FBI Operated 23 Tor-Hidden Child Porn Sites, Deployed Malware From Them

An anonymous reader quotes a report from Ars Technica: Federal investigators temporarily seized a Tor-hidden site known as Playpen in 2015 and operated it for 13 days before shutting it down. The agency then used a "network investigative technique" (NIT) as a way to ensnare site users. However, according to newly unsealed documents recently obtained by the American Civil Liberties Union, the FBI not only temporarily took over one Tor-hidden child pornography website in order to investigate it, the organization was in fact authorized to run a total of 23 other such websites. According to an FBI affidavit among the unsealed documents: "In the normal course of the operation of a web site, a user sends "request data" to the web site in order to access that site. While Websites 1-23 operate at a government facility, such request data associated with a user's actions on Websites 1-23 will be collected. That data collection is not a function of the NIT. Such request data can be paired with data collected by the NIT, however, in order to attempt to identify a particular user and to determine that particular user's actions on Websites 1-23." Security researcher Sarah Jamie Lewis told Ars that "it's a pretty reasonable assumption" that at one point the FBI was running roughly half of the known child porn sites hosted on Tor-hidden servers. Lewis runs OnionScan, an ongoing bot-driven analysis of the Tor-hidden darknet. Her research began in April 2016, and it shows that as of August 2016, there were 29 unique child porn related sites on Tor-hidden servers. That NIT, which many security experts have dubbed as malware, used a Tor exploit of some kind to force the browser to return the user's actual IP address, operating system, MAC address, and other data. As part of the operation that took down Playpen, the FBI was then able to identify and arrest the nearly 200 child porn suspects. (However, nearly 1,000 IP addresses were revealed as a result of the NIT's deployment, which could suggest that even more charges may be filed.)

entrapment

[lpq]

Why is this not entrapment?

If they offer 23 out of 29 sites, that would seem to be increasing enticement...

Question for the FBI

When, may I ask, will the FBI go after the creators of child porn, and not just the consumers? The peopel who actually and directly abuse children for money? Or is it a lot simpler easier to entrap the customers, since you can wave the contraband in their faces? It's rather like penalizing people who drink poisoned water rather than finding the poisoners.

Re:eh

[The+Rizz]

i think most can argue even in true free markets that who cares what happens to people that like that.

The question is whether that data collection was legal, and fell with a scope that didn't amount to a fishing expedition. There are two main reasons everyone should care about this:

1) If it's not legal, then it risks these suspects going free on a technicality.
2) If it's not legal, but people decide to just let it slip by because "those people are horrible", then it sets a precedent that said methods are OK, and it gets harder for it later to be declared illegal when the government starts using it for less clear-cut or outright nefarious purposes.