Similar situation, different method. I work as a Sysadmin/Programmer/Analyst but do web design and hosting for small businesses on the side. I have had clients whose current provider shut them down when they caught wind that they were talking to another provider. So as a precaution the first thing I do when talking to a new client is capture their current site via a wget crawl so they don't lose their content. As a way to sidestep bot blocking with wget you can pass arguments for it to identify itself as a particular browser and set delay between fetches so it looks like someone just browsing the site, albeit very systematically. As part of that I do an external link analysis checking for broken links, it makes for a nice bonus when I meet with them (like I said these are small businesses, a little extra on my part goes a long way). I would hate to stumble across one of those links on a compromised site or forum crawl.
Now that I think about it I did have that happen at work when a faculty member wanted to move his site from his old college to ours I was running a wget crawl (he no longer had access to the file system on the host and wget'ing it was just going to be quicker than contacting the other college to have the files transferred) when I glanced over and saw it checking all these external links to porn sites. Turns out that he had a wiki in the site that had long ago been compromised was filled with porn spam.
Read the above comments. The delivery method they are using for this sting isn't the problem - it appears that the links were posted in a place probably only visited by child pornographers, it's the way they are executing the results of the sting and the precedent it is setting.
Flaws:
1) They are just using IPs as a basis for the warrant, not looking at referrers which leaves the hole of cruel pranks using redirects along with the possibility of ip spoofing/proxying.
2) They are matching MAC adresses to the actual machine after seizure, which again is no basis, my Xbox360 offers MAC spoofing built-in. As mentioned earlier a few seconds with KisMac/Snort in a public WiFi zone and you can have everyone's MAC on that network.
3) There were thumbnails listed in a thunbnail.db, no images were found. As I stated earlier this only means that the images were on the computer at one time and that folder had been viewed in preview mode when those images were there, it does not identify how they got there (user initiated or automated), how long it was there (3 seconds or 3 weeks), how many times it was viewed and for how long. I feel these are key in establishing intent.
4) Most importantly - it does not establish who was physically using the machine/ip/mac when the offense took place.
Leaving conspiracy theories and entrapment arguments behind. The fact that mutable data is being used as the digital equivlent of a fingerprint to grant a warrant disturbs me. This system of catching perps is too fallible and the costs to innocents too high to warrant its use. The hardcore perps are way too savvy to get caught this way which leaves the feds scooping up the equivalent of a pickpocket while there's a bank heist going on around the corner.
Leaving conspiracy theories and entrapment arguments behind. This system of catching perps is too fallible and the costs to innocents too high to warrant its use. The hardcore perps are way too savvy to get caught this way which leaves the feds scooping up the equivalent of a pickpocket while there's a bank heist going on around the corner.
What ever happened to building a case? This is the spam of investigative work.
All of the suggestions posted on how to protect your machine/network, lock down your wifi, turn off precaching, don't click links in emails, etc. makes perfect sense to us on slashdot/digg/reddit - but we are much more tech savvy than the vast majority of users on the Internet who really only know how to 'use' the internet and are blissfully unaware of how vulnerable they are online. Your average Judge falls into that latter category.
Somehow I don't think the child-porn trading world worries too much about putting up warning pages that the content may be offensive which would probably be a tip-off to a perp. Also the links shown in the article look like direct links to split binary files.
See my earlier comment, I won't comment on the law or civil rights aspect of this as I'm not an expert. But from a technical aspect it would be very easy for someone to be railroaded into 'clicking the link' - or even accidently.
Two thumbnails of of images in a thumbnails.db only tells me that at one time that image existed in that directory, it does not tell me how it came to be there (prefetching, autodownloading, etc.), how long it was there or if it was even viewed much less how many times, for how long, etc.
I can't believe I am coming to the defense of someone who in light of the other evidence is clearly an offender but this method of catching 'suspects' is way too flawed. The fact that seizure of personal assets can be warranted under such flimsy pretense tells me that there is no real understanding of technology age we are living in the judicial branch. Unfortunately I see innocent and accidental offenders having their lives ruined.
Nah, just send him a tinyurl link to it. The rickroll of 2008.
Seriously though this just goes to show how far tech has outdistanced legislation/law enforcement. In about an hour if I wanted, armed with just a sendmail server, an offshore proxy service, tinyurl, and the email addresses of or even a comment on a digg/slashdot/social news network I could ruin peoples lives. Remember the crime was 'clicking on an illegal hyperlink', the hole here is that method is only capturing at the destination not how the link was presented to the user, REQUEST variables (such as the referrer) are not hard to rewrite and is commonly done in most web servers. Unfortunately our judicial system is woefully tech ignorant as a whole and not educated/equipped to properly evaluate these kinds of cases.
I despise pedophiles/child predators but I'm thinking that this approach is only going to catch small fish/and the curious (as in - is that really what it says it is? can't be, can it?) and is seriously flawed, the serious big fish are smarter than this, they've been underground so long they know how to cover their tracks and stay off the grid.
Slashdot Mirror
Knock, knock. Who's there? :-P
Similar situation, different method. I work as a Sysadmin/Programmer/Analyst but do web design and hosting for small businesses on the side. I have had clients whose current provider shut them down when they caught wind that they were talking to another provider. So as a precaution the first thing I do when talking to a new client is capture their current site via a wget crawl so they don't lose their content. As a way to sidestep bot blocking with wget you can pass arguments for it to identify itself as a particular browser and set delay between fetches so it looks like someone just browsing the site, albeit very systematically. As part of that I do an external link analysis checking for broken links, it makes for a nice bonus when I meet with them (like I said these are small businesses, a little extra on my part goes a long way). I would hate to stumble across one of those links on a compromised site or forum crawl. Now that I think about it I did have that happen at work when a faculty member wanted to move his site from his old college to ours I was running a wget crawl (he no longer had access to the file system on the host and wget'ing it was just going to be quicker than contacting the other college to have the files transferred) when I glanced over and saw it checking all these external links to porn sites. Turns out that he had a wiki in the site that had long ago been compromised was filled with porn spam.
Read the above comments. The delivery method they are using for this sting isn't the problem - it appears that the links were posted in a place probably only visited by child pornographers, it's the way they are executing the results of the sting and the precedent it is setting. Flaws: 1) They are just using IPs as a basis for the warrant, not looking at referrers which leaves the hole of cruel pranks using redirects along with the possibility of ip spoofing/proxying. 2) They are matching MAC adresses to the actual machine after seizure, which again is no basis, my Xbox360 offers MAC spoofing built-in. As mentioned earlier a few seconds with KisMac/Snort in a public WiFi zone and you can have everyone's MAC on that network. 3) There were thumbnails listed in a thunbnail.db, no images were found. As I stated earlier this only means that the images were on the computer at one time and that folder had been viewed in preview mode when those images were there, it does not identify how they got there (user initiated or automated), how long it was there (3 seconds or 3 weeks), how many times it was viewed and for how long. I feel these are key in establishing intent. 4) Most importantly - it does not establish who was physically using the machine/ip/mac when the offense took place. Leaving conspiracy theories and entrapment arguments behind. The fact that mutable data is being used as the digital equivlent of a fingerprint to grant a warrant disturbs me. This system of catching perps is too fallible and the costs to innocents too high to warrant its use. The hardcore perps are way too savvy to get caught this way which leaves the feds scooping up the equivalent of a pickpocket while there's a bank heist going on around the corner. Leaving conspiracy theories and entrapment arguments behind. This system of catching perps is too fallible and the costs to innocents too high to warrant its use. The hardcore perps are way too savvy to get caught this way which leaves the feds scooping up the equivalent of a pickpocket while there's a bank heist going on around the corner. What ever happened to building a case? This is the spam of investigative work. All of the suggestions posted on how to protect your machine/network, lock down your wifi, turn off precaching, don't click links in emails, etc. makes perfect sense to us on slashdot/digg/reddit - but we are much more tech savvy than the vast majority of users on the Internet who really only know how to 'use' the internet and are blissfully unaware of how vulnerable they are online. Your average Judge falls into that latter category.
Somehow I don't think the child-porn trading world worries too much about putting up warning pages that the content may be offensive which would probably be a tip-off to a perp. Also the links shown in the article look like direct links to split binary files.
See my earlier comment, I won't comment on the law or civil rights aspect of this as I'm not an expert. But from a technical aspect it would be very easy for someone to be railroaded into 'clicking the link' - or even accidently. Two thumbnails of of images in a thumbnails.db only tells me that at one time that image existed in that directory, it does not tell me how it came to be there (prefetching, autodownloading, etc.), how long it was there or if it was even viewed much less how many times, for how long, etc. I can't believe I am coming to the defense of someone who in light of the other evidence is clearly an offender but this method of catching 'suspects' is way too flawed. The fact that seizure of personal assets can be warranted under such flimsy pretense tells me that there is no real understanding of technology age we are living in the judicial branch. Unfortunately I see innocent and accidental offenders having their lives ruined.
Nah, just send him a tinyurl link to it. The rickroll of 2008. Seriously though this just goes to show how far tech has outdistanced legislation/law enforcement. In about an hour if I wanted, armed with just a sendmail server, an offshore proxy service, tinyurl, and the email addresses of or even a comment on a digg/slashdot/social news network I could ruin peoples lives. Remember the crime was 'clicking on an illegal hyperlink', the hole here is that method is only capturing at the destination not how the link was presented to the user, REQUEST variables (such as the referrer) are not hard to rewrite and is commonly done in most web servers. Unfortunately our judicial system is woefully tech ignorant as a whole and not educated/equipped to properly evaluate these kinds of cases. I despise pedophiles/child predators but I'm thinking that this approach is only going to catch small fish/and the curious (as in - is that really what it says it is? can't be, can it?) and is seriously flawed, the serious big fish are smarter than this, they've been underground so long they know how to cover their tracks and stay off the grid.