As part of the operation that took down Playpen, the FBI was then able to identify and arrest the nearly 200 child porn suspects.
#ONION TOR NUDES MAC#
That NIT, which many security experts have dubbed as malware, used a Tor exploit of some kind to force the browser to return the user’s actual IP address, operating system, MAC address, and other data. "I think it’s a reasonable assumption-I don’t think the FBI would be doing their job if they weren’t.” “Doing the math, it’s not zero sites, it’s probably not all the sites, but we know that they’re getting authorization for some of them," she said. Her research began in April 2016, and it shows that as of August 2016, there were 29 unique child porn related sites on Tor-hidden servers. Lewis runs OnionScan, an ongoing bot-driven analysis of the Tor-hidden darknet. Security researcher Sarah Jamie Lewis told Ars that “it’s a pretty reasonable assumption” that at one point the FBI may have been running roughly half of the known child porn sites hosted on Tor-hidden servers. “But definitely no other way to read that than websites 1-23 were hosted at a government facility, with the FBI's knowledge and to the FBI's informational benefit. “That paragraph alone doesn't quite say the FBI is operating them,” Fred Jennings, a cybercrime lawyer, told Ars. Such request data can be paired with data collected by the NIT, however, in order to attempt to identify a particular user and to determine that particular user's actions on Websites 1-23. That data collection is not a function of the NIT. While Websites 1-23 operate at a government facility, such request data associated with a user's actions on Websites 1-23 will be collected. In the normal course of the operation of a web site, a user sends "request data" to the web site in order to access that site. Our original story follows.Īccording to an FBI affidavit among the unsealed documents: This is what led Christopher Soghoian, a technologist at the American Civil Liberties Union, to conclude, in an interview with Vice Motherboard: "while the warrant authorized hacking with a scalpel, the FBI delivered their malware to TorMail users with a grenade."Īrs regrets our misunderstanding of this case. The fact that this tactic was deployed seemingly against people seeking child porn and also against hundreds of TorMail users, who may not have committed any crimes, raises serious questions. As of August 4, all of the sites on Freedom Hosting began showing a fake error message to their users, but were actually deploying this NIT as a way to unmask users. Joseph Cox, a journalist, pointed out in a Medium post on Saturday that the “network investigative technique” (NIT) data was collected between August 3 and Augagainst the users of the child porn sites. (Marques has been ordered extradited from Ireland to the United States, but an appeal on that ruling is still pending.) American prosecutors say Freedom Hosting was run by Eric Eoin Marques, and Irish-American living in Ireland. This case, and the newly unsealed documents are part of an ongoing and still largely sealed case against users of Freedom Hosting, a Tor-hidden hosting company. UPDATE Sunday 12:41pm ET: We have clarified our original story and headline to more clearly and accurately reflect the fact that while the FBI did take over the 23 child porn sites in question, unlike the Playpen case, the agency does not appear to have actually operated them, or allowed them to continue to operate.