FBI's Tor pedo torpedoes torpedoed by United States judge A ruling by a US federal judge could unravel as many as 1,200 criminal prosecutions of alleged pedophiles by the FBI. Massachusetts District Court Judge William Young today declared that the magistrate judge who issued a warrant authorizing the FBI to infect suspects' PCs with tracking malware lacked the proper authority to do …
Put simply, dear FBI please remember that while ordinary criminals are allowed to indulge in 'trying to weasel or more accurately shyster your way around these little scraps of paper called the Constitution and Bill of Rights', others especially you Mr FBI are not allowed such freedom.
Next time get the slim bags bang to rights.
There fixed that one for you.
To be fair they could have just infected the machines without asking and faked the source of the intelligence later, like they have with the Stingray phone trackers.
They asked for and got a warrant, so they were at least trying to comply with the law. They just screwed up and asked the wrong judge, if they had asked the right one they would have been fine.
It was a screw-up, not a deliberate attempt to circumvent warrants, IMO.
The point here is NOT the FBI, it was the judge who signed a warrant that was outside of his jurisdiction ... that is definitely the culprit, not so much the FBI .... I mean, the judge MUST BLOODY WELL KNOW THE LIMITS OF HIS JURISDICTION ... I guess it's just another elected idiot who never made it past Primary School ... not so sure how the legal system works in the US, I do know for sure, though, that a judge in the UK, France, The Netherlands, or Germany who signs a warrant covering parties outside of his jurisdiction without amending the warrant accordingly and notifying the requester gets into SERIOUS trouble ...
He's a judge, not an IT guy. Heck, he probably has to call his niece when his iPhone acts up. I also assume the Feds picked a lenient judge and went in and said "look we need this warrant to nab some pedo. All we're going to do is install some software on his machine to track him" the judge isn't necessarily going to understand that the pedo in question could be anywhere especially if they come to him just before his scheduled tee time as he's trying to get out on the links.
a_yank_lurker
A question: "Do NOT federal (or as you seem to prefer feral) officials take an oath to protect, and defend the Constitution, and faithfully execute the laws of the United States??"
Because, if that is true, then aren't those federal officials who violate the Constitution be guilty of treason?? IIRC, since the USofA is at war somewhere then treason during times of war is a death penalty case. Try them for treason, and if found guilty, then give them the appropriate sentence.
Root problem is that judges and courts have geographically-based jurisdiction, and of course the Internet isn't geographically-based.
Additionally, in this case, it's this entire united 'states' thingy, where the individual states have far too much power. Them giving up on the Monarchy was a huge mistake.
A solution might be either a court with jurisdiction over the entire (USA) Internet, or a SCOTUS ruling to define the applicable jurisdiction, perhaps based on the address of the server itself.
>Them giving up on the Monarchy was a huge mistake.
You got my down-vote because, in the Middle Ages, a monarchy made a lot of sense, not such much since the 17th century, though. Yes, we still have some surviving monarchies in Europe, with unelected consanguineous cretins (hereditary BS) holding on to this or that power knob, treading all over democracy. Funny, that inhabitants of those nations keep trying to give us others (democratic republics) democracy-lessons ... Britain, YES, I am looking at you ...
Thanks for the laugh, though!
@Hans 1: Yes, from Blighty, how is that democracy of yours going in the US? You know, the one you keep trying to force on the rest of the planet at the end of a gun barrel whilst the fabric of your society slowly decays amidst your crumbling financial empire? At least Britain knew when to call it a day whereas the US seems to want to go broke fighting the inevitable.
"Root problem is that judges and courts have geographically-based jurisdiction, and of course the Internet isn't geographically-based."
Those in the FBI who are in the habit of writing trojans which they subsequently install on suspects' systems probably ought to understand the Internet and the laws pertaining to obtaining evidence, warrants, etc,
Your post indicates a complete ignorance of the US and it's basic legal organization.
The US is a collection of states, much like the EU is a collection of small countries. Would you want Brussels to be able to tell Wales to do something because France wants it?
Our founding document, the Constitution, explicitly relegates all authority not specifically assigned to the Federal government to the individual states. It's the 10th Amendment.
In this case, you have a judge who didn't understand the extent of the warrant he was signing. And that is laid on the Fibbies whobasked for the warrant. Due diligence would require them to explain that until they have the IPs of the suspects, they have no clue what their geographical location is.
The only way they could have pulled this off is if the actual darknet site was hosted on a server in that judge's jurisdiction.
Which is just the sort of thing that is going on at the moment.
We joined a small trading union. Very few ordinary people realised at the time what the *published* aims of the "4th Reich" were. And are.
O'Bambi - When you're a guest over here you're a guest of Her Majesty and ALL her people - - not shiny Dave's latest pathetic mouthpiece.
So keep your grubby mouth out of British Constitutional Politics. Your own miserable legacy should be enough for your over inflated ego.
Put it another way if you still don't understand yet: How would YOU feel if you were running for a second term right now and Shiny Dave sent his sidekick Osbo over to the US to support D. Trump Esq and diss you something rotten??
If they had written their tool to simply display an advert in the web browser, pulling a small image file from their servers while posting the machines MAC address to the server I think the FEDs would have got away with it. No, your honor - we didn't search their machine - we just served them an advert.
pulling a small image file from their servers while posting the machines MAC address to the server
1. MAC addresses are not included in HTTP requests
2. Browsers do not offer MAC address information to websites
3. Tor acts as a local network proxy, so the browser wouldn't know what MAC address was being used
4. MAC addresses are arbitrary and can be changed on a whim by the user
The FBI already owned the server in question, so they already had all the information normal browser usage divulges.
@ Bob Wheeler
Most modern network drivers allow you to change the MAC address within your OS. No need to change hardware.
This all happened when network hardware vendors started recycling MAC addresses. All of a sudden, it was theoretically it's possible to have duplicate MAC addresses on a network. Very, very unlikely, but because of this, the ability to change mac addresses was added to drivers.
Back in '98 I and two colleagues were building new desktops with FreeBSD (over the wire from Sun hosting servers :)
Each time one of us started the build process, one of the others' borked. Turns out all three machines were shipped with NIC's that had identical MAC addresses.
What are the odds of that eh?
>Turns out all three machines were shipped with NIC's that had identical MAC addresses.
>What are the odds of that eh?
Quite high if you buy cheap clone NICs :-)
(Speaking from experience. That's how I learnt how easy it was to set the local Mac address - we used to set a fairly random one - exept the last 4 digits were the users phone number..)
One of the things they teach you in law school and the training academy of every LEO in the USA, is what kind of judge is needed for what level of search.
The Feds screwed up. They should have gotten another warrant before they went outside the boundaries of the warrant they had. And if they didn't know the difference they shouldn't be in law enforcement.
Given other warrants and court orders the FBI have gained, I suspect that they asked this particular magistrate because they knew that one would say yes.
And didn't ask the correct judges because they were unsure of which answer they would give.
Otherwise we're expected to assume outright stupidity on the part of the FBI.
Go on FBI, are you lawbreakers or idiots?
Part of me wonders if the FBI did this deliberately, in order that a "think of the children!" outrage could cause a "yeah the FBI violated the constitution on a technicality but these are REALLY AWFUL PEOPLE so we'll let them get away with it" exception made that they could use in later cases as a precedent, thus inexorably weakening constitutional protections.
Only a kiddy-fiddler-supporting scumbag could disagree, right?
Drip drip drip.
Judicial rulings can make surprisingly entertaining reading in a bland sort of way. Especially the polite, indirect ways they go about telling the losing party that they're basically idiots. I even learned a new word, "improvident" (which it would be to extend the Good Faith exceptions to completely invalid warrants.)
On a more serious note, I do have a certain amount of sympathy for the government's argument that there needs to be some way to obtain a warrant against a computer hiding behind Tor, but it doesn't sound like they made their best attempt here, not going to the right kind of judge. And in any case, they are bound by law as it stands, not what it should be, just like the rest of us.
So you are you saying, if you visit dodgy websites (and let us all be clear it was a dodgy website) you have to be careful what you might catch?
Is there anyone on here or for that matter in much of the wider world who did not know that?
Worse still many more normal web sites also harbour very dodgy adverts that make ad suppressing software almost mandatory these days.
>So you are you saying, if you visit dodgy websites (and let us all be clear it was a dodgy website) you have to be careful what you might catch?
They can plant the malware to open a browser window to dodgy website to get you into jail, all they need is a waterhole - a torrent site ... you think you got Rocky IV (or whatever) when in effect you got a specially crafted vid file with malware .... and end up in jail because, well, the feds found child-p0ги0 on his box ...
Here they claim that they served the malware EXCLUSIVELY from that website, but, who knows ? Also, imagine, somebody got onto that site because his/her system was infected with malware that opened a browser window to that site ... which was left open for hours as the system was un-attended ... then a windows update install forced a reboot ... the bloke does not even know his computer was connected to that website for hours ...
All this is a dangerous precedent, and means the FBI is putting businesses and the public at risk because they know of unpatched vulnerabilities that ARE USED IN THE WILD [WILD WEST].
Please FBI, write a nice open letter to all of those traced under this arrangement. It should address the recipients in a nicely worded open letter through all major news outlets explaining that because of a legal 'misstep' they will not be prosecuted for their kiddie porn watching activities.
The FBI should also say that they are very sorry for not being able to proceed with further action at this time.
Vindictive bastard aren't you!
Ever heard of innocent until proven guilty or does the very mention of something you find distasteful turn off all your critical faculties? I fear for the paediatricians living in your area, they must be terrified to go out at night!
This post has been deleted by its author
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
