being charged of possessing. In this case, even the prosecution for the pictures the users uploaded is questionable, since sharing them was enabled by the police. If they manage to link the users to the pictures they uploaded before the police was running the website, then we have a crime that was not created/enabled/encouraged/requested by the police. Pictures sent when the police was requesting them from the user should be dismissed.
But in the end, this should be thinkable ONLY if law enforcement had the consent from the children in the content, and, of course, they are adults capable of understanding it. Otherwise they are just exploiting those kids abuse for a different end.
Then complains when other countries do the same? Please turn down your idiocy...
Since kiddie porn people use the exact same Internet and toolset as non-kiddie-porn people, this means you are ok with the government using all technology and methods available against non-kiddie-porn people, as long as they justify it as the pursuit of shutting down kiddie porn.
I almost completely agree, except with nevertheless some practical limitations on what "all technology and methods available" means, combined with a relative lack of caring about kiddie porn. (I'm not for it, but I'm also not particularly rabidly concerned about it.) I think any person's government should be authorized to attack computer systems using about as much resources as any government foreign to that person is likely to be using.
The reason for this is that you cannot, and should not, be counting on adversaries' restraint in protecting your computer systems. I don't have a vote in Russian government and they should not be accountable to me at all. While I would prefer the Russian government (or Chinese industry) (or domestic criminals) not attack my systems, it's gonna happen. So the baseline threat should be that every single person should be assuming their computers are going to be under attack by extremely capable and malignant adversaries. I want a cultural landscape, where if you deploy a system that can't defend against, say, a ten million-dollar-budgeted Russian attack, then nearly every person who hears about it should consider that to be totally and completely reckless and negligent.
Or to put it another way, your message to your wife "pick up some beer on the way home" needs to be able to resist whatever the UK government is spending on fighting kiddie porn, since your message is definitely going to get caught up in shit like that, where attempts will be made to compromise your systems, software, and key exchange.
Or to put it a third way, kiddie porn producers should be worried only about detection at the human level, and until their computer systems are totally impractical to attack (i.e. until they can use the Internet with virtually no fear of getting caught) then everyone's systems are also vulnerable to common criminals and foreign governments. We should all be using kiddie-porn-producers' computer security as the benchmark for our computer security.
And saying that nobody has a reasonable expectation of their own government behaving better than adversaries' governments, is a great way to get there. Whatever some people are worried that the NSA might be doing, we all probably ought to be worried that someone else is doing it too. We should be in a climate where these level of attacks are all expected (whether or not they really happen) and considered normal and routine.
And really the only limitation, is found in asking: what isn't reasonably expected by a very-well-budgeted and totally unrestrained lawless attacker? If you can think of a threat that falls into that category, then I think it's reasonably to demand that your own government be prohibited from doing that, since it's above the necessary level that every single person needs to defend against.
So bring on the over-zealous kiddie porn investigations, and then let's all figure out how to thwart whatever methods arise, since we'll also be defending against equivalent criminal and espionage attacks which are very likely already being used against everyone else anyway. Whatever you want the FBI to do, I bet the FSB is already doing it, and you are already paying for it in your day-to-day life. Let's get everyone thinking in terms of what attacks the FBI might be able to carry out. Let's get the FBI revealing their best ideas in court, so that we can work on defenses against the FSB. FBI: Go, do your thing!
That's what the "Five Eyes" group is primarily for: Hacking citizens in other countries, for those countries.
So the US spy agencies can not "work" on American citizens without a lot of legal problems. They might suspect someone, but the evidence is weak, to weak to use the normal, legal ways to find out more. So they ask their friends, e.g. the Australians: Could you please hack this guy? For the Aussies, this guy is a foreigner and therefor a legal target. If they find something that would make the person report-worthy, they hand back their finds to the US as in "This guy has been reported to us by a foreign law enforcement agency as part of their investigations". And the US suddenly has the evidence it needs to proceed further.
And the next time that the Australian agencies have someone they need investigated, they turn to the US and ask for a similar favor. Avoiding the law and denying legal due process is just a phone call away today. And while catching a terrorist or child molester is a worthy cause, the laws protecting the citizens due rights are there for a reason.