
Judge Rules FBI Must Reveal Malware It Used to Hack Over 1,000 Computers - 56k
http://motherboard.vice.com/read/judge-rules-fbi-must-reveal-malware-used-to-hack-over-1000-computers-playpen-jay-michaud
======
boosting6889
The Justice Department contends that the act of viewing a child porn image
revictimizes the child each time the view occurs and is the basis for arguing
that viewing child porn is not a victimless crime. Yet the FBI seized a server
and allows such images to be downloaded and viewed thousands of times over a 2
week period. This would be like seizing the operators of an underground rape
dungeon where patrons pay to rape children - and allowing such an
establishment to run for 2 extra weeks to catch the patrons, regardless of any
collateral damage that occurs to innocent children as a result. People would
be up in arms over this. So, does viewing an image of child porn cause
additional harm to the child in the image or not? Which is it? (This of course
excludes instances where the viewer is paying/supporting production of the
material)

~~~
presidentender
The dissonance is accepted in this case because of the repulsive nature of the
crimes, as determined by our current social consensus.

Philosophical purity is very appealing, but ultimately the justifications we
use for why the law is the way it is only have to stand up long enough to
convince most interested parties that we're doing the right thing.

~~~
Floegipoky
Stated another way, the law is being ignored because these particular criminal
defendants' rights don't matter when they're inconvenient, based on the
crime(s) they were accused of.

When the law is influenced by societal consensus the legal system becomes a
farce.

~~~
jtedward
I think when the law is not influenced by societal consensus it becomes a
farce. In many ways the societal consensus on morality is law wheather it
maintained by the state, vigilantes or in this case a legal fiction which is
some combination of both.

~~~
ryanlol
I think this quote by the recently passed Justice Scalia is appropriate here

"the Constitution, or any text, should be interpreted [n]either strictly [n]or
sloppily; it should be interpreted reasonably"

------
moyix
Unless this is different from the shellcode they used when taking down Freedom
Hosting, I'm not sure what releasing it would do. There are already numerous
analyses of the code:

\- Vlad Tsyrklevich:
[http://tsyrklevich.net/tbb_payload.txt](http://tsyrklevich.net/tbb_payload.txt)

\- Gareth Owenson: [http://owenson.me/fbi-tor-malware-
analysis/](http://owenson.me/fbi-tor-malware-analysis/)

\- My own analysis based on running it in PANDA:
[https://www.reddit.com/r/ReverseEngineering/comments/1jpln2/...](https://www.reddit.com/r/ReverseEngineering/comments/1jpln2/has_anyone_else_taken_a_look_at_the_shellcode/cbh1qpe)
(you can also get the recording of the shellcode executing and step through it
here: [http://www.rrshare.org/detail/26/](http://www.rrshare.org/detail/26/) )

It's not big, and we have a pretty good idea what every piece of it does.

Of course, I suppose we don't know that the malware it used in this case is
the same as the one in the Freedom Hosting case, so I guess it would be nice
to compare and contrast them.

~~~
belorn
One benefit is to have documented evidence that FBI did release malware to the
public. There has been little to no discussion on safeguards or liability when
it comes to government published malware, and I wonder if a concrete example
can enable such discussion.

------
spdustin
Imagine a later hardline: "FBI Ordered to Reveal the Code Used to Backdoor San
Bernadino Suspect's Phone"

~~~
Zigurd
The accused is conveniently dead in this case. In the next case, a defendant's
lawyer would surely want to inspect the instruments used to gather evidence.

~~~
kiba
Maybe we should appoint public defenders for the conveniently dead.

------
Shivetya
I am more concerned that there is no limits to what they can do in regards to
a honeypot (trap/etc). You would think child porn would be one thing they
would not go this far with.

Regardless, I think someone with expertise should be allowed to review any
code developed by the government in such operations only to ensure it does not
somehow violate the rights of innocents

~~~
ikeboy
The judge is not concerned [http://motherboard.vice.com/read/judge-rules-fbi-
running-chi...](http://motherboard.vice.com/read/judge-rules-fbi-running-
child-porn-site-for-13-days-was-not-outrageous-conduct-playpen)

~~~
Lawtonfogle
Can't wait til they run an actual brothel this way. I mean, it is only a
couple of throw away society doesn't care about and just imagine all the
monsters we could catch doing so... :(

------
bpicolo
"Sure, here it is compiled to assembly and stripped of all comments." is sort
of what I'd expect

~~~
ebf6
If you analyze malware for a living, then the assembly _is_ the source code.
:)

It's really not that much of an issue. It makes things more fun.

I am curious about whether they developed the malware in-house or if they
hired a contractor. Is there any information out there on this? I wouldn't be
surprised if they cut out parts, which may hint at a particular contractor
having developed the malware.

Also, I still do not understand why TOR Browser Bundle allows scripts by
default.

~~~
sirsar
> Also, I still do not understand why TOR Browser Bundle allows scripts by
> default.

The best diet is the one you can actually stick to. The best birth control is
the one comfortable enough to use. The best anonymity software must be usable
enough for Joe Average.

If the situation is high-stakes, TBB comes with NoScript installed. And you
should probably get a burner laptop, do all your web browsing off TAILS, and
randomly change your physical location.

~~~
ebf6
> If the situation is high-stakes, TBB comes with NoScript installed. And you
> should probably get a burner laptop, do all your web browsing off TAILS, and
> randomly change your physical location.

You are absolutely correct about practicing good opsec, however I have to
challenge the usability argument. TOR is already less usable due to many sites
blacklisting TOR exits nodes and latency (although connecting to a hidden
service is a better idea, and avoids the blacklisting issue. And yet hidden
services tend to avoid the JS requirement as well). If Joe Average is willing
to put up with that in order to stay anonymous, I'm sure Joe would be willing
to disable scripts.

On the other hand, if Joe doesn't understand why having scripts enabled is a
security risk, then this might be a better reason to have scripts off by
default, anyway.

~~~
21
Average Joe probably worries about Average Hacker/Average Stalker

If he's up against the government, he's going down.

~~~
ebf6
That's assuming that average hackers don't use script browser exploits...

And the FUD about there the government being so competent that it's impossible
to hide from them has to stop. It's just so entirely useless and devoid of
reality. If you were going down, for example Snowden would be an unknown name
to us.

------
singletonaccnt
So the headline uses the word "pedophiles", but in the article the word is
nowhere to be found. Maybe that's because this sting isn't necessarily about
pedophiles, but about people watching and trading child pornography. Using
"pedophiles" only serves to reinforce the stigma of a already heavily
stigmatized minority.

The word "pedophile" should be defined as someone with a sexual attraction
towards children. It doesn't describe behavior: people can choose to not act
on the attraction, and many, invisible as they are, in fact do not. Also, the
people operating and visiting that hidden service could have had other reasons
for visiting. They are not necessarily all pedophiles.

~~~
jakejake
I feel that people who watch child porn and find it appealing rather than
repulsive - qualifies you as a pedophile in my book. It's certainly a lesser
crime than actual sexual assault of a child. But watching sexual assault for
enjoyment and trading in these videos is still a crime. The term pedophile
fits just fine as far as I'm concerned.

~~~
placeybordeaux
It's an overgeneralization, it's like conflating straight males with people
that watch a male raping a female.

~~~
jakejake
I's say it would be more like comparing a male who rapes a female with a male
who watches that rape.

Regardless, though, the term "pedophile" by definition is someone who is
sexually attracted to children. There is no distinction about whether or not
they actually committed a sexual act with a child. A person who commits a
sexual act with a child is by definition a pedophile and a rapist, since
children cannot legally give sexual consent.

------
ikeboy
URL should be changed to the source [http://motherboard.vice.com/read/judge-
rules-fbi-must-reveal...](http://motherboard.vice.com/read/judge-rules-fbi-
must-reveal-malware-used-to-hack-over-1000-computers-playpen-jay-michaud)

~~~
dang
Yes. Changed from [http://www.engadget.com/2016/02/19/fbi-reveal-code-
lawsuit-d...](http://www.engadget.com/2016/02/19/fbi-reveal-code-lawsuit-dark-
web-pedophiles/), which points to this.

