funsec mailing list archives

Re: FBI CP sting

From: "Thomas Raef" <traef () ebasedsecurity com>
Date: Thu, 20 Mar 2008 16:30:59 -0500

On Thu, 20 Mar 2008, Alex Eckelberry wrote:

The FBI has recently adopted a novel investigative technique: posting
hyperlinks that purport to be illegal videos of minors having sex,

and

then raiding the homes of anyone willing to click on them.


That's just weird.  Since the "video" files contained nothing illegal,
they must take "clicking on them" as an indicator that other illegal
things went on in the house containing the computer with the IP address
in question.  Does that stand up in court?  If so, why does it stand
up?
Where's the presumption of innocence?

Couldn't someone like the recently apprehended SWATTER "lil Hacker"
make
some people's lives miserable by gaining access to an IP address via an
open wireless AP and "clicking on a video"?  Couldn't the nearly super-
powered Red Army CyberWar Battalion hack into, say Michael Hayden's
home
PC, and send  "click" to the "video", getting the FBI to do a little
Harrasment & Interdiction on someone who has to be the Battalion's
Greatest Enemy?

Why do they need someone to "click on a video" if Carnivore I mean DCS-
3000
is so frigging good?  Can't the NSA just give the FBI a few hints about
who
to monitor based on the Tap Rooms in AT&T central offices?  Maybe they
will
after Agent Mulder kicks in Hayden's door at 3am some morning.

Also, how do they account for programmatic access?  Googlebot, msnbot
"Yahoo!
Slurp", and a few other apparent bots scan my web server all the time.
For
giggles, I put a "robots.txt" file forbidding access to a couple of
enticingly
named directories ("porn", "payroll", stuff like that) that didn't
actually
exist in the htdocs/ directory.  At least one person or bot has tried
to access
those directories.  I have to conclude that a mis-guided recursive
"wget" of
the wrong IP address might get my door kicked in and all my computers
confiscated.
_______________________________________________


[Tom Replied With:] 

Maybe the reason someone like the recently apprehended SWATTER "lil Hacker" doesn't do that is because there's no money 
in it?

Unless they were to threaten to cause legal issues until the potential victim were to pay some amount of money.

Thomas J. Raef
e-Based Security, LLC
http://www.ebasedsecurity.com
traef () ebasedsecurity com
1-866-251-5803

No virus found in this outgoing message.
Checked by AVG. 
Version: 7.5.519 / Virus Database: 269.21.7/1335 - Release Date: 3/19/2008 9:54 AM
 

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

FBI CP sting Alex Eckelberry (Mar 20)
- Re: FBI CP sting Bruce Ediger (Mar 20)
  - Re: FBI CP sting mark seiden-via mac (Mar 20)
    - Re: FBI CP sting Kitsune (Mar 20)
- <Possible follow-ups>
- Re: FBI CP sting Thomas Raef (Mar 20)
- Re: FBI CP sting Paul Ferguson (Mar 20)
  - Re: FBI CP sting Rich Kulawiec (Mar 20)
    - Re: FBI CP sting Jacob Appelbaum (Mar 20)
- Re: FBI CP sting Randy Mueller (Mar 21)
  - Re: FBI CP sting Gadi Evron (Mar 21)