Child porn case : Court orders FBI to release the source code of TOR exploit used

Court orders FBI to release the source code of the hacking tool used to hack thousands of computers involved in child porn

We had reported how the United States premier investigating agency, the Federal Bureau of Investigation had created a honeypot to trap to those involved in child porn trafficking. FBI used a special hacking tool to take over operations of a child pornography site known as ‘Playpen’, which also helped them track some 1,300 Playpen visitors. Now a US court has ordered the FBI to release the source code used by it to hunt down suspects involved in child porn.

Playpen, which FBI has called “the largest remaining known child pornography hidden service in the world,”  operated on the Dark Web and could be accessed only using Tor anonymizer or similar specialised browser. FBI used a special hacking tool to capture control of the site in February 2015 but instead of shutting it down, FBI rather kept the illegal content up for two weeks to trap 1,300 visitors’ IP addresses, including some in Chile, Greece, and the UK.

Not only did it run the pedophile website, it also hosted thousands of sexually explicit images of children, some well below kindergarten age, on its own servers in suburban Washington.

For all its efforts, the FBI managed to arrest some 137 people in the honeypot operation. Now some of the accused have approached the court to make FBI reveal just how the investigative agency identified them. The court acceded to their request and announced on Wednesday that FBI should release the source code for the hacking tool.

One defendant’s attorney persuaded a federal judge to order the release of the FBI’s entire code used in the broad sting. Colin Fieman, a federal public defender involved in the case, told Motherboard the judge meant “everything,” the FBI used, including an exploit, or attack, on a vulnerability in the Tor browser’s security as well as a network investigative technique (NIT) hacking tool to entangle Playpen and its users.

Wednesday’s court order follows a prior limited release of the FBI’s NIT code. Last month, the Fieman’s code expert, Vlad Tsyrklevitch, reviewed the NIT code to find it lacking a section that would have confirmed its uniqueness. What’s crucial about that is the defense’s ability to show if its client, Vancouver School District employee Jay Michaud, had his computer improperly searched or additionally compromised.

“This component is essential to understanding whether there were other components that the Government caused to run on Mr. Michaud’s computer, beyond the one payload that the Government has provided,” Michaud’s lawyers wrote in an earlier filing, Motherboard reported.

The defense told the court that the FBI was complicit in distributing, or even itself distributed, child pornography after the takeover of Playpen. The court, however, did not find FBI’s methods as “outrageous conduct.”

LEAVE A REPLY

Please enter your comment!
Please enter your name here