FBI Admits It Controlled Tor Servers Behind Mass Malware Attack
September 14, 2013 11:34 AM   Subscribe

The FBI yesterday acknowledged that it secretly took control of Freedom Hosting last July, days before the servers of the largest provider of ultra-anonymous hosting were found to be serving custom malware designed to identify visitors.

On August 4, all the sites hosted by Freedom Hosting — some with no connection to child porn — began serving an error message with hidden code embedded in the page. Security researchers dissected the code and found it exploited a security hole in Firefox to identify users of the Tor Browser Bundle, reporting back to a mysterious server in Northern Virginia
posted by Chocolate Pickle (81 comments total) 22 users marked this as a favorite
 
"We're basically criminals", said Donahue, "but most of the people who were affected are worse, so don't worry about it."
posted by Pope Guilty at 11:36 AM on September 14, 2013 [14 favorites]


They're shutting down a child porn kingpin, so I find myself not giving a fuck in this instance.
posted by GallonOfAlan at 11:37 AM on September 14, 2013 [6 favorites]


I'm all about that, but they couldn't do that without tagging people not involved in child pornography? They don't own any rifles and a shotgun was the only tool available?
posted by Pope Guilty at 11:39 AM on September 14, 2013 [4 favorites]


Fantastic. Now the FBI is getting in on the "fuck it, just do it to everybody" shotgun approach, too. They very well could have limited their attack to the child porn site or sites.
posted by wierdo at 11:39 AM on September 14, 2013


I want to bust child porn creators too. But attacking Tor in this way has a lot of other negative consequences. 1: it tags everyone using any of those Tor sites, including human rights activists and other users whose anonymity we want to preserve. 2: it undermines trust in the Tor Network, a US funded Internet service that has had the State Department's support for support democracy around the world. 3: malware is notoriously difficult to build correctly and this kind of attack can easily cause unexpected damage. 4: even child porn kingpins have civil rights, up to and including the Fourth Amendment.

I think this kind of police action on the Internet is inevitable. I think it could even be a good thing, on the balance. It's good the FBI has discussed their action, maybe it will enable a reasonable public debate on how far we're willing to let the FBI go in exploiting security holes on random people's computers. Also it's good that this specific malware bundle seems to have been competently designed and executed. Still this whole area of law enforcement is very risky and needs a lot of care.
posted by Nelson at 11:46 AM on September 14, 2013 [43 favorites]


It's the difference between keeping an eye on cars driving to an underage brothel and recording the tags of everyone who enters the city limits.
posted by jaduncan at 11:53 AM on September 14, 2013 [12 favorites]


This seems like a bit of a duplicate.
posted by Tell Me No Lies at 11:53 AM on September 14, 2013


4: even child porn kingpins have civil rights, up to and including the Fourth Amendment.

Not for Marques. He's not a US citizen.

Edit: Oops, he has dual citizenship. My mistake.
posted by Sangermaine at 11:53 AM on September 14, 2013


I wonder if there will be a class action lawsuit against the government for damages to people's computers from installing malware, which allows other malware to be installed, which corrupts people's data and causes costs associated with data loss and cleanup. Basically, this is an admission of malicious breaking and entering of computers owned by people unconnected with criminal behavior, right?
posted by Blazecock Pileon at 11:56 AM on September 14, 2013 [14 favorites]


So this used a windows executable, if I understand things correctly.
posted by gryftir at 11:56 AM on September 14, 2013


If the Chinese government did this it would be called cyber warfare. Which would be disappointing both because of the hypocrisy and because it would not actually involve cyborgs.
posted by justsomebodythatyouusedtoknow at 12:08 PM on September 14, 2013 [22 favorites]


I wonder if there will be a class action lawsuit against the government for damages to people's computers from installing malware, which allows other malware to be installed, which corrupts people's data and causes costs associated with data loss and cleanup. Basically, this is an admission of malicious breaking and entering of computers owned by people unconnected with criminal behavior, right?

"We cannot discuss if Mr Pileon visited a child pornography site or not, but believe his suit to be without merit", said the FBI spokesperson to local media outlets.
posted by jaduncan at 12:11 PM on September 14, 2013 [12 favorites]


because it would not actually involve cyborgs

To be fair, though, this particular disappointment applies to almost everything.
posted by neuromodulator at 12:12 PM on September 14, 2013 [8 favorites]


No doubt they logged all Silkroad drug etc. commerce, just as a side benefit.
posted by surplus at 12:13 PM on September 14, 2013 [2 favorites]


The articles suggest that it used JavaScript to deliver a Windows executable. Normally web browsers wouldn't allow this but many Tor users use a specially-customised version of Firefox that's designed to make Tor use easy. This specially-customised version had a security flaw that let the JavaScript run the Windows executable.

Newer versions of Firefox should be fine.

I guess that version of Firefox could also have also run a Mac or GNU/Linux executable if the FBI had decided to go that way, but it doesn't matter now.

I'm a Firefox user: like every browser it'll have security flaws. Keep software updated!
posted by alasdair at 12:15 PM on September 14, 2013 [1 favorite]


If the Chinese government did this it would be called cyber warfare. Which would be disappointing both because of the hypocrisy and because it would not actually involve cyborgs.

Cyber warfare turns out to not be near as cool as industrial music and 80's SF movies promised.
posted by Pope Guilty at 12:16 PM on September 14, 2013 [17 favorites]


I wonder if there will be a class action lawsuit against the government for damages to people's computers from installing malware, which allows other malware to be installed, which corrupts people's data and causes costs associated with data loss and cleanup. Basically, this is an admission of malicious breaking and entering of computers owned by people unconnected with criminal behavior, right?

it didnt actually use malware, it exploited the fact that some builds of tor browser had javascript enabled by default
posted by p3on at 12:17 PM on September 14, 2013 [1 favorite]


If the Chinese government did this it would be called cyber warfare. Which would be disappointing both because of the hypocrisy and because it would not actually involve cyborgs.

Since the government is known to be engaging in cyberwarfare, that word is not really too loaded here.
posted by Going To Maine at 12:19 PM on September 14, 2013 [1 favorite]


it didnt actually use malware, it exploited the fact that some builds of tor had javascript enabled by default

From the article:
"The heart of the malicious Javascript was a tiny Windows executable."
That sounds like malware to me.
posted by alby at 12:26 PM on September 14, 2013 [2 favorites]


A priori, I'd consider this far less bad than other recent NSA, DEA, FBI, etc. stories, not because some "oh no the children" bullshit, but because they at least could have done this one legally with warrants, etc. All the NSA and DEA stories represent more fundamentally illegal behavior. And the FBI outright trains terrorists so they can make terrorism arrests.

It's okay for cops to seize and continue operating a server if a judge agrees they have probable cause to believe it's being used in a crime. There are several specific issues with this particular case however :

First, the server was located in France, meaning the FBI violated another country's sovereignty. I donno if this should make all evidence inadmissible though. I'd want the EPA to ban imports whose production caused too much pollution, maybe that's different since it's regulation, but I'd want the EPA to send importers who lie about their producer's pollution to jail. In this case, France or Ireland should refuse extradition over this violation of French sovereignty.

Second, apparently they targeted every hidden service on the server, not merely the ones connected with crimes discussed in any warrant. Ideally, judges should issue warrants that respect virtual hosts by restricting what evidence becomes admissible. And obviously any evidence obtained from hidden services not approved by the judge should be inadmissible.

Third, there are many legitimate reasons for fully anonymous hosting, like whistleblowers, arab atheist or feminist blogs, drug usage discussions, etc. If that's all the guy did, cops should exploit his site to track down the real criminals, and then leave him alone. I'd approve if the judge gave them permission to search the server for evidence that her personally participated in the illegal activity, given that he failed to take steps against child porn after being warned specifically.
posted by jeffburdges at 12:27 PM on September 14, 2013 [3 favorites]


It is inappropriate for the FBI to engage in acts of cyberwarfare.
posted by NSA at 12:29 PM on September 14, 2013 [8 favorites]


> I'd consider this far less bad than other recent NSA, DEA, FBI, etc. stories, not because some "oh no the children" bullshit, but because they at least could have done this one legally with warrants

What - the gold standard now is "could have gotten a warrant"?
posted by lupus_yonderboy at 12:37 PM on September 14, 2013 [21 favorites]


We are almost getting to the point where I would prefer child molesters to our government. Even though I have kids, I believe the one is far more dangerous and impactful than the other. I think my children have more to fear from the FBI and the NSA. Thanks, government, for more reasons to fear and distrust you. Like we needed any.
posted by umberto at 12:40 PM on September 14, 2013 [12 favorites]


Sangermaine: "Not for Marques. He's not a US citizen.

Edit: Oops, he has dual citizenship. My mistake.
"

The fourth amendment protects applies to everyone not just citizens.
posted by Mitheral at 12:43 PM on September 14, 2013 [4 favorites]


Am the only one who doesn't consider "think of the children" to necessarily be bullshit?

This is a discussion of a specific, directed, (reasonably) targeted attack at a real world person who has enabled and profited from the exploitation of countless children. It's not a theoretical sentimental appeal used to justify something tangentially related.

"Oh noes, people who used Freedom Hosting but were innocent might have had their anonymity compromised!"

Fuck them, "Freedom Hosting has long been notorious for allowing child porn to live on its servers." You play in the mud, you might get dirty.

Yes, I'm thinking of the children.

You're tired of people using exploitation of children to justify compromising anonymity and freedom of speech? I'm tired of people using an absolute commitment to anonymity and freedom of speech to justify enabling exploitation of children.

I'm ruining my Internet Nerd cred here, but I'm totally fine with this operation.
posted by edheil at 12:46 PM on September 14, 2013 [4 favorites]


Ideally, there is no way they should've gotten a warrant to spy on all the hosted hidden services, lupus_yonderboy, so maybe that's on par with other abuses, but.. Yes, the NSA's spying, the DEA's parallel construction, and the FBI's fake terrorists are all much much worse abuses.

I suppose the very best case scenario here is : Ireland ask the FBI agents and computer experts to testify at his extradition. France charges all the FBI personnel with conspiracy to commit computer intrusion, extradites them from Ireland, and sends those FBI agents to a French jail. Ain't likely but an FBI agent doing time in a foreign jail is always a lovely dream.

Also, Ireland should charge this guy with conspiracy to distribute child poor themselves, if they can prove it using evidence that's legally admissible in their courts, which it probably isn't assuming they've a state actor doctrine, otherwise his name just gets dragged through the mud.
posted by jeffburdges at 12:47 PM on September 14, 2013


The world "illegal" is getting bandied about here, but the article nowhere states that the FBI's actions were illegal. (Secret, yes.) Can someone drop in a link showing that it was so?
posted by Going To Maine at 12:51 PM on September 14, 2013 [1 favorite]


(Nota bene: this is not not an attempt to say that it should be or should not be. It's a request for clarity.)
posted by Going To Maine at 12:52 PM on September 14, 2013 [2 favorites]


NSA: "It is inappropriate for the FBI to engage in acts of cyberwarfare."

Damn straight - that's your domain!
posted by symbioid at 12:55 PM on September 14, 2013 [2 favorites]


Yes, the FBI attacking servers in France is illegal under French and probably E.U. law, Going To Maine. Also, there is no mention of a warrant in the article, edhall, perhaps the FBI ignored that since the server was located in France, if so that should be illegal in the U.S.

Any law enforcement attacking servers located in foreign countries, while not necessarily invalidating the evidence in the attacking country's courts, should be punished harshly by the country under attack. In this case, Ireland should deny extradition, and, if possible, trick the FBI agents into facing computer intrusion charges in France.

How would you feel if Mexican drug agents started a shootout with some drug gang's banker who lives down the street from you? Alright maybe you're happy a drug loard's banker's house got shot up, but fundamentally you'd be livid that law enforcement who you cannot exercise even the most minute electoral influence endangered you.

If this guy committed any crimes, he committed them in Europe, so if the FBI hasn't ruined all the evidence, then he should stand trial in Europe.
posted by jeffburdges at 1:00 PM on September 14, 2013 [3 favorites]


Ha! I missed the France thing.
posted by Going To Maine at 1:08 PM on September 14, 2013


With respect to illegality, thats the Gov't's province to declare something legal or illegal. Congress will pass retroactive immunity laws just as they did for the telcos after the telcos realized they got dragged over the line, by the gov't after 911
As the saying goes You can't fight City Hall They make the rules, after all, and take care of their own [see Scooter Libby] first and foremost.
Now city hall has a taste for l33t skillz, might as well get used to the new real. we the people, are quite PWN3D
posted by Fupped Duck at 1:14 PM on September 14, 2013


They don't get to decide what's illegal in other countries.
posted by unknownmosquito at 1:37 PM on September 14, 2013 [4 favorites]


Count me in the "Game Pretty Much Over" camp.

Also, it is possible to deplore child exploitation and to simultaneously lament the current state of things, privacy-wise.
posted by sandettie light vessel automatic at 1:38 PM on September 14, 2013 [2 favorites]


it didnt actually use malware, it exploited the fact that some builds of tor had javascript enabled by default

JavaScript was the vector for the attack, but that doesn't mean it wasn't malware. See MSFA 2013-53 and Vlad Tsyrklevich's annotated analysis of the payload. This was not the browser working as expected, executing scripts within the parameters of the language; this was a script that exploited a browser bug that allowed for arbitrary code execution. As such, the exploit payload could operate free of the usual JavaScript security restrictions. This is how it could get the user's real (non-torified) IP address and MAC address through win32 API calls.

There's also the question of what means the FBI (assuming this was actually the FBI and not another three-letter-agency with the FBI used as a front) used to take control of the servers in the first place. As far as I know, no one has provided any evidence of a court order for this, and a secret court order authorizing the FBI to break into and modify foreign computer systems would be pretty extraordinary, even for child pron.
posted by zachlipton at 1:38 PM on September 14, 2013 [2 favorites]


There's some misunderstanding going on in this thread. The FBI didn't control Tor servers, it controlled servers that are accessible only via Tor. This is important with regards to comments involving The Silk Road. The payload was a de-anonymizing shellcode which would only run if you visited one of Freedom Hosting's clients with the Tor bundle'd Firefox on Windows.

This is not a defense of the FBI, I think this is mad shady but also really interesting. If you're using Tor, turn off javascript. The article also points out one of the more interesting questions -- how did the payload get onto Freedom Hosting's servers? If another exploit was used there, things are getting even more interesting. On preview, zachlipton knows what's up.
posted by yeahwhatever at 1:41 PM on September 14, 2013 [2 favorites]


The FBI didn't control Tor servers, it controlled servers that are accessible only via Tor.

Thanks, that's an important distinction. Although exploiting a flaw in a Tor-enchanced popular browser still seems pretty close to attacking Tor itself. Not the network maybe, but the users; both the server hosters and the page consumers.

Also worth pointing out is "On August 4, all the sites hosted by Freedom Hosting — some with no connection to child porn — began serving an error message with hidden code embedded in the page." It was a blanket attack against a bunch of sites that happened to be hosted by a company that is alleged to also have been hosting child pornography.

I've read the article three times now and still don't understand.. What argument does the FBI have that what they did was legal? Or maybe we're going to find out in the coming court case. Let's hope the decision is public and lawful.
posted by Nelson at 1:48 PM on September 14, 2013


Although exploiting a flaw in a Tor-enchanced popular browser still seems pretty close to attacking Tor itself. Not the network maybe, but the users; both the server hosters and the page consumers.

Much like political corruption is an assault on the polity, this is an assault on Tor itself. Who will trust Tor now?
posted by Pope Guilty at 1:59 PM on September 14, 2013 [3 favorites]


Darn, they can hack in my computer 24/7, but they have a lot of troubles reaching shadow banking accounts, tax-heaven accounts, averaging actual minimum wages etc. For breaching into a financial database would be an horrible, horrible crime and abuse of big data gulping capabilties!
posted by elpapacito at 2:01 PM on September 14, 2013 [8 favorites]


>> because it would not actually involve cyborgs

> To be fair, though, this particular disappointment applies to almost everything.

Cheney changed things.
posted by hank at 2:16 PM on September 14, 2013 [1 favorite]


"This is a discussion of a specific, directed, (reasonably) targeted attack"

Er...this doesn't seem like a terribly directed, specific, or reasonably targeted attack. This seems like they threw a sack of dog shit into an industrial fan.

Also, Going to Maine: nice name! :D
posted by GoingToShopping at 2:24 PM on September 14, 2013 [3 favorites]


The Kim Dotcom fiasco shows how complicated things can get when the FBI tries to prosecute people outside their jurisdiction using illegal methods. Let's hope they've learned their lesson this time.
posted by RobotVoodooPower at 2:28 PM on September 14, 2013 [1 favorite]


The FBI had to attack all of the sites on Freedom Hosting. How else were they supposed to compromise tormail?
posted by orme at 3:30 PM on September 14, 2013


It's probably reasonable to assume they had a valid court order for this action. They intend on criminally prosecuting, and without a court order that would be problematic.

Unlike FISA court orders, I imagine this one will be made public, available for scrutiny. If the defendant has a constitutional problem with the methods used against him, he can present these in open court.

I would also imagine that non-child pornography activities were outside the scope of the warrant, and anything gathered not relating to the investigation will not be admissible in court.

I also imagine that various western countries in the world would be happy to extradite defendants to the US to face child-pornography charges (the US wants to pay to lock these folks up? great for other countries!).

Now, this methodology does have implications - what happens when police around the world want to start using malware to attack suspects? What happens when the malware is poorly written and has horrid side effects (takes down businesses, impacts national infrastructure, etc)? These are important discussions to be having, and this is a bit of uncharted territory.

Because this was law enforcement acting (and not the national security apparatus), this action can be scrutinized by the courts (and the people).

Pretty savvy of the FBI to first use such technology against child-pornographers though; they are the folks least likely to gain sympathy from the public at large.

On the plus side (for privacy advocates), the FBI used up this vulnerability - and made TOR more secure by their actions (it could have been Chinese activists instead of child pornographers who had their anonymity removed).
posted by el io at 3:51 PM on September 14, 2013


It's getting almost comical at this point.

Next week I expect to read in the news "Government comes clean, fluoride really is mind control."

"FBI reveals cell-phone towers really do read your mind."

"ACLU expected to send most sternly worded letter yet."
posted by Ray Walston, Luck Dragon at 4:25 PM on September 14, 2013 [14 favorites]


This is not related to Tor.com science fiction website, right? I read a lot of short stories and don't want my character impugned.
posted by Renoroc at 4:38 PM on September 14, 2013


It seems like We The People can't even look at a computer sideways without committing some "crime" or other these days, up to and including "terrorism", (RIP Aaron Swartz) meanwhile these lawless people and agencies know they will go unprosecuted for committing actual computer crimes.

I want a nation where all are equal under the law, not this lawless caste system bullshit.

I'm sure it's all great fun if you're one of the caste beyond the reach of the law, but you're a corrosion to your own society, and "good intentions" of catching someone you believe is bad, can't make up for your fundamentally corrosive actions.
posted by anonymisc at 4:43 PM on September 14, 2013 [2 favorites]


We should coin some term like "American legal exceptionalism" that expresses our justice system's sense of invulnerability, infallibility, etc., ranging from police violence through prosecutorial overreach, ala Aaron Swartz', etc., along side its desire to expand itself internationally where it lacks any legitimacy. Nicely paired up here :

Abu Ghraib Torture Victims Ordered To Pay U.S. Contractor’s Legal Fees
posted by jeffburdges at 4:56 PM on September 14, 2013 [5 favorites]


The FBI literally attacked something named "Freedom" and in doing so overstepped international sovereignty boundaries with illegal methods taking a "kill them all and let God sort them out" approach. Any chance you have any news stories that aren't just already allegories?
posted by DoctorFedora at 4:59 PM on September 14, 2013 [2 favorites]


I'm in a "make lemonade" mode right now. As long as the government is going to be controlling the internet, they might as well go all the way and act as mods.

As the thread on weev shows, the internet has become the place where bigoted misogynists have made a stand, and are rapidly making it unusable for anyone else. A civilization that can't protect itself against the barbarians will soon fall, and so to prevent a collapse we're going to need internet policemen. So if the FBI and NSA are going to end the wild-west era of unraveled liberty on the net anyway, we might as well give them the authority to say "Threatening a woman with rape and dismemberment? Take a year off the internet."
posted by happyroach at 5:41 PM on September 14, 2013


The FBI had to attack all of the sites on Freedom Hosting. How else were they supposed to compromise tormail?

Sorry, is this sarcasm? I know little about tormail's function, and would like some clarification here.
posted by Going To Maine at 6:25 PM on September 14, 2013


"ACLU expected to send most sternly worded letter yet."

What else would you have them do? What's the point in suing when the people you are suing make the laws, and can fall back on secret 'legal authorisation' whenever challenged?
posted by His thoughts were red thoughts at 6:41 PM on September 14, 2013 [3 favorites]


Sorry, is this sarcasm? I know little about tormail's function, and would like some clarification here.

No sarcasm. The tormail pitch is truly anonymous outbound mail. The people who are interested in that pitch are more likely than the usual to be of interest to law enforcement. This is especially useful if you have the outbound emails timed with the login period of certain IPs.

Of course, I'm sure they've made sure to delete all data not connected with the CP sites.
posted by jaduncan at 6:53 PM on September 14, 2013 [3 favorites]


What else would you have them do? What's the point in suing when the people you are suing make the laws, and can fall back on secret 'legal authorisation' whenever challenged?

This is why judicial appointments and elections matter, people.
posted by clarknova at 6:54 PM on September 14, 2013


It makes me sad that level of respect for privacy can only be seen an ironic punchline these days.
posted by jaduncan at 6:55 PM on September 14, 2013 [4 favorites]


And obviously any evidence obtained from hidden services not approved by the judge should be inadmissible.
---
I would also imagine that non-child pornography activities were outside the scope of the warrant, and anything gathered not relating to the investigation will not be admissible in court.

Have you not gotten the recent memo? The new normal is that we pass this illegal evidence on to the relevant authorities, who then use it and create a plausible fake story about how it was legally gathered.
posted by Meatbomb at 7:57 PM on September 14, 2013 [7 favorites]


Whenever I hear people moaning about child pornography, it resonates in my mind with how D&D was a gateway to witchcraft, how rock stars were supposed to all be in league with Actual Satan instead of Ironic or Metaphorical Satan, and how halloween candy had to all be checked for razor blades. Not to mention the War On Drugs.
posted by JHarris at 8:20 PM on September 14, 2013 [7 favorites]


(That is to say, a mostly overblown threat designed to install fear, for whatever reason. There probably are child pornographers, but is it really that bad a problem?)
posted by JHarris at 8:22 PM on September 14, 2013 [1 favorite]


It’s always child pornographers or terrorists. After 9/11 I said at least they had something else to use because it was getting hard to believe there were that many child pornographers out there.
posted by bongo_x at 8:41 PM on September 14, 2013 [2 favorites]


It's a very nuanced issue, JHarris. The prevailing thought where I live, in Japan, seems to be that the pornography itself doesn't hurt anyone but is not something we should allow to proliferate. Owning child pornography is legal, but it is illegal to sell or to produce. There have not been, as far as I know, any scientific studies that people who consume child pornography are any more likely to be caused to then commit crimes on actual children, as the "causation vs correlation" thing would be difficult to disentangle. Things get even weirder when you consider that a lot of the child porn here is actually manga, and the victims are mere illustrations.
I'm not really sure how I feel about the Japanese laws, but I DO find it absolutely sickening that I can accidentally walk into a child porn store in Akihabara that nobody really seems to care about. I think there's a corrosive, sick element to Japanese culture that can be seen in a more mature form with "bands" like AKB48 and media like Evangelion. You may wonder if child porn is really as bad a problem as the authorities claim it to be, but I can assure you that just ignoring it makes for some pretty nauseating experiences.
posted by GoingToShopping at 8:44 PM on September 14, 2013 [1 favorite]


If the worst that law enforcement breaking the law with impunity resulted in was me being horribly nauseated, I would be very, very relieved.
posted by Zalzidrax at 10:02 PM on September 14, 2013 [2 favorites]


There have not been, as far as I know, any scientific studies that people who consume child pornography are any more likely to be caused to then commit crimes on actual children, as the "causation vs correlation" thing would be difficult to disentangle.

Except if these people weren't looking at, and buying, child pornography, there wouldn't be a market for it. Then those children who are the ones being abused might not be victimized.

Children are being abused and raped to make the images that are photographs. Child pornography should be illegal at every level.

Owning child pornography is legal,

If this is correct, that is allowing more children to be abused and is something that needs to be addressed.
posted by SuzySmith at 11:07 PM on September 14, 2013 [2 favorites]


The prevailing thought where I live, in Japan, seems to be that the pornography itself doesn't hurt anyone but is not something we should allow to proliferate.

Victims of child pornographers have said that the proliferation of their images means they are victimised over and over again; not only by knowing that records of their abuse and rape are online, but by being actually recognised by people who have viewed those images. In other words, passive consumers of child pornography are contributing to the harm caused by the pornographers.

This theory has been accepted by US courts; I posted a FPP about it a few years ago.
posted by Joe in Australia at 11:57 PM on September 14, 2013 [2 favorites]


Oh, and here's a recent (28 August 2013) follow-up: Victim of child pornography sues her exploiters
posted by Joe in Australia at 12:01 AM on September 15, 2013 [1 favorite]


Where I live, suspects for other crimes seem to quite often have a count of "possessing child pornography" included in their charge sheet, that they are never actually prosecuted for.
I have been told that this is used as leverage: "That's a pretty young looking girl in your browsers cache, maybe she is 17? Let's add a CP charge to blacken your name and see if we can't get you to confess to the other things we have arrested you for."
posted by bystander at 12:44 AM on September 15, 2013 [2 favorites]


That's a problem with bad prosecutors, not the idea of child pornography being illegal.
posted by Joe in Australia at 1:32 AM on September 15, 2013


Small derail:
I was wondering why you all weren't mentioning his secret dungeon with cages for children, and it turns out a story I had been conflating for two days was completely muddled.

Thanks, Metafilter!
posted by Mezentian at 2:23 AM on September 15, 2013


I have been told that this is used as leverage: "That's a pretty young looking girl in your browsers cache, maybe she is 17? Let's add a CP charge to blacken your name and see if we can't get you to confess to the other things we have arrested you for."

I would be very surprised if this wasn't happening. All it takes is one questionable image in your browser cache and you have "child pornography on your computer." You really think a prosecutor looking to increase his conviction count isn't going to use that?
posted by JHarris at 3:02 AM on September 15, 2013


(It's always a binary thing when you hear about it in the media. He has it or doesn't. Complete innocence or ultimate darkness.)
posted by JHarris at 3:04 AM on September 15, 2013


Child porn is evil and I applaud the FBI vigorously pursuing it. That said, they still have to play by the rules and this was a massive violation of those rules. I would like to think some heads will roll and some will see prison time, but I'm not holding my breath.
posted by Mental Wimp at 9:04 AM on September 15, 2013


I remember back in 1998, the movie "Enemy Of The State" with Will Smith and Gene Hackman came out. It was a fun MacGuffin-based action/suspense thriller that featured all the stuff that always sounded both plausible and far-fetched: massive data centers scanning all phone calls for words like "Allah" or "Bomb", digital wire-taps, black helicopters, government agents planting child porn on 'undesirables', all that stuff.

I remember thinking it all seemed like so much bullshit after 9/11, but now I don't know what to think.
posted by Uther Bentrazor at 9:22 AM on September 15, 2013


How can anyone rationalize that child porn isn't that bad? Child porn isn't just 17 year olds. It's little kids, too. Being raped for the enjoyment of sick fucks everywhere. How can anyone in any way be OK with that?
posted by double block and bleed at 10:07 AM on September 15, 2013


To add to that: I can tell you from experience that being molested was a horrible experience. I'm glad that there aren't any pictures of me going through that experience floating around on the internet for entertainment value.
posted by double block and bleed at 10:16 AM on September 15, 2013


double block and bleed: "How can anyone rationalize that child porn isn't that bad? Child porn isn't just 17 year olds. It's little kids, too. Being raped for the enjoyment of sick fucks everywhere. How can anyone in any way be OK with that?"

Not many people are OK with that, if anyone. However, I'm against the freakout level attention we pay to it as a society. As part of my job it occasionally falls to me to image people's hard drives and look for questionable material. In all of the times I've been told that a computer is suspected of having child porn on it I have yet to find it in the more than a decade these requests have been coming in. It's a surprisingly common accusation in some situations.

Obviously it is in fact out there, as is the abuse from which it derives, but specific accusations of possession are rarely (provably) true in my experience.
posted by wierdo at 11:52 AM on September 15, 2013 [2 favorites]


We all consider child sexual abuse and child porn particularly serious offenses, but our society has gone much much too far : Life on the List (2012), Teen girl sentenced to life of misery for blow job (2008), VA's Teabagger AG Cucinelli still trying to outlaw oral sex (2013), Washington Man Who Killed Two Rapists Gets Life Sentence (2012), Double murder seen as part of man’s quest to kill sex offenders (2013), Orange County man gets life in prison for killing sex-offender neighbor (2013), etc. We're simply watching authoritarian bureaucrats increase their power by manufacturing fear.

Any crimes committed by Eric Marques were committed in Europe, and should be tried there, but several U.S. law enforcement agencies like the DEA and FBI love trying to press their powers overseas. It's infinitely more important that the FBI get rebuked than that Marques does time, but if Ireland or France lacks our "state actor" doctrine then they're free to prosecute him using the FBI's evidence.
posted by jeffburdges at 12:51 PM on September 15, 2013 [4 favorites]


That's a problem with bad prosecutors, not the idea of child pornography being illegal.

I never said child pornography shouldn't be illegal. What I think is that it's used as a bugbear, a scary thing people can use to demonize someone, especially when it's not always certain what's child pornography or not, nuance that's always lost when attaching the label to someone.
posted by JHarris at 1:32 PM on September 15, 2013 [1 favorite]


It's certainly possible that child pornography accusations can be used that way, but I think that argument would be a derail from the facts of this situation: Marques allegedly ran a server that was notoriously the hub for people exchanging child pornography via Tor. Presuming that this is true, it isn't a case of an unidentified photo sitting in a cache: it's effectively someone who has his own huge collection of child pornography. I guess you could argue that Freedom Hosting was in the position of a common carrier, but if UPS were running a special anonymised delivery service then it would probably be shut down, too.
posted by Joe in Australia at 3:26 PM on September 15, 2013 [1 favorite]


My point is that the demonization is a symptom, an example of the kinds of overreach we find ourselves -- all of ourselves! -- capable when we declare something utterly reprehensible and are certain it's everywhere.

The FBI used catching a child pornographer as an excuse to sneak malware onto people's computers -- and in casting that net, to "accidently" sneak it onto others' as well! That's terrible, full stop -- malware should not be a tool of the state. It's basically Stuxnet deployed against citizens. And they also use it as a justification for damaging an anonymous communications system existing in the private sphere, with substantial non-child-pornography applications.

It's only a matter of time before that same process is used to attack political speech.
posted by JHarris at 5:24 PM on September 15, 2013 [2 favorites]


So if the FBI and NSA are going to end the wild-west era of unraveled liberty on the net anyway, we might as well give them the authority to say "Threatening a woman with rape and dismemberment? Take a year off the internet."

I would rather that reality tried as hard as possible to not imitate the art of hackers.

No but seriously, this is a plot point in that movie that the main character is ordered to "take time off" from using computers/the internet.
posted by emptythought at 7:06 PM on September 15, 2013


> The articles suggest that it used JavaScript to deliver a Windows executable. Normally web browsers wouldn't allow this but many Tor users use a specially-customised version of Firefox that's designed to make Tor use easy. This specially-customised version had a security flaw that let the JavaScript run the Windows executable.

This isn't quite accurate. The security flaw that the FBI exploited was present in both Tor Browser Bundle and in official Firefox builds. It was fixed in Firefox 17.0.7esr which was released by Mozilla on June 25, and in Tor Browser Bundle 2.3.25-10 which was released one day later (June 26).

By the time of the FBI began serving exploits through Freedom Hosting (August 4), both the vulnerability and the fix had been public for several weeks, and only users who had failed to update were vulnerable.

Note: I'm a Firefox developer.
posted by mbrubeck at 1:40 PM on September 16, 2013 [2 favorites]


NSA and GCHQ target Tor.
posted by adamvasco at 3:51 AM on October 5, 2013


« Older Marginalia and Annotations online   |   "Well, now they know." Newer »


This thread has been archived and is closed to new comments