Slashdot Mirror
FBI Dismisses Child Porn Case Rather Than Reveal Their Tor Browser Exploit (arstechnica.com)
An anonymous reader writes:
Federal prosecutors just dropped charges against a child pornography suspect rather than reveal the source code for their Tor exploit. Of the 200 cases they're prosecuting nationwide, this is only the second one where the FBI has asked that the case be dismissed. "Disclosure is not currently an option," federal prosecutors wrote in a court ruling Friday. The Department of Justice is still prosecuting 135 different people believed to have accessed an illegal child pornography web site. Before shutting it down, the FBI seized the site and operated it themselves for 13 more days, which allowed them to deploy malware to expose the users' real IP addresses.
Sounds like there is a very simple formula for defense now and forever for any of their tor tapping. Smart, very smart.
You do know that javascript, java, and flash exploits are still a thing, right?
I would not be surprised if the FBI has learned of an exploit for one of these or in the Tor implementation itself, and has chosen to not disclose it because they can continue to use it for parallel-construction cases, or because their knowledge of it came from another agency that still wants to use it for international crimes.
Do not look into laser with remaining eye.
Interesting, albeit disturbing, insight into the moral compass of the FBI. Secrecy trumps child pornography.
The question is if the FBI is actively seeking the child abusing producers of child pornography or if they are really only interested in catching the people who download it. It's all very distasteful but I'm more interested ending the abuse than throwing every twisted individual in jail for a period of time. I understand that it's a global problem which is why governments should work together to stop the madness.
Anons need not reply. Questions end with a question mark.
There's also a possibility that they haven't got anything as much to disclose as they'd like us to believe. Maybe some of the evidence supposedly gathered through the exploit, was instead obtained through another, possibly illegal, method or fabricated.
Tor disables javascript, java, and flash by default... so the exploit must have been in the mozilla firefox code base or the onion routing protocol -- unless they run and/or spy on all the Tor nodes to figure out where things are really being routed.
I've read stories where the feds attempted to shake down libraries to get them to close their Tor nodes, yet the feds run their own. If you control all the nodes, it's easy to figure out the real routing through the onion network.
Or letting one more child be raped and murder equals what the fuck exactly?
There are many myths about "snuff films" that record actual murders, but none have ever been verified. In the most famous case Ruggero Deodato was prosecuted for murder, but was acquitted when the actors and actresses that he had allegedly murdered showed up to testify in his defense. It is hard to imagine how some scenes in his films could have been made without killing someone, but they obviously were, since the people "killed" were still alive and healthy.
The FBI does not care about prevention. They care about locking up people. Hence this is exactly as they want it.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
This is not a "Tor" exploit. It is a Firefox exploit against the version of Firefox used in the Tor browser bundle. It may well still be exploitable in current Firefox versions, including the one used in the current Tor browser bundle versions. Otherwise there really would be no point in keeping it secret.
Hence the FBI is actively and knowingly endangering anybody using Firefox. That seems to be legal, but it is hugely unethical.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Exactly. Freedom always includes the freedom to do wrong and a realistic chance to get away with it (depending on the magnitude of the crime). I believe freedom is of critical importance and the only purpose of law-enforcement is to keep crime at a level that society continues to function reasonably well. They are clearly not doing that, or the banksters would all be in prison now for a long, long time. Nobody on recent memory did this much damage to society and individuals.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Maybe, maybe not. Having charges dropped doesn't mean they can't file charges again later as long as it wasn't dismissed with prejudice.
I think either they are currently using this exploit for other active investigations or they used an illegal exploit and don't want to implicate themselves.
More likely they're still using the exploit and don't want to tip their hand. They could be monitoring another ring, terrorists, etc. If they give up the code, Tor would release a patch, and they'd be done. Stating that they can't offer up the code "at this time" is their key phrasing... as if there's something important riding on this code remaining a useful tool. Or, I could be wrong and they just want to keep using the tool when and where they can and manufacture alternate evidence to point the finger to the bad guys without disclosing the true source of intel.
Where is the point where the crime is so egregious that the FBI is willing to publish the exploit? I presume their keeping the exploit secret because once it's known, it will be fixed and they will no longer be able to monitor the "deep, dark, black, web"?
What if there was a terrorist attack and the FBI knew about it and sat on it because they thought the expected value of the property and lives lost was less than the value of the exploit and the intelligence received from it?
Would the FBI (and the US government) be liable for damages because they could have prevented the crime?
Mimetics Inc. Twitter
Should the FBI have the ability to not prosecute in a child porn case ? In California there are several types of cases that failure to pursue result in criminal liabilities for the prosecutor's, among them spousal abuse, child abuse, child porn. It is one thing to lack the evidence or documentation to pursue, or to continue to investigate but to dismiss with jeopardy attached should be a crime in itself.
errr....umm...*whooosh* *whoosh* Is this thing on ?
There is another explanation. They might not want to release it because it might not stand up in court. If it gives them the ability to run arbitrary code on the target machine, if they can places files on that machine, the defendant will claim that the FBI planted those images. I'm no expert on US law but it seems like there would be some issue with the evidence being tainted too, and then everything else i s fruit of the poisoned tree.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Even better would be to stop the victimization happening in the first place. The only way to do that, which was suggested in the UK recently and shot down by the majority of reactionary commentators, is to decriminalize viewing such images. Instead focus on helping people who feel attracted to children to get help, discreetly and without threat of prosecution or persecution, to prevent the future crimes they might otherwise commit.
In the current atmosphere, if someone did feel that way, what are the chances they would go to their doctor and ask for help with a mental illness? No, more likely they will turn to the internet, where there are sites normalizing and justifying their feelings and where the community of fellow paedophiles will accept them.
The way to protect children is not to catch the offender after they already hurt them, it's to stop them breaking the law in the first place.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC