FBI sets up fake CP links to catch pedophiles

[Sufurin Scorda]

http://www.news.com/8301-13578_3-9899151-38.html

The FBI has recently adopted a novel investigative technique: posting hyperlinks that purport to be illegal videos of minors having sex, and then raiding the homes of anyone willing to click on them.

Undercover FBI agents used this hyperlink-enticement technique, which directed Internet users to a clandestine government server, to stage armed raids of homes in Pennsylvania, New York, and Nevada last year. The supposed video files actually were gibberish and contained no illegal images.

A CNET News.com review of legal documents shows that courts have approved of this technique, even though it raises questions about entrapment, the problems of identifying who's using an open wireless connection--and whether anyone who clicks on a FBI link that contains no child pornography should be automatically subject to a dawn raid by federal police.

Roderick Vosburgh, a doctoral student at Temple University who also taught history at La Salle University, was raided at home in February 2007 after he allegedly clicked on the FBI's hyperlink. Federal agents knocked on the door around 7 a.m., falsely claiming they wanted to talk to Vosburgh about his car. Once he opened the door, they threw him to the ground outside his house and handcuffed him.

(More about Vosburgh and how it works in the article.)

...Well, I'm not clicking any foreign links for a while.

For all I know, someone could give me a link and tell me it's a video of an animal doing something funny or something, and then next thing I know, the FBI's breaking down my front door!

[bill]

google.com


it's a good search engine, try it! 

[Sufurin Scorda]

Oh, I know Google's a good site. Silly Bill.

Hey Bill, free candy!

[bill]

[RobbieThe1st]

Wow, they finally admitted it. I suspected that they had been doing it for years, and that most of the CP sites out there were actually FBI or police trap sites. Of cource, I had no proof, and didn't care to go looking at em to find proof.

However, this does raise the question as to how anonymous you actually are on the internet - Perhaps they could raid the homes of people who do it at home from IE(I wouldn't be surprised if there was a way for the FBI to get more than the IP via IE), but what about someone using Firefox(or something else) and a TOR proxy? They could end up raiding the first or second tier proxy, but then what? They couldn't find who was actually doing it.

And, what if the person doing it was from another country? Or, the proxie(s) being used were in another country?


-RobbieThe1st

[Reese Tora]

All they need is your IP address.

Once you have that, you speak with the ISP.  Because of certain bills and acts that have gone in to effect, the ISPs offer little resistance to law enforcement.  The ISP can give them the address associated with any given IP address at any given time, if they log thier DHCP servers' activity (and even easier if they assign static IP addresses.)

I suspect that the real pedophiles will quickly wise up and use anonymous proxy services based in countries that the US does not have law enforcement cooperation in(Russia and China, for instance), and the innocent(relatively speaking) persons who accidentally visit the videos will be the only ones getting caught.
(note: various bots that troll web pages may also follow the links... but would not "view" the videos... imagine if the major search engine crawlers and those belonging to spammers were triggering the trap.  )

--edit--

IP addresses are also distributed in a geographical sense; if I know your IP address, I can get your physical location to within the area of, say, a city, depending on how the ISP you belong to portions them up.

Dialup is probably 'safest' as you can dial in to any of your ISP's modem banks (at the cost of your phone bill) as only the location of the phone bank would be obvious by IP address(but the ISP can probably tell what number you dialed from thanks to caller ID, and the police could work with the phone company if they were after you; even if the numebr is restricted from displaying on caller ID, it's still recorded by the phone company.)

Anything else, cable, DSL, etc. has you connected directly to the local exchange or provider, and the locations of those are publically available.

[Jack McSlay]

I wonder what's gonna happen if someone decides to use the trap links for phishing-like e-mails. You could trick someone into having FBI raiding into their houses

[RobbieThe1st]

Anything else, cable, DSL, etc. has you connected directly to the local exchange or provider, and the locations of those are publically available.

Not with Satellite - With the ISP's cooperation, yes they can trace down a billing address and information like that, but can't trace the satellite dish's actual location *that* precisely. And I have run across quite a few IPs, even US ones, whose geologic location was the ISP's geologic location - Which means an extra step for the FBI.

But, anyway, my main point is - computer connects to the trap. Ok, great, they get the IP. It seems the IP is a US ip, great.
Now they have to figure out who is at this IP at the time it contacted the server - Some ISP's use dynamic IPs, and as such will require an extra step or two(contacting the ISP for that info). Now, assuming everything goes well, the FBI has to figure out what computer accessed it(if they do a raid), and if it was the owner's fault - what if it was done through a proxy program on the owner's computer, either with or without the owner's knowledge or permission? Or, what if it was some guy with a laptop latching onto a improperly secured wireless network, or if it was the owner pretending to latch onto his own network to avoid getting caught. I just think it could be much harder than they act like.

Of Courbet, it could be that they used this for a few years, and it stopped working or was too much trouble for the reasons listed above, and so they are doing something different now, and letting everyone know that *this* is what they are doing, so that the CP viewers get caught off guard and fall into the real trap.


-RobbieThe1st

[Reese Tora]

Now, assuming everything goes well, the FBI has to figure out what computer accessed it(if they do a raid), and if it was the owner's fault - what if it was done through a proxy program on the owner's computer, either with or without the owner's knowledge or permission? Or, what if it was some guy with a laptop latching onto a improperly secured wireless network, or if it was the owner pretending to latch onto his own network to avoid getting caught.

Yes, but that's all determined AFTER the raid.  Unless they've changed thier SOP from going after hackers, they'll simply confiscate all electronics.  They'll go through them all for evidence of CP after the fact.  They don't care about you hitting thier site, it's not incriminating, it's just the excuse for the raid, they are hoping that someone visiting thier site also has a load of real CP on thier computer they can be prosecuted for.

Of Courbet, it could be that they used this for a few years, and it stopped working or was too much trouble for the reasons listed above, and so they are doing something different now, and letting everyone know that *this* is what they are doing, so that the CP viewers get caught off guard and fall into the real trap.


-RobbieThe1st

We can only hope.

[llearch n'n'daCorna]

... and if they find nothing, do they pay for the door they broke, or not?

And/or compensation for the time spent not working, or under a cloud, etc etc...

[Reese Tora]

Having only heard/seen it in documentaries about hacking, news reports, etc, I don't know for sure, but I've heard that a lot of people are lucky to get thier computers back at all when they're confiscated. (atleast, not without taking legal action.)