funsec mailing list archives
Re: FBI CP sting
From: mark seiden-via mac <mis () seiden com>
Date: Thu, 20 Mar 2008 17:52:40 -0400
i think i can answer this question. they submit clicking on the link as an attempt to download porn and say this in a probable cause affidavit for search warrant. they consider this as similar to an attempt (even one which fails) to purchase CP using a credit card. i worked on a case where someone's credit card was attempted to be used, unsuccessfully (it was over credit limit and the wrong address was supplied), the attempt ended up in a database, the processing company was busted, and 2.5 years later, law enforcement showed up at his door with a search warrant. an analogue would be an attempt to buy drugs (unsuccessfully). with the search warrant, they can look for evidence of actual possession of forbidden materials. if they find nothing, there's no case, supposedly. yes, given such low levels of evidence, it is easy to frame someone for possession of CP. you could probably bring down a state governor or a congressman. On Mar 20, 2008, at 5:05 PM, Bruce Ediger wrote:
On Thu, 20 Mar 2008, Alex Eckelberry wrote:The FBI has recently adopted a novel investigative technique: posting hyperlinks that purport to be illegal videos of minors having sex, and then raiding the homes of anyone willing to click on them.That's just weird. Since the "video" files contained nothing illegal, they must take "clicking on them" as an indicator that other illegal things went on in the house containing the computer with the IP address in question. Does that stand up in court? If so, why does it stand up? Where's the presumption of innocence? Couldn't someone like the recently apprehended SWATTER "lil Hacker" make some people's lives miserable by gaining access to an IP address via an open wireless AP and "clicking on a video"? Couldn't the nearly super- powered Red Army CyberWar Battalion hack into, say Michael Hayden's home PC, and send "click" to the "video", getting the FBI to do a little Harrasment & Interdiction on someone who has to be the Battalion's Greatest Enemy? Why do they need someone to "click on a video" if Carnivore I mean DCS-3000 is so frigging good? Can't the NSA just give the FBI a few hints about who to monitor based on the Tap Rooms in AT&T central offices? Maybe they will after Agent Mulder kicks in Hayden's door at 3am some morning. Also, how do they account for programmatic access? Googlebot, msnbot "Yahoo! Slurp", and a few other apparent bots scan my web server all the time. For giggles, I put a "robots.txt" file forbidding access to a couple of enticingly named directories ("porn", "payroll", stuff like that) that didn't actually exist in the htdocs/ directory. At least one person or bot has tried to access those directories. I have to conclude that a mis-guided recursive "wget" of the wrong IP address might get my door kicked in and all my computers confiscated. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- FBI CP sting Alex Eckelberry (Mar 20)
- Re: FBI CP sting Bruce Ediger (Mar 20)
- Re: FBI CP sting mark seiden-via mac (Mar 20)
- Re: FBI CP sting Kitsune (Mar 20)
- Re: FBI CP sting mark seiden-via mac (Mar 20)
- <Possible follow-ups>
- Re: FBI CP sting Thomas Raef (Mar 20)
- Re: FBI CP sting Paul Ferguson (Mar 20)
- Re: FBI CP sting Rich Kulawiec (Mar 20)
- Re: FBI CP sting Jacob Appelbaum (Mar 20)
- Re: FBI CP sting Rich Kulawiec (Mar 20)
- Re: FBI CP sting Randy Mueller (Mar 21)
- Re: FBI CP sting Gadi Evron (Mar 21)
- Re: FBI CP sting Bruce Ediger (Mar 20)