What If the Tor Takedown Relates to the Yemeni Alert?

Eli Lake and Josh Rogin reveal that the intercept between Ayman al-Zawahiri and Nasir al-Wuhayshi was actually a conference call between those two and affiliates all over the region.

The Daily Beast has learned that the discussion between the two al Qaeda leaders happened in a conference call that included the leaders or representatives of the top leadership of al Qaeda and its affiliates calling in from different locations, according to three U.S. officials familiar with the intelligence. All told, said one U.S. intelligence official, more than 20 al Qaeda operatives were on the call.

To be sure, the CIA had been tracking the threat posed by Wuhayshi for months. An earlier communication between Zawahiri and Wuhayshi delivered through a courier was picked up last month, according to three U.S. intelligence officials. But the conference call provided a new sense of urgency for the U.S. government, the sources said.

The fact that al Qaeda would be able to have such conference calls in this day and age is stunning. The fact that US and Yemeni sources would expose that they knew about it is equally mind-boggling.

But one thing would make it make more sense.

On Sunday, Tor users first discovered the FBI had compromised a bunch of onion sites and introduced malware into FireFox browsers accessing the system. Since then, we’ve learned the malware was in place by Friday, the day the US first announced this alert (though the exploit in FireFox has been known since June).

The owner of an Irish company, Freedom Hosting, has allegedly been providing turnkey hosting services for the Darknet, or Deep Web, which is “hidden” and only accessible through Tor .onion and the Firefox browser. The FBI reportedly called Eric Eoin Marques “the largest facilitator of child porn on the planet” and wants to extradite the 28-year-old man. About that time, Freedom Hosting went down; Tor users discovered that someone had used a Firefox zero-day to deliver drive-by-downloads to anyone who accessed a site hosted by Freedom Hosting. Ofir David, of Israeli cybersecurity firm Cyberhat, told Krebs on Security, “Whoever is running this exploit can match any Tor user to his true Internet address, and therefore track down the Tor user.”

If you’ve never visited the Hidden Wiki, then you should be fully aware that if you do, you will see things that can never be unseen. Freedom Hosting maintained servers for “TorMail, long considered the most secure anonymous email operation online,” wrote Daily Dot. “Major hacking and fraud forums such as HackBB; large money laundering operations; and the Hidden Wiki, which, until recently, was the de facto encyclopedia of the Dark Net; and virtually all of the most popular child pornography websites on the planet.”

But if you use Tor Browser Bundle with Firefox 17, you accessed a Freedom Hosting hidden service site since August 2, and you have JavaScript enabled, then experts suggest it’s likely your machine has been compromised. In fact, E Hacking News claimed that almost half of all Tor sites have been compromised by the FBI. [my emphasis]

So what if this takedown was only secondarily about child porn, and primarily about disabling a system al Qaeda has used to carry out fairly brazen centralized communications? Once the malware was in place, the communications between al Qaeda would be useless in any case (and I could see the government doing that to undermine the current planning efforts).

The timing would all line up — and it would explain (though not excuse) why the government is boasting about compromising the communications. And it would explain why Keith Alexander gave this speech at BlackHat.

terrorists … terrorism … terrorist attacks … counterterrorism … counterterrorism … terrorists … counterterrorism … terrorist organizations … terrorist activities … terrorist … terrorist activities … counterterrorism nexus … terrorist actor … terrorist? … terrorism … terrorist … terrorists … imminent terrorist attack … terrorist … terrorist-related actor … another terrorist … terrorist-related activities … terrorist activities … stopping terrorism … future terrorist attacks … terrorist plots … terrorist associations


Sitting among you are people who mean us harm

Just one thing doesn’t make sense.

Once NSA/FBI compromised Tor, they’d have a way to identify the location of users. That might explain the uptick in drone strikes in Yemen in the last 12 days. But why would you both alert Tor users and — with this leak — Al Qaeda that you had broken the system and could ID their location? Why not roll up the network first, and then take down the Irish child porn guy who is the likely target?

I’m not sure I understand the Tor exploit well enough to say, but the timing does line up remarkably well.

Update: Some re-evaluation of what really happened with the exploit.

Researchers who claimed they found a link between the Internet addresses used as part of malware that attacked Freedom Hosting’s “hidden service” websites last week and the National Security Agency (NSA) have backed off substantially from their original assertions. After the findings were criticized by others who analyzed Domain Name System (DNS) and American Registry for Internet Numbers (ARIN) data associated with the addresses in question, Baneki Privacy Labs and Cryptocloud admitted that analysis of the ownership of the IP addresses was flawed. However, they believe the data that they used to make the connection between the address and the NSA may have changed between their first observation.

Update: On Twitter, Lake clarifies that this conference call was not telephone-based communications.

32 replies
  1. Jay says:

    The DOJ revelation that they’d compromised TOR was incredibly short sighted. It doesn’t make sense to reveal access to encrypted sources like that at all. Much better to coordinate a series of raids on end-users than crow about the fact that you’ve cracked TOR. Doubtless there’s more to the story, but the outside contours lead to the inevitable conclusion that the people running these programs have revealed their methods and sources. Perhaps their reasoning is that political pressure can be brought to bear against politicians “who voted to protect child pornographers” by defunding the NSA. I can just see the Super PAC-funded ads now. “Call Senator XYZ to take a stand against child pornography!”

  2. Adam Colligan says:

    I think it seems more likely that the Tor attack was an FBI-directed operation aimed at the child-porn-trading lowlives using .onion services rather than anything else.

    This is firstly because initial reports of the malware phoning home to the NSA have now been called into question; I read one report (can’t find the link right now) concluding that the first analysts had misunderstood the IP address in question. The contractor assigns it to the FBI, not the NSA.

    Secondly, if it were a voice conference call that was intercepted, it seems unlikely that it was being conducted over the Tor network. In exchange for a high degree of anonymity, Tor introduces a very significant amount of latency, a pretty low rate of bandwidth, and some difficulties in maintaining a steady connection to a host. It would be very surprising to me that anybody would be having a conference call with a bunch of people trying to VoIP using Tor. Having said that, this does exist, so maybe I’m wrong: http://torfone.org/

    Thirdly, the Tor exploit that has been revealed did not break the encryption of the Tor connection or collect anything but a tiny bit of information. It just told the computer to connect to the attacker’s IP and send it information that it looked up internally on the machine – the MAC address and maybe something else that was indicative of the machine’s location.

    Fourthly, because all the Tor traffic is encrypted in layers (hence “onion”) as well as re-routed everywhere, it would take a lot more than this kind of attack to intercept *content* en-route. Yes, you might be able to get the locations of whomever had connected to a service (if first you could hack the service itself over Tor or access it physically). But again, that’s all the exploit does. If you wanted instead to actually listen, then you would probably need access to the audio on one of the machines participating. And if you have that, then getting the other users’ MAC addresses might help you target drone strikes, but it’s totally superfluous to getting a transcript of the call.

  3. emptywheel says:

    @Adam Colligan: Thanks. That’s really helpful.

    The FBI/NSA distinction is meaningless. The two work very closely together on CT, and you’d have to give the op an FBI face for a child porn break.

    I was suggesting the child porn thing was a mask, an attempt to suggest they were going after just that, so AQ might not know how deeply they were compromised.

    Also note, the courier capture earlier this month seems related. If they had a human courier carrying time detail, would it make it easier to reconstruct content, perhaps by tapping hardware somewhere? Maybe even the courier’s?

    Anyway, as I said, thanks for the comments. I haven’t though thru the tech side of this, but 1) I can’t believe AQ would have an actual conference call (or online chat) without something like TOR, and 2) the timing is awfully curious.

  4. Chris Harries says:

    “The DOJ revelation that they’d compromised TOR was incredibly short sighted.”
    Incredible, really, as is the rest of the story.
    Yemen is the least likely place on earth for AQ to be working against the government which is a creature of the Sauds’.

  5. Adam Colligan says:

    @emptywheel: It’s possible that “conference call” was a shorthand for text chat, in which case Tor is of course a very good option.

    People who need more bandwidth and reliability than they can get on Tor are, provided they have enough sophistication, likely to make use of private, anonymously-hosted VPN services rather than the Tor network itself. My impression is that this is what ordinary criminal hackers use to hide their tracks when doing high-throughput activities.

    @Jay: The “short sighted” comment also, I think, begs the question when it comes to speculation about a terrorism nexus. If the real target is child pornography, then it makes sense to move quickly once you’ve identified the big fish that you’re after. You’ve had to infiltrate their criminal, anonymity-obsessed server hosts over Tor in order to upload this malware. And you’ve had to use a zero-day-ish exploit in Firefox itself, which is constantly under review, in order to deploy it on people. If the main thing you’re able to collect is MAC addresses of hardware, you can’t wait for the predators to discover the breach, ditch their hardware, and maybe even skip town. Making a case against them would become much, much more difficult than it otherwise would be if you could just break down the door and seize the machine whose MAC address matches the one that connected to the service.

    If the real target is terrorism, then it would make more sense to use the information for drone strikes and renditions and the like, or just for finding machines that you want to physically compromise and then monitor. You would let the child abuse stuff go until AQ/AQAP figured out where their OpSec breach was, and then you would go and try to make the child porn arrests, taking your chances about whether they would have beaten AQ to the punch and covered their tracks.

  6. Casual Observer says:

    These comments from Adam Colligan make me think that a tech-savvy writer would be a huge asset to EW and contributors, going forward.

    The timing and specificity of this leak is troubling–makes no sense. We had NSA defenders desparately lauding how important ‘take it all’ surveillance was in measuring the increased level of diffuse “chatter”–and then we have this, which seems totally contradictory. So this leak serves to cloud the defense of NSA dragnet programs and it also seems totally damaging to any actual attempt to continue monitoring the AQ franchise.

  7. orionATL says:

    as an aside, the first newsreport i read of the tor sites compromise mentioned that a flaw in firefox 17 had been “discovered” and exploited by nsa/fbi. which, given the nsa revelations of the last couple of months, made me immediately suspicious that the flaw had been placed there delibetately.

    as for usg’s revelation of its exploits, i assume that sites would have discovered they were compromised and i believe, but am not certain, that that is what happened. i do recall a tor using alerting others saying something along the lines of “for your safety and security, immediately disable javascript”.

  8. turnip truck going off into the distance says:

    Another operation coincided with the tormail exploit: tormails sending scary child porn as a threat to frame various ‘activists.’ The obvious purpose was to frighten not AQ, but law-abiding users away from the privacy of Tormail. Impugning darknets with GI porn and pedos is a traditional government tactic.

    The fairly lame, unstealthy exploit is also consistent with keeping you from defending your human right to privacy. ‘Match any Tor user,’ my ass. The exploit (it was SAIC, not NSA itself) might have compromised you if you:

    – didn’t disable iframes;
    – ran Tor on Windows (Why would anybody do that?);
    – did not randomize your MAC address and use a VPN.

    The exploit didn’t lay a glove on Tor. It compromised the software of one hidden-service provider with flimsy security. So it certainly doesn’t mean that you should stop using Tor – unless you’re too dumb to use it correctly.

    And yes, kiddy porn is the universal US government pretext. The same regime that busted snuff-pornographer Marc Dutroux out of 20 prisons and locked up the victims of CIA sex-trafficker Larry King (Startpage ‘Franklin Scandal’) is now telling you how strict they are with kiddy porn. My ass. Pedophile blackmail is CIA’s stock-in-trade.

    …anyway, in this day and age, do you actually believe what the government tells you about intercepts? Come on. Kiddy porn was not the cover for an counterterror op. Counterterror was the cover for an attack on the privacy and freedom of association of independent civil society.

  9. orionATL says:

    @Adam Colligan:

    then there is the hall of mirrors possibility.

    the nsa/fbi may not have as much capacity to actually seize people and equipment as they would like the world of malfactors to believe.

    one way to multiply your apparent capability would be to achieve a small breakthrough in uncovering encrypted sites and then scare the bejesus out of folks who depend on the tor/onion protection by announcing that, leaving those depending on that protection wondering just how much gov knows and can do.

    that gets at command and control.

  10. lefty665 says:

    @Adam Colligan: There has been a lot of puffery about FBI’s new found wizardry. But, it smells like NSA continues to do the heavy technical lifting, as it always has. As you say, “FBI-directed operation”. That does not necessarily mean FBI performed, and could be a source of confusion.

    The take used to be that not much of anyone at FBI could find the bathroom without a paid informant. Has that really changed?

  11. Adam Colligan says:

    There is one other feature of this that I should have pointed out: while the information extracted from users of a Tor hidden service only would have affected some users, was relatively small, and just consisted of some metadata (information about the machine), the hackers probably had staged a more serious and extensive breach of the host in order to upload it in the first place. So it is still plausible that the FBI (or whoever) was accessing content at the host end even if this attack would not have allowed them to access it at the user end or in transit. The host will obviously not be releasing a public audit…

    Such breaches have happened before — I think maybe it was the same host that Anonymous went after, vigilante-style, a year or so ago.

  12. Adam Colligan says:

    @orionATL: When it comes to child porn capacity, I think you’re probably off the mark here. There are always stories — seemingly more frequently these days — about coordinated international arrests and raids that net large numbers of child-predators in closely-managed operations. My impression is that, whatever the bumbling nature of international internet investigations usually is (think MegaUpload), the child porn tasks forces seem to have their shit together, are able to stay on the same page, and get lots of arrests and charges. That seems to be a rare bright spot in this field.

    @lefty665: I would probably reverse your statement here. It seems more likely from the circumstances here that the NSA may have discovered the exploit, but the FBI actually ran the operation (and the FBI is the agency that has the necessary ties with international law enforcement). But I would even question this. Given the NSA’s institutional priorities when it comes to terror and cyberwarfare, I’m not sure that the NSA would have used up this exploit on an FBI child porn operation if they thought they could use it in the NatSec arena. So it would seem to me, in order of likelihood, that either (1) the FBI or an equivalent (the Dutch have been working on hacking permission from courts for a while) found this exploit itself and applied it to its own high institutional priority (protecting children). (2) The NSA found the javascript exploit and shared it with the FBI just because, or in some other context, and the FBI worked out how to use it against Tor and then went and did its own thing with it. (3) The NSA worked out the whole exploit, but they could not use it against AQ. This is because AQ doesn’t actually use vulnerable Tor configurations, because the Tor services that AQ uses weren’t on vulnerable hosts, or because AQ figured it out after the NSA used it for a while. But since Zawahiri doesn’t exactly have a red line to call up paedophile abuse rings, the exploit was still “zero day” as far as the FBI was concerned. (4) The NSA had to let the FBI have this one because of a back-scratching agreement for all the other ridiculously illegal/cheeky things the FBI does on behalf of the NSA.

  13. emptywheel says:

    @Adam Colligan: Yeah, I’m wondering if the “conference call” thing overstates it.

    But I agree with your thinking on child bust v terrorism. That said, the drone strike bonanza started 12 days ago. It has intensified since these leaks came out (which, btw, may have derived from Yemeni sources).

  14. emptywheel says:

    @turnip truck going off into the distance: Agree with everything you say abt kiddie porn being the universal cover and CT being the cover as well. I’ve written about it extensively.

    All that said, I do find the coincidence interesting.

    The leaks may all be bullshit and coordinated. So may the scare itself. And the timing of it may be skewed (that is, the scare may already be rolled up, as UndieBomb 2.0 was). But if the scare is not (big if), then the leaking about intercepts don’t make sense unless they already disabled that means of communication.

  15. greengiant says:

    Who at black hats was Alexander threatening? What activities was he trying to discourage?

    “Sitting among you are people who mean us harm”

  16. JThomason says:

    I am wondering how well inner-agency competition is managed. The inter-agency dynamics are set out pretty well here. Obviously the establishment of a DNI is intended to exert some hierarchal pressure put probably limits the scope of effective intelligence operations. The CIA has had to resort to non-disclosure agreements and withering polygraphs to manage containment of the Benghazi story.

    Or are we just all going to have to buy into some species of a “bubble kabuki” narrative in support of the endless perpetuation of a national security/military machine with an insatiable thirst for petrol? I suppose with shale oils in play peak oil estimations would have to be pushed out in time, perhaps by centuries.

    Does any other resource have a constituency in these operations?

  17. Arbusto says:

    “Sitting among you are people who mean us harm”
    The next step in turning neighbor against neighbor. As an example, when an employer contacted the gov because an employee was googling pressure cookers. Has the credit card purchases of pressure cookers and backpacks been affected since it’s been revealed you may get a call from your local Gestapo unit?

  18. seedeevee says:

    @Adam Colligan: “My impression is that, whatever the bumbling nature of international internet investigations usually is (think MegaUpload), the child porn tasks forces seem to have their shit together, are able to stay on the same page, and get lots of arrests and charges. That seems to be a rare bright spot in this field.”

    The Governments propaganda works strongly with you, sir.

    I can see from your comment that you have already taken the choicest bait of all — the “look over here where the Government does no wrong” trap. What do any of really know how these secret “task forces” work? Would any of us really be able to see information on the techniques for these “international internet investigations” or would they be hidden under the “secret” stamp? Would they just lie about it, as usual?

    “able to stay on the same page” is great when you need to propagandize us and/or cover things up.

    “lots of arrests and charges” is neither an indicator of success nor considered a “bright spot”. Our prisons are filled with people who are innocent or have plea bargained their way to “justice”. “lots of arrest and charges” usually just means a great photo op and press conference for the agencies involved. How many politicians have tried to ride on the coattails of “lots of arrests and charges” that end up being travesties of “justice” or just plain political opportunism? Child porn arrests and charges, especially. In just my neck of the woods, Tony West, an Obama clone, comes to mind.

    We all know that the FBI likes to run stings and set up criminal conspiricies that they control. How many of these websites are actually government run sites? How many people are are actually being set-up by these governments? What sort of coercion is used after people have been entrapped?

    More importantly — what kind of secret activities, using the same type of bait and trap techniques, are the governments of the world using to stifle dissent?

    Sorry to be so worked up . .. .

  19. Adam Colligan says:

    @seedeevee: Firstly, I was speaking to the competence of those teams rather than their scruples. It was a response to @orionATL, who had speculated that the FBI couldn’t really seize people and equipment all over the world, and so they would release an exploit to scare everyone because they don’t have any real reach. Whether you think the people that multinational child pornography task forces reach are predators or just persecuted (as you imply) doesn’t change the fact that they *can* reach.

    Firstly, I think it is important to distinguish between child or other sexual exploitation cases and other types of cases (such as terrorism or prison gang control) when it comes to entrapment or the criminalization of what a person reads or receives. Emptywheel has drawn a lot of attention to absurdity in the latter arena, and the California hunger strike is also focusing debate on how much abuse is possible when subscribing to a magazine can get you indefinite solitary.

    But when it comes to child pornography, an important part of the harm *is* in the viewing, not just in the act that was filmed. I think it is a safe assumption that children who are sexually exploited are not, nor do they generally grow up to be, idiots who don’t know what the internet is or what is on it. It must be a continual and traumatic struggle to move on from abuse while knowing just how many people are gawking at it again and again.

    So of course it is still possible to play fast and loose with evidence or to entrap people. You could set up bait sites that appear to be legal with models over 18, serve underage images to people, and then lie about how they were presented to convince a jury that the person sought out illicit material. I don’t know whether that happens or not. But going after people who download images of child sexual exploitation to get their rocks off is not a witch hunt or a slippery slope the way it so often is with mosque infiltration, anti-prison-gang investigation, or even many leak probes. The difference is that the act of accessing the information *is* harmful in the case of child pornography, whereas in the other types of cases you could argue that authorities are overstepping their bounds by criminalizing a mere prelude to harm.

    So then this new question that you raise: is there reason to believe that law enforcement task forces, unable to make cases against actual child abusers, are sweeping up large numbers of people who are more or less innocent — who accidentally ended up in the wrong place, who were in an ambiguous web environment, or who were actively entrapped into downloading something that they did not understand was a pornographic record of child abuse? I don’t know for sure: I suppose it is possible, particularly if they are trying to pin down Tor users and are not being very astute or scrupulous about making inferences. That would be a scary thought for people like me who use Tor services all the time but would never want to contribute to the trauma of anyone’s abuse — our traffic must be mingled with child porn traffic all the time (the mingling is part of the point of the Tor network).

    But I have seen one statistic suggesting that this is not the case. According to the National Center for Missing and Exploited Children,

    “…Forty percent (40%) of those arrested were “dual offenders,” who sexually victimized children and possessed child pornography, with both crimes discovered in the same investigation. An additional 15% were dual offenders who attempted to sexually victimize children by soliciting undercover investigators who posed online as minors.”

    If 55 percent of arrests (not just convictions, but arrests) were of people who did abuse or did express an intention to abuse a child in person, then that would put a damper on the notion that child rescue task forces are casting out dragnets for careless or gullible watchers of internet porn in order to gin up numbers or new powers.

    Therefore, while I again have no insight as to whether there are illegal techniques involved in these investigations or whether there are innocent victims of either zeal or malice on the part of law enforcement, I think it is ignorant to act as though this whole sector of activity is some kind of conspiracy smokescreen. It also doesn’t make sense to try to say in one breath that somehow, simultaneously, an anti-exploitation operation is both (1) an act of PsyOps on the part of agencies too impotent to “get their man” in the real world, and also (2) a carefully-coordinated act of injustice on the part of the same agencies, who are nearly omnipotent and unlimited in their power to lock up or destroy anyone they don’t like. If that’s the way you feel, you don’t need to wait for Big Brother to command you to Doublethink: you’re already doing it to yourself.

  20. Jessica says:

    @Arbusto: your comment “The next step in turning neighbor against neighbor.” is right on the nose. The state can multiply their efforts by encouraging “see something, say something”. It’s a shame, b/c it requires the public to accept that the government means no harm, thus can do no harm, is the only entity that can protect us from harm and it is the citizenry that can cause it harm. Hence why we have to look out for them, instead of it being as it truly should: we need to look after one another, on behalf of the government inflicting harm. How much more unity and common ground we could find if we viewed the state as suspiciously as we view the “others” among us.

  21. Steve says:

    @Chris Harries:

    AQAP is essentially a linking of AQ of Saudi Arabia and AQ in Yemen. Yemen is very unstable, and Ansar Al Sharia until recently was able to control large swaths of land inside the country. Insurgency/Terrorist Campaigns work best in unstable climates and it is very easy to generate instability in Yemen. AQAP has made several large scale attacks in Yemen.

    Yemen isn’t all that different from Mali, right down to the point where you have a large portion of the country that wants to create its own state.

    Not really sure why you would suggest that AQ would not work against Yemen or the Saudi’s when we have examples of them working against both. Sure, AQ is supposedly focused on global jihad, but the MO recently has been to link up with more nationalist focused groups.

  22. seedeevee says:

    @Adam Colligan: Thank you very much for your response and the thought that went behind it.

    I feel you said a few things that need to be addressed.

    1) I did not imply anything but that you pulled out the “Child Porn” card in order to legitimize Government intrusion into our telecommunications and private “papers, and effects”.

    It wasn’t that long ago that one of the only public reasons the Border Patrol/Immigation could give for needing the passwords to you computer, etc., at the border, was because one was suspected smuggling “Child Porn” or “pirated” media. They don’t need any reason today.

    2) “an important part of the harm *is* in the viewing” — My impression of that statement is that you believe that their is some sort of inherent “harm” to the viewer in actually viewing child pornography. That seems to be some type of unsubstantiated mystical belief that belongs on a religious forum. But it’s all good.

    3) I still think my “propaganda” claim stands. — The “National Center for Missing & Exploited Children®” is funded, “in part, through a grant from the Office of Juvenile Justice and Delinquency Prevention, Office of Justice Programs, U.S. Department of Justice. ” I do not take their information as unbiased, just as I do not take info from NIDA, etc. as being unbiased. Any argument that relies on “arrest” records to prove crime rates is faulty at the start. “Arrests” mean nothing but how much work the cops are doing.

    4)” . . . while I again have no insight . . ” — Which is where the problem is. None of us have any insight. The people who have been entrusted to run these operations (secrecy based in general, not just the Child Porn stuff) have been shown, over and over and over, to be abusive, lying, manipulative and powerful. This is why I questioned your support for one of them.

    Thanks again for the response.

  23. joanneleon says:

    I get most of what you’re saying but I don’t understand why Alexander saying “Sitting among you are people who mean us harm” makes any sense.

  24. earlofhuntingdon says:

    Compromising Tor in such an obtuse, apparently overbroad way sounds like a routine computer crime on the part of the government. Where’s the prosecutor willing to take on such a case?

    Ever since Nixon and Reagan’s use of the “drug war” as a campaign in their culture wars, associating a political enemy with drug crime, child pornography, etc., whether true or not, is routine character assassination. (Actors, such as Noriega, who are with the program get a pass on such crimes when true, at least so long as they remain useful.) It is an attempt to make legitimate depriving the enemy of applicable legal protections, and, so the government hopes, beyond political support.

  25. Adam Colligan says:


    1) I think there is a way to get a strong clue in assessing whether a particular cyber-action is “about” child porn or whether child porn is simply an excuse to do it or to get the authority to do it. And that is to see what operation they actually blow the exploit’s cover on. Your statement makes perfect sense if this tool was installed supposedly to catch child pornographers and sharers and was then used to arrest marijuana growers or people buying fake IDs with Bitcoins. Since they essentially revealed the exploit in the course of rounding up people involved with child pornography rather than something else, it’s not conclusive proof of their motives, but it means the most likely explanation is that it really was about child pornography in this instance.

    2) I don’t think you actually read what I wrote there. It was specifically about harm to the victim. The recording of abuse likely amplifies the horror of the experience because of the victim’s knowledge that it will be broadcast for the world to see. And the knowledge that a market for recordings of your abuse continues to thrive — to know that it is being leered at somewhere in the world every day — likely makes the ongoing trauma of the abuse more difficult to get past, since it constitutes such a continuing violation.

    3) I think that even in the depths of your mistrust, you should be able to appreciate the direction in which you expect to be propagandized. If your theory is that they are entrapping or trumping up charges against as many viewers or internet passers-by as possible, then you would expect there to be a high ratio of viewership arrests to arrests of those who are actually physically abusing children or soliciting them. Then the conviction ratio would be much lower, because the evidence against most of the arrestees would be so weak. Since there is actually a very low reported ratio at the arrest stage, I’m not sure what your point could be. They are just lying about what the initial charging sheets said?

    4) When you mistrust someone, it may be rational not to take what they say as the truth in the face of some other evidence or logic, but it is also not rational to start believing the opposite of whatever they say in spite of other evidence.

  26. jawbone says:

    Re: Lake’s “clarification” of his conference call metaphor.

    So, now reporters use metaphors not to enhance the readers’ understanding of issues, but state them as hard facts in order to bamboozle them.

    Do they teach that in journamalism schools or is it training by the Surveillance State…for journos who want to keep their jobs?

  27. JThomason says:

    TOR is not the only game in town. There are numerous commercial VPNs and proxy servers promoting anonymous web access.

Comments are closed.