Slashdot Mirror
Australian Authorities Hacked Computers in the US (vice.com)
Motherboard is reporting that Australian authorities hacked Tor users in the United States as part of a child pornography investigation. The revelation comes through recently-filed US court documents. The incident underscores a trend where law enforcement around the world are increasingly pursuing targets overseas using hacking tools, raising legal questions around agencies' reach. From the report: In one case, Australian authorities remotely hacked a computer in Michigan to obtain the suspect's IP address. "The Love Zone" was a prolific dark web child abuse site, where users were instructed to upload material at least once a month to maintain access to the forum. By July 2014, the site had over 29,000 members, according to US court documents, constituting what the US Department of Justice described as a "technologically sophisticated conspiracy." In 2014, Queensland Police Service's Task Force Argos, a small, specialised unit focused on combating child exploitation crimes, identified the site's Australian administrator in part because of a localized greeting he signed messages with. The unit quietly took over his account, and for months ran the site in an undercover capacity, posing as its owner. Task Force Argos' logo includes a scorpion, and the tagline "Leave No Stone Unturned." Because The Love Zone was based on the dark web, users typically connected via the Tor network, masking their IP addresses even from the law enforcement agents who were secretly in control of the site. Task Force Argos could see what the users were viewing, and what pages they were visiting, but not where they were really connecting from.
No, fire your lawyer. Compiling with GCC is explicitly called out as not making your code GPL.
I don't know about you, but I do have a problem with feds running a kiddy porn site for a few months. There are limits to what law enforcement should be doing, and using kids as bait is one of the things where you don't just step over the lines but actually throw up on it. Especially when so little is accomplished by doing it.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
I'm kinda wigged out that this site had 29,000 users! Not that all of them were in the US, but there are a lot of pedos out there.
Look back up at my post, now look back down, you're on the Internet. Now look back up. I'm a signature.
raising legal questions around agencies' reach.
Queensland Police Service's Task Force Argos, a small, specialised unit focused on combating child exploitation crimes, identified the site's Australian administrator in part because of a localized greeting he signed messages with.
In other words, an Australian law enforcement agency was going after an Australian running a child porn site. Yeah, that is totally out of bounds for them. Who would ever think a country would have jurisdiction over people committing crimes in their country.
Child pornography has no borders. Based on the hyperbole from Motherboard we can presume they support child pornographers to be protected so they can continue raping one and two-year olds because that's what's most important.
We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
I've always suspected they used The Wiggles for just this reason. ;) What else could explain them?
Look back up at my post, now look back down, you're on the Internet. Now look back up. I'm a signature.
TOR END POINT = chilld sex offender that after they get out will be blacked listed form just about all work and may just do what it takes to get back in.
I wouldn't be surprised if a large number of them were different "law enforcing agents" from different countries :D
I'm kinda wigged out that this site had 29,000 users! Not that all of them were in the US, but there are a lot of pedos out there.
Assuming there are 7.4 Billion people and 40% of them have internet access, then the proportion on that site is 29,000/2960000000 = 9.79e-6. So that is a little less than 1 in 100,000 people.
The world has a lot of people in it.
I should use this sig to advertise my book ISBN-13 : 978-1501515132.
That's the problem though...
"I don't mind if you ignore the law for *X* because I find *X* repugnant."
"Well, I suppose you could also skirt the law for *Y* because that's pretty bad, too."
"HEY, why are you ignoring the law for *Z*, that wasn't part of the deal."
While I absolutely agree that the CP ring needed to be shut down, we need to go about it the legal way. There are mechanisms in place to apprehend these criminals, without becoming criminals yourself.
I have to agree with you. From the quick google search I did possession and distribution of CP is prima facie illegal in the US. There are no special exceptions for LEOs conducting strings. Obviously we have a big general exception for storage of evidence etc, maybe it was the Aussies that did most of the objectionable hosting etc but its still highly questionable for the DOJ to cooperate in an investigation using such methods. If that is "ok to do" than pretty much all the DOJ need do is find some banana republic somewhere to hire some work out to and basically anything they do on the Internet is suddenly above and beyond the reach of law.
The other issue is hacking suspects computers without a search warrant seems like a plain violation of the CFAA to me. So again the feds cooperating with an other nation using such methods should be illegal as they are accessories to the crime.
If Law Enforcement can't follow the law the rest of us should not have to either.
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
I would agree with you had they been the ones to set it up. Taking an existing site and keeping it running during an active investigation.. yeah it's in murky territory but it's also a way to gather data.
No comment on the legalities of what occurred, though.
"Action without philosophy is a lethal weapon; philosophy without action is worthless."
Maybe more than actual users.
Remember, the internet is where men are men, women are men, and kids are FBI agents.
I know you're just a redundant copy-paste asshat troll. But seriously, GPL got you down with Linux? Just move to BSD. Problem solved.
Assuming there are 7.4 Billion people and 40% of them have internet access, then the proportion on that site is 29,000/2960000000 = 9.79e-6. So that is a little less than 1 in 100,000 people.
Don't forget, this is only the number of people who were savvy enough to find a dark-web site and maintain an account with monthly submissions, so you're probably off by an order of magnitude.
Taking guns away from the 99% gives the 1% 100% of the power.
First, your claims about the GPL are simply incorrect. And even if they were, you still started doing something without having a clue about what you were dealing with. So, nice cry story, but completely your own fault.
It doesn't have to be like this. All we need to do is make sure we keep talking.
Maybe more than actual users.
Remember, the internet is where men are men, women are men, and kids are FBI agents.
Women are bots, and the bots are traps. Ashley Madison Used Chatbots to Lure Cheaters, Then Threatened to Expose Them When They Complained
Assuming there are 7.4 Billion people and 40% of them have internet access, then the proportion on that site is 29,000/2960000000 = 9.79e-6. So that is a little less than 1 in 100,000 people.
Don't forget, this is only the number of people who were savvy enough to find a dark-web site and maintain an account with monthly submissions, so you're probably off by an order of magnitude.
Yes. If I'm off by two orders of magnitude, it still isn't a very high proportion of people.
I should use this sig to advertise my book ISBN-13 : 978-1501515132.
Did the Queensland Police hack any computers? They appear to have simply sent emails containing links. When the link was clicked, the IP address of the mail client as recorded.
From the TLA:
>> Details on how exactly this was achieved are limited, but according to a court document from another case,
>> “When a user clicked on that hyperlink, the user was advised that the user was attempting to open a video
>> file from an external website. If the user chose to open the file, a video file containing images of child pornography
>> began to play, and the FLA [foreign law enforcement agency] captured and recorded the IP address of the user accessing the file.”
So it doesn't appear that any code was inserted into the target computer. The offenders didn't follow good opsec - they clicked on a link while they were not connected to a TOR proxy.
As for jurisdiction - it appears that the server was moved to Brisbane. Again from the TLA:
>> At one point, The Love Zone server was also reportedly moved to Brisbane, giving Task Force Argos,
>> the Queensland Police Service unit that took over the site, access to every private message on the site.
If the server was located in Queensland, then Queensland court orders could legitimately apply to it. So no evidence of hacking or of extra-territoriality. Move along folks, no misconduct, just good police work.
Remember the right-wing screaming the phrase 'One World Government!' at the top of their lungs during the nineties?
Well, Righties, it appears the extra-judicial organs of state security have already faited that accompli.
Anyone in Australia hacking anything in the US should result in criminal charges (not that it'd ever go to trial unless the perpetrator actually found his or her way to US soil). Period. It doesn't matter if the person doing the hacking is a private citizen or the prime minister.
That said, the "hacking" they're talking about seems to have been giving the guy a link a hyperlink. Calling giving someone a hyperlink and them clicking it a "hack" is a stretch, imo, if that hyperlink doesn't do anything other than connect to a web site. If it downloaded malware or something similar, then ok, but it doesn't sound like that's what happened.
there are a lot of pedos out there.
The FBI could probably tell you how many pedos are on sex offenders lists. Note that I specifically said pedos, because you can probably get on one of those list by peeing behind a bush or walking into the wrong bathrooms in a restaurant.
And, of course, these are only the ones who got caught. If even the Catholic Church covers them up in their organization, imagine what goes on elsewhere . . .
Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
I'm just waiting for frequent contributor Bennett Haselton to offer an opinion.
Keep in mind that not all pedophiles are sex offenders.
Also, not all sex offenders associated with CP are pedophiles.
Some are far worse - they're in it for the money.
And some are neither - they downloaded a trove of pics or videos, and missed filtering out some that were CP, or were unable to remove the traces.
... If that is "ok to do" than pretty much all the DOJ need do is find some banana republic somewhere to hire some work out to and basically anything they do on the Internet is suddenly above and beyond the reach of law.
Yeah, if only there were a banana republic conveniently located 300 miles or so offshore with a military base or something where the US government could operate extrajudicially...
What if the cops are actually pedophiles? There are cops that are convicted of child porn. There are 3 in the past decade in Florida alone and most of them worked either with or along side cyber crime units. My guess is they are introduced to it and/or obtain most of it from work. One guy took an entire flash drive of content and kept it in his locked gun case at home. Another guy was jerking off at his desk in the fucking police station when no one was around. Yet another was touching kids in his squad car. Did they get permission from parents of these children to use that content? I highly doubt it. They broke more laws than the criminals they sought to put in jail. That cannot be legal. I wouldn't be surprised to find out the person in charge of the entire thing is a pedophile. Perhaps even a network of pedophile cops? Seriously this is a case for the FBI to investigate.
I agree. Imagine if this were the American DEA, and together with the Columbian police they brought down a drug lord, but continued producing, shipping, and selling cocaine in his stead. Would that be OK?
Gamingmuseum.com: Give your 3D accelerator a rest.
Maybe more than actual users.
Obligatory.
sub f{($f)=@_;print"$f(q{$f});";}f(q{sub f{($f)=@_;print"$f(q{$f});";}f});
No, because then they don't address the problem but add to it. That's exactly the point here. In my opinion law enforcement should do what its name implies, enforce and uphold the law. I cannot uphold the law by breaking it, that makes zero sense.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
They were running a child pornography website in their own jurisdiction, if that's illegal over there, then they should be prosecuted by their authorities (I think they should, it's disgusting to think police is distributing cp).
They sent links that directed people outside of the tor network to a "clear web" cp website they also run. People that accepted to go to that website were subjected to the same "privacy" they are subjected to when visiting any other website. If recording visitors ips and sessions is hacking, then facebook is hacking everyone.
They knew it was illegal to posses and distribute cp in the US, they knew some people with US ips were doing it, so they informed the proper authorities (the FBI) that had jurisdiction to investigate based on the evidence that was handed over and later prosecute. The proper authorities did that.
The only problem I see in this is that it's becoming common for law enforcement to run cp websites. It's entrapment. If there was no website, the "criminals" wouldn't have the pictures they are being charged of possessing. In this case, even the prosecution for the pictures the users uploaded is questionable, since sharing them was enabled by the police. If they manage to link the users to the pictures they uploaded before the police was running the website, then we have a crime that was not created/enabled/encouraged/requested by the police. Pictures sent when the police was requesting them from the user should be dismissed.
But in the end, this should be thinkable ONLY if law enforcement had the consent from the children in the content, and, of course, they are adults capable of understanding it. Otherwise they are just exploiting those kids abuse for a different end.
I'm pretty sure that happens all day, every day.
Law enforcement: two wrongs DO make a right.
Newsflash: I don't control American policy, nor do I always agree with it. As I said in response to another AC, I fully support other countries prosecuting US citizens who violate their laws, whether or not those US citizens are law enforcement agents.
So if I shoot the cop I go free when I then also shoot the robber?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
That's what the "Five Eyes" group is primarily for: Hacking citizens in other countries, for those countries.
So the US spy agencies can not "work" on American citizens without a lot of legal problems. They might suspect someone, but the evidence is weak, to weak to use the normal, legal ways to find out more. So they ask their friends, e.g. the Australians: Could you please hack this guy? For the Aussies, this guy is a foreigner and therefor a legal target. If they find something that would make the person report-worthy, they hand back their finds to the US as in "This guy has been reported to us by a foreign law enforcement agency as part of their investigations". And the US suddenly has the evidence it needs to proceed further.
And the next time that the Australian agencies have someone they need investigated, they turn to the US and ask for a similar favor. Avoiding the law and denying legal due process is just a phone call away today. And while catching a terrorist or child molester is a worthy cause, the laws protecting the citizens due rights are there for a reason.