The Techniques for Distributing Child Porn - Schneier on Security

The Techniques for Distributing Child Porn

Fascinating history of an illegal industry:

Today’s schemes are technologically very demanding and extremely complex. It starts with the renting of computer servers in several countries. First the Carders are active to obtain the credit cards and client identities wrongfully. These data are then passed to the falsifiers who manufacture wonderful official documents so that they can be used to identify oneself. These identities and credit card infos are then sold as credit card kits to operators. There is still an alternative where no credit card is needed: in the U.S. one can buy so-called Visa or MasterCard gift cards. However, these with a certain amount of money charged Visa or MasterCard cards usually only usable in the U.S.. Since this anonymous gift cards to buy, these are used to over the Internet with fake identities to pay. Using a false identity and well-functioning credit card servers are then rented and domains purchased as an existing, unsuspecting person. Most of the time an ID is required and in that case they will simply send a forged document. There is yet another alternative: a payment system called WebMoney (webmoney.ru) that is in Eastern Europe as widespread as PayPal in Western Europe. Again, accounts are opened with false identities. Then the business is very simple in Eastern Europe: one buys domains and rents servers via WebMoney and uses it to pay.

As soon as the server is available, a qualified server admin connects to it via a chain of servers in various countries with the help of SSH on the new server. Today complete partitions are encrypted with TrueCrypt and all of the operating system logs are turned off. Because people consider the servers in Germany very reliable, fast and inexpensive, these are usually configured as HIDDEN CONTENT SERVERS. In other words, all the illegal files such as pictures, videos, etc. are uploaded on these servers – naturally via various proxies (and since you are still wondering what these proxies can be – I’ll explain that later). These servers are using firewalls, completely sealed and made inaccessible except by a few servers all over the world – so-called PROXY SERVERs or FORWARD SERVERs. If the server is shut down or Someone logs in from the console, the TrueCrypt partition is unmounted. Just as was done on the content servers, logs are turned off and TrueCrypt is installed on the so-called proxy servers or forward servers. The Russians have developed very clever software that can be used as a proxy server (in addition to the possibilities of SSL tunneling and IP Forwarding). These proxy servers accept incoming connections from the retail customers and route them to the content Servers in Germany – COMPLETELY ANONYMOUSLY AND UNIDENTIFIABLY. The communication link can even be configured to be encrypted. Result: the server in Germany ATTRACTS NO ATTENTION AND STAYS COMPLETELY ANONYMOUS because its IP is not used by anyone except for the proxy server that uses it to route the traffic back and forth through a tunnel – using similar technology as is used with large enterprise VPNs. I stress that these proxy servers are everywhere in the world and only consume a lot of traffic, have no special demands, and above all are completely empty.

Networks of servers around the world are also used at the DNS level. The DNS has many special features: the refresh times have a TTL (Time To Live) of approximately 10 minutes, the entries usually have multiple IP entries in the round robin procedure at each request and rotate the visitor to any of the forward proxy servers. But what is special are the different zones of the DNS linked with extensive GeoIP databases … Way, there are pedophiles in authorities and hosting providers, allowing the Russian server administrators access to valuable information about IP blocks etc. that can be used in conjuction with the DNA. Each one who has little technical knowledge will understabd the importance and implications of this… But what I have to report to you is much more significant than this, and maybe they will finally understand to what extent the public is cheated by the greedy politicians who CANNOT DO ANYTHING against child pornography but use it as a means to justify total monitoring.

Tags: anonymity, child pornography, credit cards, DNS, forgery, fraud, identification, identity theft, proxies, SSH

Posted on March 11, 2009 at 5:49 AM • 51 Comments

Comments

Bill • March 11, 2009 6:31 AM

I’m not even going to click that wiki url for fear of how it might look!

A kid crashed her bicycle where I was walking my dog, and my primary concern was how it would look if I went to her aid.

For a distateful subject where an unsubstantiated accusation is enough ruin lives, it’s not paranoia it’s pragmatism.

PS. The kid called Lucy was fine, just a grazed knee.

Anonymous Coward • March 11, 2009 6:48 AM

I actually use a similar (though much smaller in scope) technique to avoid snooping by my phorm-happy ISP or my “transparent” caching other ISP… ssh-tunelling my http traffic to a server in a different country and using non-ISP DNS servers to avoid DNS hijacking by ISPs.
I must say that in reality, it is more for performance than anonymity (as I only use a single end point, registered under my true name), because all these “experience-improvement” techniques ISP use often create bottlenecks that you only notice when you start bypassing them!

anonymous • March 11, 2009 7:05 AM

In Germany, Bloggers who were linking to an article containing above link had their house raided by police. Comments containing a reference to those articles are deleted. So linking this post in Germany might get you in trouble.

Articles about the raids:
http://netzpolitik.org/2009/hausdurchsuchung-bei-blogger-der-daenische-kinderporno-sperrliste-verlinkt/

deleted comment:
http://www.heise.de/tp/foren/S-Es-faengt-an-drei-Anti-Zensur-Blogs-unter-Beschuss/forum-154979/msg-16394829/read/

Articles linked:
http://scusiblog.org/?p=330
http://scusiblog.org/?p=530

BF Skinner • March 11, 2009 7:05 AM

hmmm. They’re using the same content delivery mechanism that malware and spammers use.

Fast flux networks are hard to crack. It’s too fast a moving target.

fin

Billy • March 11, 2009 7:26 AM

OMG! Truecrypt! How elite. OK. Everyone read/understand that? You’ve got your recepie, now get to work!

Seriously though what a stupid game to play. Does man kind really have nothing more important to do than taking down dirty pictures from the internet?

Mat • March 11, 2009 8:02 AM

I get the impression the writer was getting tired near the end of his three paragraphs as the article descends into incomprehensible gobblety-gook.

So, in a nutshell, these people use multiple proxies to access IP addresses (not linked to any DNS) of servers that have encrypted partitions.

While the proxy server doesn’t directly link the customer to the secret, encrypted porn server, you’d think an investigation of the proxy servers would yield some information about who accessed the site. Even if it led to another proxy server, you’d probably be able to work your way backward till you found the entry point.

At some point, you’d think that it’d just be more lucrative (and easier) to sell legal pornography.

Colossal Squid • March 11, 2009 8:12 AM

https link for the article:
https://secure.wikileaks.org/wiki/My_life_in_child_porn

Opensource • March 11, 2009 8:13 AM

We need to shut these people down. This is a crime to society. Can some do a Viso diagram of the steps that are used in this article and the way money is washed through false idents and bank accounts. I fail to believe that this is ANON as FINCEN can hopefully monitor these scum

Clive Robinson • March 11, 2009 8:19 AM

The simple fact is that the Internet was originaly designed to be “resiliant”. And as a number of Internet Personalities have said in the past any impediment will be treated as damage and routed around.

If you ignor the content issues you will realise that what these people are supposadly doing (no I’m not going anywhere near that link either after the stupidity of Operation Ore in the UK) is little or nothing more than the original concept of the DOD and BBN taken forward to todays level of technology.

From the little Bruce has posted I suspect that a number of readers will know how to improve on what has been said (not that it’s realy required).

However one thing people need to remember that “no matter how tight the Gordian knot there is an end to unravel”.

Difficult though it may be if the LEA’s got together in various countries they could (in EU & US) certainly track trafic on low latency networks simply by spread spectrum modulation of the packet rate to/from suspected hosts etc.

But as with the Gordian Knot you first have to find a real end point to unravel the whole rats nest.

[redacted] • March 11, 2009 8:25 AM

Mat, I have the impression that they built their distribution systems incrementally… Adding another layer when legal changes or enforcement activities require it.
And yes, in theory one can “trace back” data through a proxy network. However, it will take months or years to coordinate all authorities when the network is international.

Lastly: forbidden fruits sell. I agree with the writer of the anonymous letter that legalisation of possession will remove a lot of the nasty side-effects of prohibition. (And gives law enforcement time to go after the child molesters instead.)

ray • March 11, 2009 8:48 AM

Clive, the Gordian Knot was never unraveled. Alexander cut it in half.

Fed Up • March 11, 2009 9:32 AM

If a rattlesnake is threatening your children, you don’t arrest the rattlesnake, or seek psychiatric treatment for it, or sit around discussing the ethics of taking the law into your own hands. You don’t worry about ordinances prohibiting the discharge of weapons inside city limits. You don’t worry about the longterm environmental impact of a world without rattlesnakes. You don’t holler for the cops, or Mommy, or Jesus.

You blow the rattlesnake to shreds. Then you hunt down the den and incinerate everything in it. Period.

Prosecution? Legalization?? What the hell is wrong with you people? Put a cash bounty on these inhuman scum, and make their DEATHS profitable. This isn’t an “issue”, it’s OUR CHILDREN!

Shouldn't Say • March 11, 2009 9:41 AM

I’ve always been surprised that distributors don’t do simple (undetectable to the human eye) transforms on all images and videos so as to avoid the one-way-hash method police often use to pinpoint CP on hard drives.

Piskvor • March 11, 2009 9:42 AM

@Clive Robinson: “you first have to find a real end point”

With fake identities and stolen credit cards, it could be hard to “follow the money” on the provider’s end; would it be possible to “follow the money” on the visitors’ end?

dob • March 11, 2009 9:46 AM

“Put a cash bounty on these inhuman scum, and make their DEATHS profitable.”

I can’t imagine any unforeseen deleterious consequences of that policy.

Calum • March 11, 2009 9:51 AM

@Fed Up: Please don’t troll. If you’re not trolling, consider for a moment the case of the paediatrician who was attacked by a mob who couldn’t understand the difference between paediatrician and paedophile. But blowing him to shreds is OK, because it’s for the children. No need to apologise either, I suppose.

And rattlesnakes are not that dangerous, and would prefer to avoid your kids if they can help it. Bad analogy.

Carlo Graziani • March 11, 2009 10:00 AM

If we’re looking at law-enforcement options, it’s a mistake to obsess on breaking the technical security measures of the delivery system. The real answer, again, as usual, is “Follow The Money”.

In order for this business to work, there has to be a cash flow. That has two endpoints, and it is a lot easier for national authorities to trace — it’s a lot harder to conceal and launder money than it is to do the same with TCP/IP connections. There’s a reason Al Quaeda is reduced to cash handoffs to fund operations: Governments routinely track international money flows relating to terrorism, organized crime, to “illegal” gambling, and on and on.

If they choose to, they can ID and prosecute the retail customers, which would probably make the business dry up and blow away. Or they can pick apart the money-laundering operations to get to the source. It requires international cooperation, sure, and sometimes we Westerners are puzzled at what is and isn’t regarded as criminal activity under (for example) Russian law. But there’s plenty of precedent — the cooperative blocking up of terrorism-related money flows has been very successful, for example. And parents in Eastern Europe also want to protect their kids.

What is required is the will to make this sort of thing a priority item on the agenda of international law-enforcement. Stranger things have happened.

Edward Bryant • March 11, 2009 10:08 AM

“You blow the rattlesnake to shreds. Then you hunt down the den and incinerate everything in it. Period.”

Jeeze Fed Up, don’t you know that analogy is the weakest form of argument?

Are all pedophiles child molesters? Do all child molesters look at child porn? It is pretty clear that sexual ideation does not translate into sexual acts at anything like a one for one ratio. Many many people fantasize about sexual topics they do not, nor ever intend to, act on.

Besides, most people who are bitten by rattlesnakes are messing with them; maybe educating your children would be more effective than waging war on all of rattlesnake-dom.

Each year, approximately 8,000 venomous snakebites occur in the United States. Between 1960 and 1990, no more than 12 fatalities from snake venom poisoning were reported annually.
From: Venomous Snakebites in the United States: Management Review and Update

GREGORY JUCKETT, M.D., M.P.H., and JOHN G. HANCOX, M.D.
West Virginia University School of Medicine, Morgantown, West Virginia

christopher • March 11, 2009 10:10 AM

@Billy: Child pornography is not just “dirty pictures”. It’s abuse of powerless individuals by those who are supposed to be protecting them. If this difference escapes you, thank you for alerting us to your disability.

-C

Gelf • March 11, 2009 10:20 AM

Thanks, Bruce, for providing the winner for the most professionally valuable document I can never be seen to be reading at work.

[redacted] • March 11, 2009 10:52 AM

I recommend christopher to read the entire linked to document. According to the law in many “western” countries having a rough sketch of a naked young girl on the beach can be enough for a conviction for possession of child pornography. How is that helping to protect children against predators?
Another question: How is prosecuting teenagers that send nude images from themselves to friends help against predation?

Yes, I am all in favour of convicting child molesters and rapists. More often than not these are family members of the victim. Making sex a taboo does not help the victims at all.

Roy • March 11, 2009 11:03 AM

If the OS logging writes to /dev/null, then backtracking runs into a bitbucket. Computers are really good at remembering things, yes, but they are equally good at forgetting things.

When it comes to following the money, an impediment there would be the underground network implementing a virtual debit card. The customer sends a monthly check to the service at one IPA, then does business throughout the month with various vendors who bill his account at another IPA. The usual one-to-one correspondence between buying and selling is broken. The regular debit amount is fragmented in size and over time. This would be like trying to track somebody’s gasoline purchases by looking at the monthly check he writes, without knowing his SpeedPass number, or knowing the transactions of only a few chains of gas stations. Which purchases can be tied to the monthly bill? Well, any set, or any other set, but no specific set.

This whole mess is conflated by the one thing everybody overlooks: most of the people who are interested in the sexuality of adolescent minors are adolescent minors.

OnThisAC • March 11, 2009 11:23 AM

Business can be possibly destroyed by giving people free software to create their own necessary delusions. Pictures/videos can be altered, why not start a first wave attack this way?

But no, the cops and liberals “think of the children” would ONLY see this as making more demand, and other unsocial dispositions.

Turns follow the money, to break the money.

Once money broken, then follow the IT, software.

Oh well, people love their bad guys/scapegoats.

Anonymous • March 11, 2009 11:44 AM

I think that what this illustrates is the futility of prosecuting child pornographers online. Any measures serve only as security theater to calm down the perceived threat of molesters online. Truth is, most of the child abuse is done from people close to them, but you already know this.

What we must not fall into is the irrational “Will someone think of the children!?” line of thinking. We can excuse a lot of unethical behavior this way, and some governments are already abusing this.
I mean, fictional representations and teenagers being prosecuted for sharing their own pictures are not doing anything to protect the children, but rather maintain a hold on online activities.

I’m not a pedophile, but I do find the overreaction by the media and society at large to be annoying and worrying.

AH • March 11, 2009 11:59 AM

Did you guys read that article? First off, he dismisses the hard caused. I guess he’s never listened to Loveline — f’ed up girl? Let’s see, was it her uncle or cousin who molested her? They’re right 90% of the time. No harm whatsoever, those kids turn our normal, some of our best, most productive citizens.

Second, he does a bait-and-switch on age. Notice he never discusses 2yorape.mov, he talks about hippie greek flower kids blooming at age 11. That’s wrong, but the 2yo is a lot more wrong.

Finally, sure, blame the families that do this (though the kids turn out fine on BDSM rape island, everyone is above average). They just want to one-up each other, and it was all fine until The Man started to care in the 70s. Up until then, you know, incest was a globally-acceptable thing to do. All major religions promoted it, and why not?

Anyway, I guess the details are technically interesting, but this was about the most self-serving crap I’ve ever read. Try working with the victims of abuse, and you’ll see, they aren’t called victims for no reason.

Jackson Madden • March 11, 2009 12:07 PM

Limewire is OVERFLOWING with child porn, but a lot of them are fbi trap images/videos so lol

Nostromo • March 11, 2009 12:47 PM

@Billy:
“Seriously though what a stupid game to play. Does man kind really have nothing more important to do”

The ‘game’ they are playing is making money. To many people, there is nothing more important. Distributing porn is profitable, that’s why there’s so much of it.

beads • March 11, 2009 2:34 PM

A better question to ask would be how do you detect traffic from a known or unknown proxy server to an IP address that doesn’t accept traffic from anything but a proxy server in the first place?

Some of this wouldn’t be all that difficult to scan for but filtering out some of the suspicious traffic and false positives would be more tedious. Its not so much the gathering of the data or fingerprinting the system for further analysis. Its putting enough resources to bear.

Even FastFlux botnets have been broken recently. It just takes an awefull amount of resources behind it. Unless of course, the “public outcry” is sufficient to warrant such measures.

Clive Robinson • March 11, 2009 3:10 PM

@ Carlo Graziani,

“If we’re looking at law-enforcement options, it’s a mistake to obsess on breaking the technical security measures of the delivery system. The real answer, again, as usual, is ‘Follow The Money’.”

There are two other avenues of attack that apear to have gone uncommented on,

1, Follow the advertising.
2, Follow the customers.

Both of these have been tried with other forms of “sex trade” issues and have been found quite effective. There is no real reason why the same cannot be done online.

With regards to,

“What is required is the will to make this sort of thing a priority item on the agenda of international law-enforcement. Stranger things have happened.”

LEA’s are by and large driven by politicians not the populace and this is a lot of the time why there is inaction.

You have to look at the politician in the same way as Drug Companies.

It is not in the interests of a drug company to find a cure for an illness, it is way more profitable to have people on a life long course of symptom reducing drugs.

It is the same with politicians, “on mass” they are not realy that interested in solving sex crimes. They just want to wage war on them, and in the best Orwellian traditions the war needs to be seen with small victories but never won.

It is surprising what can be quite quickly organised and carried out on a global basis if there is a political will. Just look at the eradication of Smallpox and polio. Sadley other illnesses like tuberculosis and malaria have not recieved the same treatment as we in the “west” are largley uneffected by them.

Andrew • March 11, 2009 4:34 PM

I’ve always thought of the child p0rn trade as the last frontier of content control. What we have is unlawful content, readily recognizable as such through even cursory analysis (see 18 USC Section 2257), transmitted by a variety of unusual channels that should themselves attract sustained attention from the acronym agencies. A significant subsection of this content has a financial backflow which should be easily traceable.

The enemy in this arms race combines unusually high motivation (dare I call it fanaticism?) by most participants and an utter moral depravity (almost the opposite of fanaticism) among the profit-makers. This means an unholy alliance between the fanatic loners and the sophisticated white-collar criminals.

This is also one field where I suspect that quite a bit more sharing has taken place between national intelligence and national policing agencies than is commonly acknowledged. No child pornographer should feel safe, because they are not just up against the FBI . . . they are up against Fort Meade.

What worries me most is the idea that even with national intelligence resources devoted to the task, the traffic in child p0rn continues unabated. The consumers are the low-hanging fruit, so to speak. The producers are the ones abusing children, which we can’t do much about if it’s in the Ukraine . . . but we certainly CAN and SHOULD do something about when it’s in the UK and the USA.

What is to keep a terrorist organization from using steganographic techniques to communicate? Or funding cells using credit card techniques? (Saudis buy A LOT of porn. Perhaps they aren’t really looking at it . . .?!?)

Reminds me painfully of how to smuggle a nuke into the United States. (A: Hide it in a ton of cocaine.)

BF Skinner • March 11, 2009 4:34 PM

@clive “that the Internet was originaly designed to be “resiliant”.”

True for it’s time but redundency is driven by mission not profit centers. It costs. The original redundency in the backbones is being pared down as the cost of maintaining them exceeds the return.

For example, the Earthquake in the early Oughts took the west coast and east west traffic to a crawl. The train tunnel in ?05? fire burned a lot of fiber and the east coast north south came to a crawl.

Any network traffic sent from the middle east to the middle east for some reason routes into S. California.

@Jackson Madden. Until the internet the number one distributor of child porn was the US Federal Gov’t in sting and enticement attempts.

Leolo • March 11, 2009 8:32 PM

@Fed Up

The existance of child porn does not harm your children. Unless your children are the subject of the porn, or (maybe) being shown it. There are better ways of handling those 2 problems then turning the Internet into a police state.

Or do you believe that a depiction of something causes the viewer to reenact it? If so, I hope you haven’t watched Saving Private Ryan, or the Matrix and that you won’t show your children any of the Harry Potter movies.

Filias Cupio • March 11, 2009 11:02 PM

The paedophile still has a difficult problem, however, in that they have no way to know whether the paranoid paedo porn purveyors they are dealing with are ‘legit’ or a law enforcement honeypot.

I suppose it isn’t so different from drug dealing – a buyer and a seller in an illegal market need to be able to find each other with no basis for trust and where either party could be an undercover agent. I suppose the porn case is easier, in that information is easier to anonymously shift around than a physical object.

The Imp • March 12, 2009 1:06 AM

To anyone who supposes that this is simply a matter of following the money, this might help with some of the more… business-like child pornography rings. But the “hobbyist” rings will be much harder to crack, and get harder still every day.

Everyone is familiar with money as a motivator, but only the most rare, hollow individuals cannot conceive of any other. Much like the more common music/movie file-sharing networks, even if ways of making money from them (up to and including by developing file-sharing tools) are eliminated, it will not be stopped, and likely not even slowed very much.

At the end of the day, as long as there are people who create this work (even without anyone else as a potential audience) you’ve got a problem. And that means that this is where you’ve got to try to stop the problem; not in the middle, and not at the end.

Not the distributors; even the ones that know what they’re distributing (some do; some don’t; pretty much neither can be proved). They use technology that was designed for the express purpose of thwarting an attempt to stop it, and they will always be one step ahead. And absolutely do not try to ban the technology altogether, or use it for your own purposes; it’s the tech equivalent of applying an anti-terror law to a pedestrian crime, and that will certainly never work in the long term.

Probably not even the “audience”; a portion don’t even know that they’re part of the network (misnamed files or unsolicited emails), and the vast majority of those that do would never (for a number of reasons, and evidenced quite nicely by historic record) personally participate in actual abuse. By the same token, don’t try to apply child pornography laws beyond their intended scope, to cartoons or written works or paintings or anything that doesn’t relate to actual exploitation of an actual child; you severely sap the confidence of the public to believe you can actually stop real child pornography if you’re using all of your considerable resources but not actually reducing the incidences of actual exploitation.

And as for the originators? You stop them the same way you always do. Actual police-work. Actual record-keeping. Register births. Register adoptions. Register schooling. Register immigration. Aggressively confront kidnapping as a top priority, and give every case immediate attention. Never stop looking, and co-ordinate everyone who is looking. If you’re going to use your international influence for any purpose, use it for this: insist that countries that don’t do it, or don’t do it well enough, improve under penalty of economic sanctions.

That’s not the last word, of course, but that’s the best start you could make.

averros • March 12, 2009 5:11 AM

@christopher: “Child pornography is not just “dirty pictures”. It’s abuse of powerless individuals by those who are supposed to be protecting them”.

You mean abuse of quiet perverts who don’t harm anybody – all they do is looking at the pictures – by the police, judges, and jailers?

I strongly doubt all that child porn witch hunt saved even as much as a single child from abuse. Going after “consumers” does absolutely nothing to protect children abused by producers.

Of course, going after producers is harder, requires real investigative work (and not just hanging out in chats), and won’t get as many victorious reports published. So, our “guardians” are not doing that – they pretend to protect children while abusing innocents – and fleecing the rest of us.

Dude • March 12, 2009 8:55 AM

There is some data out there. Can’t say where right now sorry, but seek and you will find.

The “true” child porn industry is in fact very small. The number of new “content” added in western accessable circles is on the order of one or two new victims per year.

Yes we shouldn’t ignore the problem. But we should also be realistic about the size of the problem.

The number of rape/abuse victims is far higher.

Now “underage”* porn is another story altogether. When one considers that what this is depends on country even within the EU one can see why.

I define underage porn as “young woman” models rather than “girls”. Turns out some contries do the “if you look too young” others only care if you *are too young and yet others care if you “represent someone” too young. Too young varies between 16 and 18 in most contires that I know of.

Martin Virtel • March 12, 2009 11:29 AM

Bruce, that post is outdated. The internet is not the preferred way for distributing child porn any longer, according to german lawmaker Jörg Tauss.

According to his own research into the business, PCs are considered “insecure” by insiders, as are servers. Those people contact each other in anonymous chatrooms or telephone chat lines or using cheap mobile handsets, and they deliver the material via snail mail. Less technology, less traces, more security.

Jörg Tauss got himself into trouble because he tried to research into the child pornography business on himself. He has been indicted for posessing the material.

You can read Tauss’ statement about how he got into contact with the child pornographers here:
http://daten.tauss.de/StellungnahmeTauss110309.pdf

Google translation:
http://translate.google.de/translate?prev=_t&hl=de&ie=UTF-8&u=http%3A%2F%2Fdaten.tauss.de%2FStellungnahmeTauss110309.pdf&sl=de&tl=en&history_state0=

Seth Breidbart • March 12, 2009 11:56 AM

You can’t track back through a proxy server that keeps no logs and deletes itself when threatened (e.g. when a heartbeat stops being received).

Some groups (of spammers, at least) use proxy servers that are installed without the user’s knowledge on pwned computers.

Michael Richardson • March 12, 2009 1:12 PM

So, if I want my health, financial and/or tax records to be kept safely, it seems what I need to do is to insert naked pictures (of myself, naturally), label them as being myself when I was 8. So, if my records get leaked, then the people in charge get charged with childporn.

Clive Robinson • March 12, 2009 3:40 PM

@ Seth Breidbart,

“You can’t track back through a proxy server that keeps no logs and deletes itself when threatened (e.g. when a heartbeat stops being received).”

That depends on what you mean by “track back”. If you mean at some time in the past then maybe maybe not, in real time then it’s not much of an issue.

Most “pwned” hosts have a single route to/from the Internet. Therefore such a host configured as a proxy will have the in and out trafic flowing through the same router.

If you time modulate all the in packets to a host due to low latency on the host the same modulation is present on the out traffic. However traffic that originates either from the host or from an internal network will not be modulated.

Frank • March 15, 2009 10:26 AM

What I liked of this article is that it gives the point of view of someone involved in child porn, and still at large. This is not something you find in the mainstream media, and whether some like to hear about it or not, should be.

It contained lots of bullshit about being untraceable, and “you can do nothing about it”. When one is involved in illegal activities I guess you adopt that mentality and false sense of security, reason by which he will end up arrested sooner than later.

But the child porn card is being played far too much by politicians in order to censor the internet. The latest outrage being some Republican politicians proposing that ISPs and Wifi providers keep logs of all actitivies for two years citing child pornography as a justification but not excluding those logs from being used for prosecuting children downloading MP3s on the Pirate Bay.

http://blog.wired.com/27bstroke6/2009/02/feds-propose-st.html

Jonadab the Unsightly One • March 15, 2009 2:38 PM

For all the technology that this scheme uses, the most difficult part of the nut to crack is the fake identity ring, the outfits that produce the forged documents that protect the identities of the true server operators.

The proxying technique cannot protect the content servers from identification for very long once one of the “proxy” servers is identified and a warrant obtained in the appropriate jurisdiction. You don’t have to break into the proxy server. You just have to do signals analysis on the traffic coming to and from it, and bang, you identify where it’s getting its content. Then you go for warrants in those jurisdictions. They can chain several together, but each one only incrementally adds to the amount of time required to trace the chain back to the conten servers.

Of course, your enforcement agency would need to be able to get warrants in a wide variety of jurisdictions, pretty much every place with enough infrastructure to host any of the servers. And this only gets you as far as shutting down the content servers, or isolating them from the network, or whatever. Discovering the true identity of the operators is still a matter of traditional detective legwork. You first start from ICANN and work your way down the IP block delegation chain to see who owns the network(s) they’re sitting on, then you go to them (with a warrant if necessary) for all the information they have about the servers in question, and you go from there.

But it may be easier to follow where the money goes when somebody buys the stuff.

ddd • April 2, 2009 11:36 AM

There is a big difference between looking and collecting photos and actually doing the deed. The is no different the the watching a murder movie vs actually doing a murder. Does watching a murder movie inspire people to commit murder, maybe in some cases. But that is a problem with the individual. Most people don’t watch murder movies and go out and kill people.

The law is bullshit on this issue. Politicians just create a fuss to get votes. Cops looking for promotions and trying to be heroes. I think fighting this imbalance is why a lot of people do what they do.

ddd • April 2, 2009 11:43 AM

…and how about pictures of real murder victims. Should those be illegal too? I watched a show about famous murders that showed real photos of dead bodies. Funny how I did not go out and murder anyone for the sake of creating more photo content of murdered bodies.

jayz • April 2, 2009 11:41 PM

Check out Kommute for anonymous filesharing.

http://kommute.sourceforge.net/

Basically everybody’s computer acts as a proxy for everyone else. Everyone has plausible deniability.

GeorgeB • May 18, 2010 3:25 PM

Moral crusades are as dangerous as the wrongs they try to prevent. This current global generation really should look at the wider picture and realise that the over-protection of a child’s welfare is damaging many aspects of society.
Children playing outside, walking to school or catching a bus or train. The list goes on.
A guy on top of this page pretty much summed up an average male’s train of thought about not helping the little girl who had an accident.

That’s how dumb this population is now, when it comes to “how things look”. The moral crusaders have a lot to answer for, even if their intentions were for the greater good.

I’ve heard stories of father’s feeling they can’t even hug their children because they’re worried what some people might think. It’s been taken all way too far and I can’t see it getting better.

Maybe they should ban everyone from ever having children from here on in. At least that way people will be rest assured no more children will get abused.

LaKa • July 21, 2010 6:11 PM

Intelligent views on child abuse and child porn etc are rare these days. Even within the professional field of psychology being politically correct is a priority before stating facts or finding and examining them. (a metapsychology is much needed here!) Anyway, one of few exeptions is Judith Levine’s excellent book from 2002 “Harmful to Minors – The Perils of Protecting Children From Sex”. A book just as important as neglected of course.

(As Foucault observed – people need paedophiles and other “monsters” to consolidate their own normality, or rather, to uphold the illusion of their normality!)

http://thepiratebay.org/torrent/5053933/Harmful_To_Minors_by_Judith_Levine_eBook_PDF

http://en.wikipedia.org/wiki/Harmful_to_Minors

LaKa • July 21, 2010 8:34 PM

“child abuse” should be “sexual child abuse” in the previous comment.

John • July 22, 2010 4:28 AM

Since the letter you link to was written by an anonymous apologist for child pornography, the information has zero value. The techniques described with proxy accounts created with stolen cards and the use of encrypted tunnels, have been used by file sharers (ftp etc) for decades. And the author’s complete ignorance is revealed by this sentence: “the communication link can even be configured to be encrypted”. The communication links are always encrypted of course. Why would they not be?

With the large scale monitoring in place of internet traffic and financial transactions, this kind of activity is in fact dependent upon the partial complicity of certain authorities and ISPs.

mikethomson • January 21, 2021 9:55 PM

Thanks for the blog loaded with so many information. Stopping by your blog helped me to get what I was looking for. Freevideo

mike thomson • April 5, 2021 12:00 AM

Wow! Such an amazing and helpful post this is. I really really love it. It’s so good and so awesome. I am just amazed. I hope that you continue to do your work like this in the future also scambistimaturi

Leave a comment Cancel reply

← Security Theater Scare Mongering Google Maps Spam →

Sidebar photo of Bruce Schneier by Joe MacInnis.