I hadn’t heard of this one before. In New Zealand, people viewing adult websites — it’s unclear whether these are honeypot sites, or malware that notices the site being viewed — get a pop-up message claiming it’s from the NZ Police and demanding payment of an instant fine for viewing illegal pornography.
EDITED TO ADD (2/12): There’s a Japanese variant of this called “one-click fraud.”
Posted on March 4, 2013 at 2:04 PM •
Kenzero is a Japanese Trojan that collects and publishes users’ porn surfing habits, and then blackmails them to remove the information.
EDITED TO ADD: There’s a paper at the upcoming ACM CCS conference examining similar Japanese scams.
Posted on September 13, 2010 at 6:46 AM •
This article claims the software that runs the back end of either 35% or 80%-95% (depending on which part of the article you read) has been compromised, and that the adult industry is hushing this up. Like many of these sorts of stories, there’s no evidence that the bad guys have the personal information database. The vulnerability only means that they could have it.
Does anyone know about this?
Posted on December 28, 2007 at 7:54 AM •
Spammers have created a Windows game which shows a woman in a state of undress when people correctly type in text shown in an accompanying image.
The scrambled text images come from sites which use them to stop computers automatically signing up for accounts that can be put to illegal use.
By getting people to type in the text the spammers can take over the accounts and use them to send junk mail.
I’ve been saying that spammers would start doing this for years. I’m actually surprised it took this long.
Posted on November 1, 2007 at 2:37 PM •
So, this pedophile posts photos of himself with young boys, but obscures his face with the Photoshop “twirl” tool. Turns out that the transformation isn’t lossy, and that you can untwirl his face.
He was caught in Thailand.
Moral: Don’t blindly trust technology; you need to really know what it’s doing.
Posted on October 26, 2007 at 6:44 AM •
How not to delete evidence. First, do something bad. Then, try to delete the data files that prove it. Finally, blame it on adult content.
Hawaiian alleged Murnane — who was placed on a 90-leave by Mesa’s board last week — deleted hundreds of pages of computer records that would have shown that Mesa misappropriated the Hawaiian information.
But Mesa says any deletion was not intentional and they have copies of the deleted files.
“He (Murnane) was cruising on adult Web sites,” said Mesa attorney Max Blecher in a court hearing yesterday. Murnane was just trying to delete the porn sites, he said.
EDITED TO ADD (11/6): In the aftermath, the CFO got fired and Mesa got hit with an $80 million judgment. Ouch.
Posted on October 9, 2007 at 2:02 PM •
The headline is all you need to know:
Teen cracks AU$84 million porn filter in 30 minutes
(AU$84 million is $69.5 million U.S.; that’s real money.)
Remember that the issue isn’t that one smart kid can circumvent the censorship software, it’s that one smart kid — maybe this one, maybe another one — can write a piece of shareware that allows everyone to circumvent the censorship software.
It’s the same with DRM; technical measures just aren’t going to work.
Posted on August 30, 2007 at 12:50 PM •
U.S. courts are weighing in with opinions:
When Ray Andrus’ 91-year-old father gave federal agents permission to search his son’s password-protected computer files and they found child pornography, the case turned a spotlight on how appellate courts grapple with third-party consents to search computers.
The case was a first for the 10th U.S. Circuit Court of Appeals, and only two other circuits have touched on the issue, the 4th and 6th circuits. The 10th Circuit held that although password-protected computers command a high level of privacy, the legitimacy of a search turns on an officer’s belief that the third party had authority to consent.
The 10th Circuit’s recent 2-1 decision in U.S. v. Andrus, No. 06-3094 (April 25, 2007), recognized for the first time that a password-protected computer is like a locked suitcase or a padlocked footlocker in a bedroom. The digital locks raise the expectation of privacy by the owner. The majority nonetheless refused to suppress the evidence.
Excellent commentary from Jennifer Granick:
The Fourth Amendment generally prohibits warrantless searches of an individual’s home or possessions. There is an exception to the warrant requirement when someone consents to the search. Consent can be given by the person under investigation, or by a third party with control over or mutual access to the property being searched. Because the Fourth Amendment only prohibits “unreasonable searches and seizures,” permission given by a third party who lacks the authority to consent will nevertheless legitimize a warrantless search if the consenter has “apparent authority,” meaning that the police reasonably believed that the person had actual authority to control or use the property.
Under existing case law, only people with a key to a locked closet have apparent authority to consent to a search of that closet. Similarly, only people with the password to a locked computer have apparent authority to consent to a search of that device. In Andrus, the father did not have the password (or know how to use the computer) but the police say they did not have any reason to suspect this because they did not ask and did not turn the computer on. Then, they used forensic software that automatically bypassed any installed password.
The majority held that the police officers not only weren’t obliged to ask whether the father used the computer, they had no obligation to check for a password before performing their forensic search. In dissent, Judge Monroe G. McKay criticized the agents’ intentional blindness to the existence of password protection, when physical or digital locks are such a fundamental part of ascertaining whether a consenting person has actual or apparent authority to permit a police search. “(T)he unconstrained ability of law enforcement to use forensic software such at the EnCase program to bypass password protection without first determining whether such passwords have been enabled … dangerously sidestep(s) the Fourth Amendment.”
If courts are going to treat computers as containers, and if owners must lock containers in order to keep them private from warrantless searches, then police should be required to look for those locks. Password protected computers and locked containers are an inexact analogy, but if that is how courts are going to do it, then its inappropriate to diminish protections for computers simply because law enforcement chooses to use software that turns a blind eye to owners’ passwords.
Posted on June 5, 2007 at 6:43 AM •
Tom Kyte, Oracle database expert, relays a surreal story of a border crossing into the U.S. from Canada:
He clicks on it and it asks for a password. He looks surprised and says “it needs a password”. I was like – that is OK, I have it, here you go… Now he is logged in. But — my desktop looks a tad different from most — there is no IE on the desktop, just the recycle bin and a folder called programs — nothing else.
He really doesn’t know what to do now. No special searching software, nothing. He looks at me and says “you know what we are doing here right?”. I said — not really (I knew what we were doing, I read the news and all, but just said “no”). “Well” he says “we are looking for pornography”. Ahh I say… Ok, no problem.
But he is stuck. There is nothing familiar. So he clicks on the start menu and finds “My Pictures”. You know, if I was into that — that is precisely where I would stick all of my porn — right there in “My Pictures”. He goes into it — and sees all of my folders. And all of my pictures, which we looked at. He said “wow, you travel a lot”, I said “yup”.
Posted on March 22, 2007 at 10:39 AM •
According to CNN:
Sudanese security forces have begun seizing laptop computers entering the country to check on the information stored on them as part of new security measures.
One state security source said the laptops are searched and returned in one day and that the procedure was introduced because pornographic films and photographs were entering Sudan.
U.N. officials, aid agency workers, businessmen and journalists who regularly visit Sudan worry the security of sensitive and confidential information such as medical, legal and financial records on their computers could be at risk.
Authorities have cracked down on organizations like Medecins Sans Frontieres, the International Rescue Committee who have published reports on huge numbers of rapes in the violent Darfur region.
(More commentary here.)
While the stated reason is pornography, anyone bringing a computer into the country should be concerned about personal information, writing that might be deemed political by the Sudanese authorities, confidential business information, and so on.
And this should be a concern regardless of the border you cross. Your privacy rights when trying to enter a country are minimal, and this kind of thing could happen anywhere. (I have heard anecdotal stories about Israel doing this, but don’t have confirmation.)
If you’re bringing a laptop across an international border, you should clean off all unnecessary files and encrypt the rest.
EDITED TO ADD (9/15): This is legal in the U.S.
EDITED TO ADD (9/30): More about the legality of this in the U.S.
Posted on September 13, 2006 at 6:44 AM •
Sidebar photo of Bruce Schneier by Joe MacInnis.