FBI Operated 23 Tor-Hidden Child Porn Sites, Deployed Malware From Them

An anonymous reader quotes a report from Ars Technica: Federal investigators temporarily seized a Tor-hidden site known as Playpen in 2015 and operated it for 13 days before shutting it down. The agency then used a "network investigative technique" (NIT) as a way to ensnare site users. However, according to newly unsealed documents recently obtained by the American Civil Liberties Union, the FBI not only temporarily took over one Tor-hidden child pornography website in order to investigate it, the organization was in fact authorized to run a total of 23 other such websites. According to an FBI affidavit among the unsealed documents: "In the normal course of the operation of a web site, a user sends "request data" to the web site in order to access that site. While Websites 1-23 operate at a government facility, such request data associated with a user's actions on Websites 1-23 will be collected. That data collection is not a function of the NIT. Such request data can be paired with data collected by the NIT, however, in order to attempt to identify a particular user and to determine that particular user's actions on Websites 1-23." Security researcher Sarah Jamie Lewis told Ars that "it's a pretty reasonable assumption" that at one point the FBI was running roughly half of the known child porn sites hosted on Tor-hidden servers. Lewis runs OnionScan, an ongoing bot-driven analysis of the Tor-hidden darknet. Her research began in April 2016, and it shows that as of August 2016, there were 29 unique child porn related sites on Tor-hidden servers. That NIT, which many security experts have dubbed as malware, used a Tor exploit of some kind to force the browser to return the user's actual IP address, operating system, MAC address, and other data. As part of the operation that took down Playpen, the FBI was then able to identify and arrest the nearly 200 child porn suspects. (However, nearly 1,000 IP addresses were revealed as a result of the NIT's deployment, which could suggest that even more charges may be filed.)

Is Tor still vulnerable?

[BitterOak]

That NIT, which many security experts have dubbed as malware, used a Tor exploit of some kind to force the browser to return the user's actual IP address,

Does anyone know if that exploit has been fixed or is it still unpatched? If the FBI can use this exploit to catch child pornographers then other, possibly malicious, people can use the same exploit.

entrapment

[lpq]

Why is this not entrapment?

If they offer 23 out of 29 sites, that would seem to be increasing enticement...

Question for the FBI

When, may I ask, will the FBI go after the creators of child porn, and not just the consumers? The peopel who actually and directly abuse children for money? Or is it a lot simpler easier to entrap the customers, since you can wave the contraband in their faces? It's rather like penalizing people who drink poisoned water rather than finding the poisoners.

Except

[s.petry]

1. They had 2 warrants and judges approve the tactic. If you want to complain about the judges that is fair game, but the FBI did follow the rules. 2. The FBI did not setup these sites, they seized them through legal process.

I am extremely pro US Constitution and don't see what they did as wrong. They followed the legal process as they should. What I wish we could see is how many arrests they made from the tactic.

Your resident pedo here

The hosting site in question was known as "Freedom Hosting", it was the host of many sites including OPVA (main CP video site), Lolita City (main CP pic site), TorMail (used by everyone and their dog) and many others. The cops took over *all* of them when they took the host, what they're talking about here is the server request logs. The NIT was supposedly only deployed on CP sites, but that's a lie it was deployed on all sites hosted by FH. I'm not about to testify on that though.

The exploit was based on a Javascript exploit in Firefox, in the CP community it was well known that you should disable any form of scripting that TorBrowser insist on shipping enabled because otherwise it'd break too many regular sites. So in the end they caught a few nobodies that didn't follow best practices, shafted someone who only did the hosting and punch water knocking out the main sites. It's like bittorrent, we tend to crowd but the crowd could always meet somewhere else.

For what it's worth, they also took over TLZ (The Love Zone) and ran it for half a year. Playpen they took over and ran for two weeks. They catch the people who do stupid things like pay for hosting with non-anonymous methods, say compromising things in private messages and so on. They pick of the stupid, the smart stay on... 20+ years and counting, the cops are n00bs. They think the scene is TPB, it's just barely scratching the surface.

Re:eh

[The+Rizz]

i think most can argue even in true free markets that who cares what happens to people that like that.

The question is whether that data collection was legal, and fell with a scope that didn't amount to a fishing expedition. There are two main reasons everyone should care about this:

1) If it's not legal, then it risks these suspects going free on a technicality.
2) If it's not legal, but people decide to just let it slip by because "those people are horrible", then it sets a precedent that said methods are OK, and it gets harder for it later to be declared illegal when the government starts using it for less clear-cut or outright nefarious purposes.

I know those raided over this, info inaccurate

The FBI needlessly raided, embarrassed, and stole a lot of property from people it disliked irregardless of the fact they didn't even know who they were targeting in most cases. The IP addresses don't equal persons or places to be searched despite what the courts have accepted. I know that because I can demonstrate it here with this very example. I do know that in this case the FBI did know who they were targeting because they were targeting an activist or two or group who stood up against the FBI for immoral and reprehensible behaviour (distributing child porn). Mark Edge and Ian Freeman stood up and called the FBI out just two weeks before they raided the studio of Free Talk Live and home of numerous liberty activists. The government has been targeting Ian Freeman's reputation for some time and slandering/libeling his name making claims he's a paedophile who advocates for the rape of children under six. Ian advocates against the use of violence including against children and doesn't think children under six should be having or are ready for sex.

Here is what I can tell you: The warrants didn't name a person, place, location, and specific things to be seized. In this case they've stolen a few dozen computers and devices from many innocent parties. The courts literally rubber stamp these types of warrants and higher courts have ensured this continues.

You can see exactly what happens in the videos below (thanks to other activists who recorded the raid). FTL is a libertarian talk show that has promoted the Free State Project which is a migration of liberty minded activists to New Hampshire for the purpose of pursuing liberty and freedom. Check out www.freekeene.com for Liberty news in New Hampshire. And don't worry- if you join us there are thousands of people here already. You won't be raided as long as you don't live near the home of the most active activists. They didn't succeed in undermining the movement (which actually consists of numerous groups throughout New Hampshire) and within a handful of hours they raised $5,000 and got Free Talk Live on air- before they even missed airing a single episode.

Check out:

http://www.copblock.org/156621/got-enemies-have-the-fbi/

Raid itself:

http://freekeene.com/2016/03/20/men-donning-badges-steal-property-from-free-talk-live-studios/