nanog mailing list archives

RE: William was raided for running a Tor exit node. Please help if you can.

From: "Naslund, Steve" <SNaslund () medline com>
Date: Fri, 30 Nov 2012 16:09:21 -0600

From: Jimmy Hess [mailto:mysidia () gmail com] 
Sent: Friday, November 30, 2012 3:47 PM
To: William Herrin
Cc: NANOG list
Subject: Re: William was raided for running a Tor exit node. Please

help if you can.

On 11/29/12, William Herrin <bill () herrin us> wrote:

If the computer at IP:port:timestamp transmitted child porn, a

warrant

for "all computers" is also too broad. "Computers which use said IP

As you know, there may always be some uncertainty about which computer

was using a certain IP address at a certain time --  the computer

assigned that address might have been off,  with a   deviant
individual spoofing MAC address and IP address of a certain computer,

using different equipment still attached to the same physical LAN.

Their warrant authors will probably not say "all computers";  they will

more likely say something like all digital storage media,  and equipment

required for access.


        Funny thing is they hit his residence, not the location where
the Tor server was located.  Most likely they tracked the Tor server's
IP to an        account at the ISP that hosted it, that pointed at his
residence.  Strange that they did not seize the server itself according
to the interview of     the guy involved.

Which includes all hard drives, SSDs,  CF cards, diskettes, CDRs,  and

all the computing equipment they are installed in  (keyboard, monitor,
mouse, >etc)  normally used to access the media.

        Probably said all computing equipment and media on the premise.
That is extremely common language for these warrants.  I have never,
ever, heard of a seizure that only involved a single IP address.  The
cops know that media moves around.

address or which employ forensic countermeasures which prevent a

ready

determination whether they employed said IP address." And have a

DHCP?

qualified technician on the search team, same as you would for any 
other material being searched.

If they had a qualified technician,  they probably wouldn't be raiding
a TOR exit node in the first place;   they would have investigated the
matter  more thoroughly, and saved precious time.


Remember, they did not raid the Tor exit node.  They raided the home of
the guy running the Tor exit node.  Way different.

--
-JH



Steven Naslund

Current thread:

Re: William was raided for running a Tor exit node. Please help if you can., (continued)
- - - Re: William was raided for running a Tor exit node. Please help if you can. Michael Painter (Nov 29)
    - Re: William was raided for running a Tor exit node. Please help if you can. Barry Shein (Nov 30)
    - Re: William was raided for running a Tor exit node. Please help if you can. Miles Fidelman (Nov 30)
    - Re: William was raided for running a Tor exit node. Please help if you can. William Herrin (Nov 30)
    - Re: William was raided for running a Tor exit node. Please help if you can. William Herrin (Nov 29)
    - Re: William was raided for running a Tor exit node. Please help if you can. Warren Bailey (Nov 29)
    - Re: William was raided for running a Tor exit node. Please help if you can. Patrick W. Gilmore (Nov 29)
    - Re: William was raided for running a Tor exit node. Please help if you can. William Herrin (Nov 29)
    - Re: William was raided for running a Tor exit node. Please help if you can. Jimmy Hess (Nov 30)
    - Re: William was raided for running a Tor exit node. Please help if you can. Rayson Ho (Nov 30)
    - RE: William was raided for running a Tor exit node. Please help if you can. Naslund, Steve (Nov 30)
    - Re: William was raided for running a Tor exit node. Please help if you can. William Herrin (Nov 30)
    - RE: William was raided for running a Tor exit node. Please help if you can. Naslund, Steve (Nov 30)
    - Re: William was raided for running a Tor exit node. Please help if you can. Michael Painter (Nov 30)
    - RE: William was raided for running a Tor exit node. Please help if you can. Naslund, Steve (Nov 30)
    - Re: William was raided for running a Tor exit node. Please help if you can. Jay Ashworth (Nov 29)
    - RE: William was raided for running a Tor exit node. Please help if you can. Naslund, Steve (Nov 29)
    - RE: William was raided for running a Tor exit node. Please help if you can. Scott Berkman (Nov 29)
    - Re: William was raided for running a Tor exit node. Please help if you can. Jay Ashworth (Nov 29)
    - RE: William was raided for running a Tor exit node. Please help if you can. Naslund, Steve (Nov 29)
    - Re: William was raided for running a Tor exit node. Please help if you can. Jim Mercer (Nov 29)

(Thread continues...)