
To keep Tor hack source code secret, DOJ dismisses child porn case - awqrre
https://arstechnica.com/tech-policy/2017/03/doj-drops-case-against-child-porn-suspect-rather-than-disclose-fbi-hack/
======
moomin
So, let's see now: a man is going free who should probably be going to jail
for a long time, because the state doesn't want to disclose the methods of
gathering evidence against him, which we can speculate are because they are
illegal or sourced from non-law-enforcement agencies. A case with near-
identical facts and the same judge _is_ going to trial and, not content with
tapping your email, the state now wants to put viruses on your computer.

It's hard to point to anything in this story that resembles "How the world
should be".

~~~
woolly
While the majority of it probably isn't 'how the world should be', a man is
going free because (we speculate) that the evidence against him was gathered
illegally. This bit probably is 'how the world should be'.

~~~
Huffers2
I've never understood this. If I gather evidence against somebody illegally,
and it proves their guilt, shouldn't we both go to jail?

~~~
tptacek
You're getting a lot of huffy responses to this question, but it is an
entirely legitimate one. In fact, many (maybe most?) western countries don't
have the same exclusionary rules the US has. There are other remedies to
police misconduct. If you were starting a nation from first principles, it's
not an iron law of justice that your courts have that rule.

The reason we believe the exclusionary rule works so well is that it strikes
directly at the incentive structure for the police. We don't have to convince
evidence-gathering officers of their liability or assess liability up and down
the chain of responsibilities on the prosecution's side; we just have to
assess whether evidence was handled properly, and, if it wasn't, the
prosecutors lose the evidence. The one simple rule neatly ensures that nobody
--- in any role --- on the prosecution's side has any incentive to mishandle
evidence (or coerce underlings or partner organizations to mishandle it).

But clearly the rule isn't a _requirement_. We don't generally believe, for
instance, that Canada's criminal justice system is systemically corrupt, and
they don't have a hard-and-fast exclusion rule.

~~~
waqf
> _incentive structure for the police_

That assumes that the police's incentive is simply to convict as many people
as possible. Which, if true, raises other concerns.

~~~
setr
I think it more assumes that the police's incentive is to maximize the ratio
of accusation to conviction as much as possible, which is a reasonable goal.

If they were simply trying to maximize the total number of convictions, then
this wouldn't necessarily help; the police would just make broaden the kind of
cases they'd accuse

And ofc, it's the function of the police to maximize the misdemeanor to
conviction ratio; it's the function of the court to judge the quality of
misdemeanor.

It is the function of whatever social/moral arm of the government to minimize
misdemeanors. A police officer minimizing the number of accusations should
only be doing so for practical reasons; In the ideal world he shouldn't be
trying to interpret the law itself, and if it _should_ exist (because it
should in general be explicit what is and is not legal, and in general, it is
not the policeman's job to decide what is moral, it is to enforce the standing
morals.)

But its not an ideal world, and nobody wants to spend time/effort/money on a
trash case, so the general incentive is to _successfully_ convict; not to
simply try.

~~~
foldr
>I think it more assumes that the police's incentive is to maximize the ratio
of [conviction to accusation] as much as possible, which is a reasonable goal.

Strictly speaking it's not a very reasonable goal. The best way to achieve it
would be to pick, say, the three easiest to prosecute cases every year and
only prosecute those.

~~~
setr
Well shit

Maximize ratio and minimize unaccounted (unaccused?) crime

------
mirimir
Questions about what methods investigators can legitimately use aside, the
practical implications are clear. You can not count on Tor alone for real
anonymity.

So what might these NITs be doing? In the simplest case, they'd be dropping
malware that reports ISP-assigned IP address, local IP address, network
hardware MAC, and whatever to FBI servers. And it's probably Windows malware.

To protect against that, you isolate userland and the Tor process in separate
machines, or at least VMs. So adversaries that compromise browsers etc can't
discover ISP-assigned IP addresses, and can't reach the Internet except
through Tor. Also, you don't use Windows or OSX. Whonix does this, and you can
run it in Qubes.

It's possible that these NITs are exploiting a bug in Tor itself. Even if that
were so, however, isolating the Tor process from userland would mitigate that
risk.

Perhaps the FBI has access to substantial numbers of malicious Tor relays,
operated by the NSA etc. To mitigate that risk, you can hit Tor through nested
chains of VPN services. Even if they identify the final VPN exit in your
chain, they will probably need to track back through the chain to identify
you. And by including unfriendly jurisdictions in your chain, you can make
that harder.

Finally, it's possible that the NSA has sufficient global intercepts and logs
to deanonymize any network connection, no matter how complicated and indirect.
It's impossible to say.

~~~
zkms
> To protect against that, you isolate userland and the Tor process in
> separate machines, or at least VMs.

This applies as well to people who run Tor hidden services that are doorkicker
bait (like drug cryptomarkets).

It should be impossible for a compromised browser or hidden service server or
Tor process to know anything about your hardware or MAC address, your internal
IP address (the RFC1918 one), or your globally routable IP address.

also yeah the Feeb loves to exploit browsers (especially firefox :^) and make
them execute the NIT (which just sends, unencrypted/unauthenticated data of
the MAC address, ethernet interface's IP addresses, username, and stuff like
that, to a computer run by the FBI)

once one of their exploits got leaked, it was pretty fucking lulzy
[https://blog.mozilla.org/security/2016/11/30/fixing-an-
svg-a...](https://blog.mozilla.org/security/2016/11/30/fixing-an-svg-
animation-vulnerability/) [https://lists.torproject.org/pipermail/tor-
talk/2016-Novembe...](https://lists.torproject.org/pipermail/tor-
talk/2016-November/042639.html)

~~~
mirimir
The NIT used in Freedom Hosting pwnage was originally a Tor/VPN leak test on
Metasploit ;)

------
throwawasiudy
In case it isn't obvious to everyone, the government runs or has tapped most
or all TOR exit nodes. This has been going on forever.

Nobody knows exactly what the attack is...but if they're willing to drop cases
to cover it up, its probably something that either: 1) completely breaks TOR
permanently 2) is easy to bypass/block

Since TOR has withstood a lot of scrutiny I'm betting on option #2. They found
a total break but it's really brittle. Either an exploit in software, or more
likely, some protocol hiccup that allows them to de-anonymize users running
certain popular software or OS.

~~~
dajohnson89
Do you have any evidence for the claim that TOR is so badly compromised? My
understanding of the article is not that TOR was hacked, but rather that a tor
user was tricked into opening a non-tor site and thus giving away his/her IP
address.

Also if just the exit node is compromised, encrypted connections are still
safe (TTBOMK).

~~~
tbrowbdidnso
[https://www.google.com/amp/s/nakedsecurity.sophos.com/2015/0...](https://www.google.com/amp/s/nakedsecurity.sophos.com/2015/06/25/can-
you-trust-tors-exit-nodes/amp/)

Not the FBI per se, but it shows that someone is clearly attempting to
compromise TOR users.

Also there's been whispers about it forever. Much like the "black rooms" at
datacentres before all the NSA leaks.

The FBI has a long history of tracking down and compromising CC theft and CP
rings, along with silk road and the hoards of clones. Most of these sites are
primarily or only accessible over TOR.

Running compromised TOR nodes would be an extremely cheap way to monitor a
large portion of illicit Internet traffic. The frequent busts are usually
attributed to other reasons to shift attention away from TOR, but this is
classic parallel construction.

The feds will nearly always get you on secondary evidence when the primary
means is too sensitive... See stingrays. The sheer number of TOR based site
busts however is telling.

Anyone relying on TOR for security is a fool. It's more heavily monitored than
the regular net.

~~~
chii
< Anyone relying on TOR for security is a fool. It's more heavily monitored
than the regular net.

this is why we should encourage more tor traffic for regular, normal use.
making the cost of deanonymization more costly.

~~~
mirimir
I believe that Tor Project ought to encourage bulk data transfer through and
among onion services. That would add chaff to protect other users. There's
resistance because it would increase network load. However, there's
considerable excess capacity for middle relays, because they attract so little
attention. There's even excess capacity for entry guards, and policy could be
changed to increase that. It's exit relays that are rate-limiting, and onion
sites don't use them.

Using multiple Tor instances with MPTCP, I've managed 50 Mbps between onion
sites with gigabit uplinks.

------
MilnerRoute
The prosecutors said they may file charges later (according to the article).

They may just want to keep from revealing the details as long as possible --
but could re-file the same charges years later, right before the Statute of
Limitations.

~~~
bsder
This actually bothers me greatly. Not carrying through once charges are filed
should be equivalent to "not guilty".

~~~
jemfinch
So, in a timeline this:

* "We have an eyewitness! File the charges."

* "Our eyewitness recanted, dismiss."

* "We now have DNA evidence, refile the charges."

You actually think the trial should not be allowed to go forward?

~~~
bsder
> You actually think the trial should not be allowed to go forward?

Actually, yes. If you filed a case on something so flimsy and it collapses,
the case should get dismissed.

It would sure make prosecutors go the extra mile to make sure that there is
_concrete_ evidence before filing charges.

Simply _filing_ charges can destroy someone's life. The prosecution should
have to put something at risk when they do so.

------
sandworm101
I think they want to to disclose. I think prosecutors expected that they would
be allowed to do so by now. They probably assumed the exploit would have been
patched away, or that some better tool would have come allong by this point in
time. Id bet good money that this tool is still in active use by some three-
letter agency. Should it be discovered or patched before the SOL, its intel
value will drop and prosecutions will begin again.

~~~
jlarocco
That was my thought as well. Especially since they dismissed the case in such
a way that they can bring it back later. Might as well use it to collect
evidence while they can, and then bring all the charges when the exploit is
fixed and it's not useful any more.

It sucks that the pervert in the case is going free (for now), but I would
guess the experience scared him enough that he won't be doing it again any
time soon.

~~~
sandworm101
Dont go too nutz about him not going to jail. An arrest on child porn charges
destroys one's life. Guilt or innocence doesnt matter. Jobs are lots. Families
are broken apart. Neighbours now hate you. This man's life will never be the
same. And he hasnt had any day in court. We should not judge too harshly.

------
hackuser
Why is an exploit against a Tor user so valuable? Assuming the attackers can
access the server, which for the FBI seems a reasonable assumption (they can
seize the server, operate it as a honeypot, etc.), all they need is a browser
vulnerability.

Perhaps they did use a valuable exploit in this case, or they used something
not legal (such as something not covered by their warrant or NSA
surveillance).

~~~
ENOTTY
They might be actively using it in other investigations that might be
compromised if this exploit were fixed.

~~~
hackerboos
But can't those cases just be dismissed also? Unless they decide that case is
worth the release of information.

~~~
AlexCoventry
They're probably using it for higher-priority investigations, like keeping
track of terrorist communications.

------
caf
I don't quite see why they can't use the same method they use in espionage
cases in this situation - if there's classified evidence, the defence lawyers
need to get security clearances and are under the same obligation not to
further disclose the information as anyone else (even to their own client).

~~~
angry_octet
It isn't a national security issue so there is no justification for those
measures. In criminal cases there is a strong constitutional and natural
justice basis for the accused being able to examine and attempt to rebut the
evidence.

~~~
caf
As I understand it those issues are covered by the accused's lawyers being
able to examine the evidence on behalf of the accused, which would extend to
having it examined by an expert witness who can attempt to impeach it.

~~~
Retra
Right. How is the accused supposed to provide an honest account to their
lawyer if they can't even know what evidence exists against them? They'll have
nothing to refute, and their lawyer can't ask them pertinent questions about
their own defense.

~~~
caf
I don't really see how that applies to the situation at issue here - the facts
that the state wants to protect seem to be around the technical details of the
way in which the evidence was acquired (the article talks about source code).
The lawyers for the accused don't need to disclose the source code to their
client to be able to say _" The state's expert witness is going to testify
that at such-and-such date and time an IP address which the ISP says was
assigned to your account at the time logged into the site under such-and-such
account name and access such-and-such content"_, which is the part the accused
can refute. Their testimony on the source code itself wouldn't be accepted
anyway.

------
ycmbntrthrwaway
How comes they are charged with "accessing the website"? Is it illegal or
what?

~~~
sandworm101
Yes, but there are a few details that ars is not mentioning. They didnt just
"access" the website. The website needed registration. These people had
registered accounts. They did not stumble upon it by accident. Then the
malware was limited to those accessing the "hardcore" section. Those accessing
only legally grey-area material (ie nude but no sex acts, or images where age
was questionable) were not caught up. Deliberately trying to access material
you know is illegal, then actually doing so, is a crime.

There were no doubt other steps taken to limit the field of people to charge.
Shared computers and shared IP addresses (vpns, school networks etc) seem to
have been deselected. The man living on his own, with his name attached to a
non-proxied internet connection, makes for an easy prosecution. They must have
a far longer list of suspects ... who may now be on some sort of watch list. I
suggest they think twice about boarding an international flight with a laptop.
Expect to be randomly searched.

------
tribby
\- "tor hack," or tor browser user who didn't turn off javascript?

\- is this only an issue for the prosecution because it happened before the
changes to rule 41?

~~~
wheelerwj
i believe thise case was initiated prior to those changes.

------
Esau
This is what happens when the net is more important than the fish.

~~~
wheelerwj
which is pretty crazy, because crimes involving CP are some of the biggest
whales that exist in our society.

~~~
umanwizard
Not really. CP possession convictions happen routinely. They're treated as a
serious crime but usually not as serious as, say, premeditated murder.

Producing it is of course another matter.

------
oxide
This is routine. The accused has money for a lawyer, otherwise this would have
been a plea deal and a conviction with no reveal requested.

~~~
saosebastiao
The lawyer is a public defender in Tacoma.

------
jlebrech
why not jail the guy and pay a fine too.

they jail innocent people all the time a give huge payouts or put people away
in guantanamo and then also pay huge amounts of compensation.

how about the judge fines the law enforce and gives the fine to orphanages or
to the victims.

------
endgame
Won't someone think of the children?

~~~
ryan_j_naughton
Are you serious or being facetious?

If you are being serious, I'd like to direct you to the wikipedia page on the
topic:
[https://en.wikipedia.org/wiki/Think_of_the_children](https://en.wikipedia.org/wiki/Think_of_the_children)

"In debate, however, as a plea for pity, used as an appeal to emotion, it is a
logical fallacy"

~~~
endgame
Snarky, mostly. So often the people who want to ram through additional
surveillance will do so using "think of the children" rhetoric, as though they
were the most important thing in the world.

And now we find that when it comes time to actually use these tools to protect
the children, the secrecy of the tools is more important.

~~~
snailletters
From the Wikipedia article, "Community, Space and Online Censorship (2009)
argued that classifying children in an infantile manner, as innocents in need
of protection, is a form of obsession over the concept of purity."

I believe I see what you mean, however in a case of child pornography do you
not think that it's in a human's best interest to keep something from abuse of
naivety?

------
elastic_church
Best public defender ever?

------
teddyh
Does this mean that one of the four horsemen of the infocalypse has been
proven a fake?

