
Australian police sting brings down paedophile forum on dark web - kristofferR
https://www.theguardian.com/society/2017/oct/07/australian-police-sting-brings-down-paedophile-forum-on-dark-web
======
kristofferR
People should really read VGs special, which covers things like:

* How VG found the IP of the Tor Hidden Server, and discovered that it was being run by Australian police.

* Why Australian police got to run the site, despite having no direct connection to it, due to how their laws allow the police to act in ways that are criminal elsewhere (basically digital black sites).

* How the forum had a policy that all posts from the admin had to include rape images, as an attempt at preventing police from honeypoting the site.

* The ethics of the police running a CP forum, including police posting CP themselves.

[https://www.vg.no/spesial/2017/undercover-
darkweb/](https://www.vg.no/spesial/2017/undercover-darkweb/)

~~~
anonymous5133
>He found one weakness: By asking the server the right question, it would
reveal his own IP address .

>The question was asked and the server replied. It was located in Sydney,
owned by the server Digital Pacific.

What the hell does that even mean? It almost sounds like they were doing
packet sniffing and looking at the IP addresses of where the packets came
from. Any non-tor exit node IPs could be the server's IP. Similar strategy was
used against Silk Road.

~~~
kristofferR
They have a more technical description of the process further down in the
article, in the grey box:

"IP addresses and physical server locations are inherently difficult to find
on the Tor network. So how did VG’s computer expert get the forum to disclose
this information?

1\. Profile picture upload

The forum allowed users to upload a profile picture. This picture could also
be fetched from a user-supplied URL.

2\. The leak

This is where the information leak occurs. Configured for optimal security,
the forum’s software and/or server would fetch the remote profile picture via
Tor. Childs Play did not – all traffic to external sites originated from the
server’s real IP.

3\. The IP address is exposed

By telling the forum to fetch a picture from a server Stangvik controlled, he
could see in his server logs that the originating IP was with a hosting
provider in Sydney – Digital Pacific. Stangvik went on to confirm that
outgoing DNS requests originated from the same provider, and that the forum’s
software also loaded images included in forum post previews from the same IP.

4\. A proxy, VPN or Tor Exit?

The next question was whether the IP belonged to a Tor Exit Node, a VPN or a
proxy server. An IP can hide just about anything. How could he confirm that
this was the forum’s location, rather than just a node in a chain of
redirects? Stangvik applied three improvised techniques:

5\. Timing between the servers

He rented a virtual server with Digital Pacific – the same place as where the
suspected IP was located. He then updated the profile picture URL to point to
this server. Upon receiving an incoming profile picture request, Stangvik’s
server would respond with a redirect to another URL on the same virtual
server. Repeating this redirection process several time, Stangvik was able to
isolate and measure the roundtrip-time between the two servers. The
measurements yielded very low times, consistent with a forum server in close
vicinity of his rented server.

6\. Measuring intermediate nodes

Stangvik also paid attention to so-called «Time To Live» values on the
incoming data packets. These provide some insight into how many intermediate
parties are involved from the sender to the recipient. In this case, the
values indicated that there were at most one intermediate – a typical result
if the servers were located in the same room.

7\. Measuring packet size

The final test started to get advanced: Measuring MTU (Maximum Transmission
Unit) and packet fragmentation. Each packet in a computer network has a
maximum transmission size, based on which intermediates it passes through.
Each encapsulating technology, such as VPNs, can result in the total packet
size increasing beyond the maximum size, and local networks usually have
larger maximum sizes than the “tubes” found on the internet. If the maximum
size is surpassed, the packet will be broken into multiple fragments.

By crafting long profile picture URLs, and setting specific packet flags, in
the redirects returned by his custom web server software, he could see that
the MTU was consistent with that of high-speed local area network traffic, and
also ruled out VPN configurations."

~~~
ikeboy
This is why any server you want hidden should be behind something like whonix
where no process running on the server should know the IP.

~~~
oh_sigh
Damn. If only those child pornographers knew this tip.

~~~
KGIII
If I were going to do something so very illegal, I'd research the hell out of
it. If I were going to run something like this, I'd pretty much want to be an
expert on the architecture and software stack.

I'd be asking hundreds of questions, taking courses, and using as many layers
as would be reasonable to hide even my efforts at learning. I'd probably be
obsessed with security, more so than I am now. Much more so, in fact.

~~~
cyphar
And then you'd likely be in a select group of people who could be investigated
individually. OPSEC is hard in most circumstances, but it's very hard if
you're trying to be an expert on one topic in a short period of time.

~~~
KGIII
Yeah, I'd even have to make a point to hide my learning. Only a specific
subset of people would be asking how best to allow uploads while ensuring the
IP address was masked via Tor. Added with other questions, it'd put me into a
pretty narrow group, so even gathering information would need to be masked.

Fortunately, I don't actually want to do anything illegal. That will make it
easier. I do kind of want to learn how to set up a hidden service, but just to
satisfy my curiosity.

~~~
gjjrfcbugxbhf
The original silk road fell because of an opsec failure in a post on
stackoverflow...

~~~
KGIII
A few weeks ago, and prompted by an HN post, I considered writing about the
possibilities if ML as applied to large aggregate datum and with criminal
investigation as the motivation.

With all the public posts, writing style analytics, and use of a common
moniker across services, it seems that it may be possible to do just that on a
large scale. It seems that it could be made trivial to narrow down lists of
suspects by crunching large data sets that contain stuff like SO questions, AC
posts on Slashdot, or responses on HN.

After all, how many people are actively seeking to secure a message board as a
hidden service _and_ doing so at that time? I sort of envision it as having
some commonality with the timing attacks already in use to deanonymize Tor
users.

Subject A asked about securing IP addresses for uploads and Sevice A got this
feature two weeks later. Subject C asked about this security aspect and
Service A has that concern. Subject Q asked about using this forum software
and requested this modification. Service A uses that software, etc...

So, maybe Subjects A, C, and Q are all the same people.

While it doesn't prove much, it does potentially aid in narrowing down the
list of suspects. Coupled with other bits of information, it may narrow the
list down significantly.

That and there are huge sets of data out there. Processing that intelligently,
and rapidly, could really change the way investigations are done.

~~~
cyphar
That's what XKEYSCORE does, pretty much. The NSA has spent a lot of time
working on these sorts of techniques.

~~~
nl
No it doesn't - or at least there is no claim I've seen that this is part of
XKEYSCORE. It's not mentioned on the Wikipedia page either[1].

 _However_ this is an active areas of research in both classified and
(presumably) non-classified areas. See for example this search:
[https://scholar.google.com.au/scholar?q=related:KbJLbpaKfCkJ...](https://scholar.google.com.au/scholar?q=related:KbJLbpaKfCkJ:scholar.google.com/&hl=en&as_sdt=0,5)

[1]
[https://en.wikipedia.org/wiki/XKeyscore](https://en.wikipedia.org/wiki/XKeyscore)

~~~
cyphar
Right, the NSA has a bunch of anti-Tor tools that usually are called QUANTUM-
whatever. However, correlation of people across different networks is
something that XKEYSCORE does. There's also the writing deanonymisation tools
that you mention (but there's Anonymouth[1] which could help).

My original point was that OPSEC is hard if you're trying to be a topic expert
in a short period of time. You don't need NSA tools to attack someone in that
situation.

[1]: [https://github.com/psal/anonymouth](https://github.com/psal/anonymouth)

~~~
cyphar
In particular, this part:

> It seems that it could be made trivial to narrow down lists of suspects by
> crunching large data sets that contain stuff like SO questions, AC posts on
> Slashdot, or responses on HN.

 _Is_ what XKEYSCORE does (or at least, it's the interface you use to query
the above data sets which are collected as part of PRISM and the other
programs).

------
entwife
Worth mentioning, these support groups. Because not all men are rapists and
neither are all pedophiles.

Virtuous Pedophiles (for those who never raped) virped.org

Community support for offenders after prison (Australia):
[http://www.smh.com.au/national/pedophile-support-programs-
ch...](http://www.smh.com.au/national/pedophile-support-programs-challenge-
community-hatred-20140328-35ofk.html)

------
ikeboy
Opsec breaches here: (from [https://www.vg.no/spesial/2017/undercover-
darkweb/](https://www.vg.no/spesial/2017/undercover-darkweb/), linked in this
thread)

1\. not firewalling the server so all traffic goes through Tor

2\. registering a bitcoin wallet with a private email address

3\. asking a coding question using their own identity (Ross Ulbricht, anyone?)

------
larrykwg
Maybe it would be a good idea if some western states have access to a kind of
backdoor into Tor/I2P/Freenet/etc. How many pedo/drug/etc. illegal sites are
still there and will be there in the future where the owners know proper
opsec. I get the point that journalists/political dissidents want some
anonymous communication channel, but do we have to tolerate shit like this?
Maybe tor without the hidden services would be morally less contemptible?

I suppose its likely that the NSA controls/monitors a sufficient amount of tor
nodes to make this already be the case anyhow.

~~~
colejohnson66
There’s this thing called the slippery slope. The reason backdoors are bad is
because: once one government shows they can get a backdoor, every other
government will want one. The FBI wanted a backdoor for iPhones while
completely disregarding the fact that if Apple added one, what’s to stop China
from demanding one, too?

~~~
nikanj
Apple being an US company?

~~~
loup-vaillant
Doesn't count if they sell stuff in China. Chinese iPhones will have a Chinese
backdoor, US iPhones will have a US back door.

And since it's easier to program one backdoor to rule them all, we may even
have _all_ iPhones be accessible from both US and China…

------
tryingagainbro
_To maintain their cover, undercover detectives were posting and sharing abuse
material on Childs Play._ For over a year.

Who would authorize this...once again, it's a whole freakign year? I
understand seizing a site and "seeing" who log in for a while but police
actively posting child pron? Why not have undercover ATF agents kill people to
prove their no undercover?

------
yeukhon
In the future, I hope we can use existing AI to create fake child porn images
so these brave officers wouldn’t have to feed these motherfucking-sickshitbag-
fuckers real child porns (although the police stated the pictures they used
already exist else where).

Bravo to all the people crackingndown in human trafficking and protecting
children from harms

~~~
discordance
This idea raises an interesting question - what if all child porn in the
future was artificially generated. Would it be illegal to consume or share
that material?

~~~
randomdata
Probably. Child porn is illegal today because consumption incentivizes
production of even more material. If you could somehow guarantee that
production would only come from artificial sources then there would be no
reason for it to be illegal, but making that guarantee in the real world is
unrealistic. Once you create demand for artificial content then someone is
going to try and slip the real thing in, bringing us back to square one.
Artificial depictions of child porn are already illegal in many jurisdictions
for that reason.

~~~
betterunix2
"Once you create demand for artificial content then someone is going to try
and slip the real thing in, bringing us back to square one."

That is a slippery slope fallacy. Would you apply the same logic to legal
pornography and say, "Well the actors are just too young, someone is going to
try and slip in underage actors?" Or to non-visual descriptions e.g. Nobakov?
At what point do you think the line should not be expanded?

"Artificial depictions of child porn are already illegal in many jurisdictions
for that reason."

I think the reason is a lot less rational. In the 80s and 90s we had a
widespread moral panic about child molesters that results in thousands of
innocent people being thrown in jail. We still see remnants of that panic. I
think we have shifted from a rational motivation for protecting children to a
moral motivation to jail pedophiles. People do not want to have pedophiles in
their communities and if a pedophile is able to avoid breaking the law people
demand a broadening of the law. The idea that a pedophile could avoid
prosecution by satisfying himself with cartoons instead of recordings of child
abuse led to the law being broadened to ensure that the pedophile is punished.

------
whipoodle
Sounds illegal.

~~~
rabidrat
If you read the article, you would know that it is in fact not illegal for
police in Australia.

~~~
QAPereo
By the same token, other countries could try to extradite them under their
laws, broken through the international, online distribution of CP.

~~~
girvo
They could, but the AFP is used by those other countries for exactly this
reason. They have frighteningly broad latitude when it comes to breaking laws
to achieve their goals. In this case, perhaps it was justified, but the VG
article posted above raised some concerns with their methods that I agree
with.

Should see what our intelligence agencies are allowed to do. Australia has
rather weak protections for its populace, and rather strong laws allowing
police and intelligence forces to do this. Despite some large controversies,
the public doesn’t seem to really mind, which scares me. My state, QLD,
literally became a police state in some ways, under Bjelke-Peterson. I don’t
forget that, but often it feels like everyone around me does...

~~~
cyphar
I think it's just apathy, politics is mostly a joke here in Australia.

~~~
ajdlinux
We also don't have the same type of deep distrust of government that some
other Western countries have - which is not to say that Australians love their
governments, far from it, but we don't exactly have a strong anti-government
streak. In many ways this is a good thing, but it does tend to mean we don't
spend much time thinking about checks and balances.

------
fit2rule
>legal protections allow police to post abuse material

It should be noted that Australia has a lot of history with this sort of legal
protection. The reason for this is that Australia does not include its
armed/police forces in its democratic institutions - i.e. the armed and police
forces do not answer to the public, but rather to the sovereign (the Governor
General, who answers to the Queen).

For example, its legal for Australia to commit war crimes as part of the
Coalition - in fact, Australian armed forces are in the Coalition to "do the
dirty work that other countries cannot do". Australian Forces can bomb
innocents with relative impunity - relative to the scrutiny that the American
forces must operate under, that is. Whenever America needs something dirty
done, it comes knocking on the ADF door...

~~~
ajdlinux
Give me sources, or I'll say you're just plain wrong.

Conduct that amounts to war crimes will amount to an offence either under the
Defence Force Discipline Act or under civilian law - ADFIS and AFP do
investigate this stuff, though admittedly they haven't had much luck recently
with actually charging or convicting anyone, but the same can be said of any
other country currently in Iraq. I'd find it hard to believe that Australia is
any worse than the US, honestly.

(FWIW I'll allow that parliamentary scrutiny of the ADF is probably not as
stringent as in the US Congress.)

In this case, the police are using their Controlled Operations authority that
was originally granted to allow police to conduct drug importations as part of
sting operations. Other jurisdictions do have some analogous laws, though
potentially not with such broad scope.

~~~
fit2rule
Pop quiz: why doesn't the ADF _ever_ have to report its civilian casualties to
the nation? Oh wait, you answered it:

>parliamentary scrutiny of the ADF is probably not as stringent as in the US
Congress.

Australian Constitution, Section 68:

"The command in chief of the naval and military forces of the Commonwealth is
vested in the Governor‑General as the Queen’s representative."

(NB; the Australian Constitution is an embarrassment to the Australian people
- it is categorically the _worst_ constitution of all modern western
democracies...)

Here, Scott Ludlum explains the situation pretty well:

[https://www.theguardian.com/commentisfree/2014/jul/17/the-
au...](https://www.theguardian.com/commentisfree/2014/jul/17/the-australian-
parliament-must-have-the-power-to-decide-if-we-go-to-war)

".. Australia has remained anchored to a pre-democratic tradition founded in
hereditary monarchies and feudal states."

Curious readers might like to know more about Australias' war crimes in the
middle east, and the extent to which its politicians will go to keep the truth
from the Australian people:

[http://www.theaustralian.com.au/national-
affairs/defence/adf...](http://www.theaustralian.com.au/national-
affairs/defence/adf-investigative-reports-on-afghan-civilian-deaths-kept-
secret/news-story/7008f627585bd2f010c27ddf616ac9d4)

[https://independentaustralia.net/article-
display/australias-...](https://independentaustralia.net/article-
display/australias-unreasonable-silence-about-civilian-casualties-in-syria-
and-iraq,10165)

Australia committed war crimes in Mosul, and in Raqqa - this is known by
anyone who cares to investigate the matter. It is not reporting these crimes,
because its forces are not required to by the Australian people, and its
politicians are cowardly hiding the truth, because they know that the
Australian people will be held liable for these crimes...

~~~
skissane
> the Australian Constitution is an embarrassment to the Australian people -
> it is categorically the worst constitution of all modern western
> democracies...

You really think so? I agree with you that there are many deficiencies in the
Australian constitution, plus a national tradition of constitutional
conservatism which means most attempts to address these deficiencies are
doomed to fail. But in calling it "categorically the worst", I think you go
too far.

I think the (unwritten) UK constitution is worse. Similar to the US Supreme
Court, the High Court of Australia has the power to overrule the Australian
Parliament and nullify unconstitutional legislation, even though it uses that
power somewhat sparingly. By contrast, the UK Parliament is "sovereign", which
means the courts cannot overrule Parliament. The UK courts effectively have
the power to strike down primary legislation contrary to EU law, but with
Brexit that power is going away. They also have the power to issue a
"declaration of incompatibility" saying that legislation violates human
rights, but that does not by itself void the legislation – either Parliament
must act to amend or repeal the legislation, or there is also a fast track
procedure whereby ministers can amend it without going to Parliament, but
until either Parliament or the ministers act the legislation stays in force.
(Also, Parliament granted the courts this power, and can take it away at any
time by a simple majority vote in each House.)

I think another way the Australian constitution is superior to the UK
constitution is that the Australian constitution bans the national government
from establishing a religion (the ban doesn't strictly speaking apply to the
state governments, but in practice they abide by it), whereas the UK
constitution establishes a state church in one of its four constituent
countries (England).

Also, the UK Parliament has in theory unlimited power to overrule or even
abolish the devolved administrations (Scotland, Wales, Northern Ireland) at
any time, by a simple majority vote (even though real world political
constraints mean that trying to use that power could easily lead to the
violent breakup of the UK). By contrast, the Australian Parliament can't
legally abolish the states without a national referendum which would be very
unlikely to pass.

~~~
fit2rule
The reason I think its heinous: one rule for whites, another set for Torres-
Straight Islanders/Original Occupants. Racism is intrinsically encoded in
Australian law and Australians unwillingness to do anything about it is a
sheer and utter embarrassment to the enlightened world.

The UK, in my opinion, is a totalitarian state and has no pretense to being a
free society - so yeah, I don't include it in this set, as you rightfully
indicate. Australia is a step above the UK in this respect - as the UK is a
highly classist, authoritarian/totalitarian state where a majority of its
population live in servitude to feudal lords, it doesn't even pretend to have
a Constitution, nor individual rights. Australia does pretend, though, so its
just a bit above the UK in that regard ..

~~~
skissane
> The reason I think its heinous: one rule for whites, another set for Torres-
> Straight Islanders/Original Occupants. Racism is intrinsically encoded in
> Australian law and Australians unwillingness to do anything about it is a
> sheer and utter embarrassment to the enlightened world.

I think your phrase "racism is intrinsically encoded in Australian law"
accurately describes the legal situation up until the reforms of the 1960s and
1970s. But I'm not convinced it is an accurate description of Australian law
in the present-day. Can you give some examples of present-day Australian laws
which in your view "intrinsically encode" racism?

~~~
fit2rule
Sure - the current Constitution itself. Just read it and tell me you're okay
with Sections 25 and 51.

[https://www.reconciliation.org.au/wp-
content/uploads/2013/12...](https://www.reconciliation.org.au/wp-
content/uploads/2013/12/Recognising-Aboriginal-and-Torres-Strait-Islander-
people-in-the-Australian-Constitution.pdf)

Section 25 reads: "25\. Provisions as to races disqualified from voting: For
the purposes of the last section, if by the law of any State all persons of
any race are disqualified from voting at elections for the more numerous House
of the Parliament of the State, then, in reckoning the number of the people of
the State or of the Commonwealth, persons of that race resident in that State
shall not be counted."

Section 51 (xxvi) reads: "51\. Legislative powers of the Parliament: The
Parliament shall, subject to this Constitution, have power to make laws for
the peace, order, and good government of the Commonwealth with respect to: ...
(xxvi) the people of any race for whom it is deemed necessary to make special
laws;"

Then, there was the abolishment of ATSIC in 2005, which many in the indigenous
community view as a betrayal. Even the UN got involved ..

[http://www.smh.com.au/news/National/Damning-UN-verdict-on-
ra...](http://www.smh.com.au/news/National/Damning-UN-verdict-on-race-
relations/2005/03/21/1111253958535.html)

And .. then there is the Nauru situation. Its essentially a detainment camp
for undesirable immigrants, and has recently been removed from public scrutiny
by way of being made a military base. Still people suffering in that camp
daily, but you won't hear many Australians being too deeply bothered by the
fact that their government is running a concentration camp... well, its one of
7 that are in operation, and I can guarantee you they won't get public
oversight any time soon.

