FBI claims that Tor stymied child abuse investigation

Filed Under: Law & order, Privacy, Vulnerability

Child alone, courtesy of ShutterstockIn at least one case, the US police's hunt for online child abuse images has been stymied by Tor, a Freedom of Information Act (FOI) request has revealed.

The FOI request, which was originally for all Justice Department records mentioning the Silk Road marketplace (a site that National Public Radio has referred to as the "Amazon.com of illegal drugs"), was made by MuckRock's Jason Smathers.

According to the FOI documents, a citizen reported stumbling on a cache of child abuse images while browsing anonymous Tor sites, viewable with specialized, hard-to-come-by tools and the .onion domain, while he was searching for the deep-web location of the Silk Road:

FOI document excerpt

He visited the Tor directory at the following site: [expunged]. At this site, he noticed a link to 'adult' websites and clicked on it. He noticed a link on the next page for 'TSCHAN' which he recognized to be a hacking affiliated group. When he clicked on this link, he saw pictures he described as child pornography. He said it looked like child pornography because he could tell the subjects were very young with some in diapers. All were still images, no videos, and he said most showed the children posing for the pictures.

Investigators were unable to determine the origin of the pornography's host, as they described in a Detroit field office 2011 FBI Complaint/Assessment Form that was part of the FOI documents:

FOI document excerpt 2

Because everyone (all Internet traffic) connected to the TOR network is anonymous, there is not currently a way to trace the origin of the website. As such no other investigative leads exist.

Tor, a free, open-source program, bestows online anonymity via a circuit of multilayered, encrypted connections routed through a worldwide volunteer network of servers in order to conceal a user's location or usage from anyone conducting network surveillance or traffic analysis.

In spite of the investigators' despair, however, it's quite possible to bust Tor communities.

One recent example is "The Farmer's Market," an online narcotics store that hid its operations with Tor. The Farmer's Market was brought down in April.

Tor projectGranted, Tor was incidental to that bust.

As the indictment laid out, authorities were aware of the Farmer's Market's use of Hushmail - a service based in Canada that offers PGP-encrypted e-mail, file storage, vanity domain service, and instant messaging - before the operation was moved to Tor.

And as Naked Security reader HushFail commented at the time, Hushmail only protects users until law enforcement whips out a badge.

Hushmail has in the past turned over cleartext copies of private email messages associated with multiple accounts at the request of law enforcement agencies under a mutual legal assistance treaty between Canada and the US, such as in the case of US v. Tyler Stumbo.

Another factor in the Farmer's Market bust was payment processing via means that included PayPal - to an agent with the US Drug Enforcement Administration, no less.

Clearly, some law enforcement agencies find ways to track down their prey, even if the suspects are using Tor.

But as Tor Project development director Karen Reilly told Ars Technica on Tuesday, there are non-Tor-specific means of getting through Tor, beyond tracking suspects through Hushmail or PayPal.

Tor Project members regularly meet with law enforcement to explain how Tor works and to direct them to these vulnerabilities, Reilly told Ars in an email exchange:

Saying that you have no leads is ridiculous. … Hidden services are just like a street address. You can't break an address. You can break the doors or windows of the house at that address. An attack on a .onion and a .com are the same. The usual PHP vulnerabilities to SQL injection and the like are applicable.

AnonymousAnd as Ars pointed out, such are the vulnerabilities Anonymous used to take down Tor sites in its Operation Darknet anti-child-abuse-websites effort.

That Anonymous operation succeeded in taking down 40 child abuse sites, including Lolita City, in October 2011.

Anonymous managed to crack Tor to not only bring down the abuse sites, but also to publish account details of 1,589 users from the site’s database.

Obviously, Tor anonymity is not foolproof.

Tor itself warns about one vulnerability on its site:

Be aware that, like all anonymizing networks that are fast enough for web browsing, Tor does not provide protection against end-to-end timing attacks: If your attacker can watch the traffic coming out of your computer, and also the traffic arriving at your chosen destination, he can use statistical analysis to discover that they are part of the same circuit.

That means that a potential eavesdropper on an end user’s network may be able to analyze the patterns of data being returned and may be able to make a reasonable hypothesis about the source of the communication.

Such a technique wouldn't help the FBI unless they already knew enough about their suspects to plant an eavesdropper on their network, of course.

But in sum, it seems that there have been multiple unmaskings of Tor users, whether it's by the means employed by the multinational task force that cracked the Farmer's Market or the vulnerabilities exploited by Anonymous.

If they can do it, it's hard to see why the FBI can't.

Child alone image, courtesy of Shutterstock.

, , , , , , , , , ,

You might like

42 Responses to FBI claims that Tor stymied child abuse investigation

  1. There is NO good reason to even use TOR. We all know the only people who use it are the folks who are paranoid and the folks who plan to do some illegal crap with it. I support the government 100% if they decide to take these kinds of programs down.

    • Michael · 809 days ago

      What you 'know' is slightly wrong. My own study reveals the majority of Tor usage (during peak usage) is in response to the proposal and passing of copyright legislation: Link here

      Beyond that, there's no way either of us could make any informed assumptions about why people use it, unless you've actually browsed the .onion darknet, done extensive primary research and gathered hard figures.

    • Orly · 809 days ago

      Or also some people who actually need protection from their government. Tor was heavily used in the Arab Spring and helped make the revolutions much less bloody.

    • FatBob · 809 days ago

      I've never needed TOR myself, but the existence of TOR and software like it is absolutely essential to maintaining basic freedoms for people living in less enlightened regimes. Some might argue that's most of the world's population.

      • David Pottage · 808 days ago

        Tor is also usefull when filtering goes wrong or becomes too restrictive.

        On my celphone, my network is legaly obliged to to run a restrictive family friendly filter for all costomers unless they opt out and prove their age. With the filter in place, you can't even check your National Lottery numbers, let alone look at any pr0n.

        So I opted out, an proved my age, the problem is that the network's database of which subscribers have opted out frequently goes down, and when it does the fail safe is to filter everyone. After this happend about a dozen times, I intalled Orbot from the Android marketplace and use it whenever I get filtered.

    • Richard · 809 days ago

      The common mating call of the oppressive tyrant: "Only those with something to hide want privacy."

      If the government insisted that they needed to install security cameras in every room of everybody's house, just to make sure they weren't doing anything illegal, would you accept that? Would you be happy knowing that some low-wage tech-monkey was watching you go to the toilet?

      No? Then you must have something to hide. What perverted, disgusting and illegal things do you get up to in there? Now we *really* need to install those cameras, just to find out why you don't want us watching you.

    • Machin Shin · 809 days ago

      Wow, it must be nice in that pretty castle you have built for yourself in fairyland. Sometime you should think about poking your head into the real world. There are plenty of uses for TOR. You ever actually think about the fact that what is MORALLY right and what is LEGAL are not always the same?

      So yes, it is illegal for a guy in China to speak out against his government this does not make it wrong.

      You put far to much blind faith into government. That is sadly how most people are these days. Stop and take some time to look around. Even here in the USA it is disgusting how the government tramples the rights of the citizens.

    • njorl · 809 days ago

      Sorry to rise to it, but, no!

      There need not be a complete overlap between what an individual considers immoral and that with which he would not wish, publicly, to be associated. Additionally, the individual may have perfectly legitimate motives for exploring something of which he, himself, disapproves, but hold no reasonable expectation of said motives being commonly accepted.

      What you call paranoia is, more likely, an intelligent balance between the (likely quite small) probability of one's activity coming to light, times the resulting costs of its doing so (plus some arbitrary value for peace of mind), and the (relatively low) actual cost of employing TOR.

      Most of us know that most of us value our privacy!

    • Ace · 808 days ago

      Folks, an enemy of privacy spotted...

    • kosign · 808 days ago

      There is an incredibly good reason why people use TOR networks, for the reason they are designed; anonymity. How do you think the Arab Spring happened? How do people whose government actively spy on communicate? Iran stole a root CA and signed rouge facebook and gmail certs to spy on their citizens. Should we be denying users in China from bypassing their governments totalitarian web filter?

      TOR has its place as do other secure networks on the internet. I would never support the US government trying to take down systems on the internet that are outside of their jurisdiction by law and common sense.

    • Ocean Midge · 808 days ago

      While we're at it, why not strip search every single person who wants to board a plane? Only people with bombs and drugs will object, surely?

      You want to have a password on your email account? Why? Got something to hide?

      • Randy · 807 days ago

        "why not strip search every single person who wants to board a plane?"

        Actually the TSA isn't very far from doing that right now.

    • Lance ==)------------ · 808 days ago

      I'm not planning to do anything illegal, I' m just paranoid. Fortunately, there's nothing illegal or immoral about being paranoid.

      Given the state of the legal system today, no one can even breathe without breaking at least one law. As such, it's not about whether I have something to hide, but whether the law(s) against what I am innocently doing will be enforced today.

      Further, while it is unconstitutional to pass "ex post facto" laws, there is no such restriction on enforcement of laws that are typically winked at.

      Lance ==)-----------------

      -=[ I love my country; it's my government I fear. ]=-

    • Taaalls · 486 days ago

      There are a lot of beneficial freedoms in society that we could remove for the sake of catching criminals. China has already removed quite a few, and it has worked in helping control crime.

      The problem is that those who would do the right thing even without the law forcing them into it don't deserve to have such freedoms taken away, and they should be able to enjoy those freedoms without government micromanaging them. We don't punish the innocent for what the guilty do. Well, maybe the left loves such regression, but the rest of humanity prefers to progress in human rights and freedoms.

      Unfortunately, freedom depends upon people doing as is right even when they have the freedom not too, even when they can get away with not doing as is right.

      In our nation a reverence and fear of God used to be pretty strong even upon those who did not really practice a growing in their faith. However, today where people largely reject God altogether or are complacent about the judgement of God, we're seeing more and more problems to a point where what you say may very well happen. Only it won't be merely taking down sites like Tor, it will be an all around systematic destruction of privacy and liberty.

      There are corrupt people and those who will want power and money at any cost, but their damage to freedom is nothing like the minor and petty criminals who take advantage of granted freedoms to harm others. Nothing is more dangerous to liberty, to personal freedom than those who take advantage of liberty to harm others.

    • Anarchist · 331 days ago

      I use TOR and I am NOT a criminal.

      I use it to keep in touch with family members ad friends without revealing my true location.

      This is to protect myself and family from a dangerous stalker.
      Police can't do anything until the stalker commits another crime then they add the stalking charge on them.

      The government cannot take down TOR or the like. It is decentralized.
      It would take a planetary wide effort to bring it down and even then TOR would still exist 'someplace'.

      I do not support ANY government as I believe in true anarchy.
      All governments do is take your money and your freedoms away.

      Like with any tool, and TOR is a tool, people will abuse it from time to time.

      It is illegal in certain countries to access most of the 'outside world' via the internet. TOR allows them to see the truth and not what governments want them to see.

      So, TOR in those countries would be illegal. Would you deny them the right to know the truth or what their government wants them to know?

      FYI: TOR isn't the ONLY program out there either.

      • Joey · 82 days ago

        Actually, it would be relatively simple to take down Tor. Strip their funding. Guess what, the government provides about 60% of their annual budget. Stupidly, and like many things the government does, contrary to their own good.

    • chuck · 189 days ago

      There are plenty of reasons to use TOR. I am sick of being tracked and chased by flower companies and "Get best term rates now!!" snooping pricks. If I visit a Carnival site, is am swamped with blue sunset ads for weeks even with blocker and malwsre and Norton and the rest. I want to be invisible to the places I browse.

  2. paranoid android · 809 days ago

    Please also keep a log of all private conversations and forward it monthly the the U.S. gov't even if you are not a citizen---unless you have something to hide.

  3. A user · 809 days ago

    Why not use good old fashioned humans? Get on the sites and pretend to trade with a couple of other agents and talk about how great the material is and let the perps come to you asking for what you have. Once you get them communicating it should be relatively easy to lure them into an identifying transaction or communication.

  4. fredz · 808 days ago

    The sections of the FBI document you quote give the impression that the FBI made no attempt to investigate the site; as soon as they learned that tor was involved, it seems they just dropped the investigation.

    "That means that a potential eavesdropper on an end user’s network may be able to analyze the patterns of data being returned and may be able to make a reasonable hypothesis about the source of the communication."

    Surely what it means is that they would have to be able to monitor traffic at both ends of the encrypted tunnel that tor creates. In practice, the authorities might be able to use this to *confirm* the identity of a tor user (i.e. that suspect X is tor user Y), but it's difficult to see how they could *discover* the identity of a tor user in this manner.

    • Lisa Vaas · 808 days ago

      I think you're on to something, fredz. Reading that document, I got the impression that we were looking at the report of an FBI branch that might not have the technological wherewithal of other branches in the organization.

      • bob · 807 days ago

        Perhaps it's intended as fuel for a future proposal to ban TOR use in the USofA.

        Even if that's not the intentional primary objective, it would certainly make a good secondary objective from the perspective of the government.

  5. @Otaku2012: Wow, you may want to enlighten yourself a bit brother. You might find that TOR was invented to help circumnavigate censorship so that you could visit sites that were otherwise blocked by your Country of origin, perhaps if you pulled your head out of your ass you would notice that TOR just like every service will have it's mis-use's.

    Its not a service that is inherently evil, however it is the use of the service that could be good or bad.

  6. PopPop · 808 days ago

    @Otaku2012 I bet you lock your door at night. You must be paranoid that people want to get into your home. I will assume you have a meth lab in there.

  7. JoH · 808 days ago

    Ah well, the troll got us all going - i support the existence of Tor whatever the reasons someone has for its use.

  8. guest · 808 days ago

    Heaps of legitimate researchers use TOR to investigate things like malware and command and control servers without giving away their location.

    • True to some degree, but tor exit nodes announce that they're exit nodes; so while it does hide the investigator's location, the malware sites can easily feed tor exit nodes benign information.

      That being said, this is another good reason to use Tor: less likelihood of being hit with drive-by malware (especially if you have privoxy set to filter ads and dodgy content). Tor is, of course, highly subject to MITM attacks at the exit point as well.

  9. MyName · 808 days ago

    Please, dont feed the troll !

  10. Bruno · 808 days ago

    In response to @otaku2012 mail, I think this gentleman need to know the difference between privacy and illegality. People wanting privacy are not necessarily doing something illegal. Just like you using a handle instead of your real name for posting a response to this article which surely is not illegal there are many things we do where we want privacy. I sure do not want to people monitoring any naughty messages or pictures I exchange with my wife which is perfectly legal. Mr. @otaku2012 I am sure when you go and take a dump in the morning I am sure you do not want whole world to know what you do there even though there is nothing illegal in what you do in the privacy of your own john.

    We all have our little secrets but they are not illegal.

  11. Here is a post about - ToR Black Market Cybercrime Ecosystem i wrote a few days ago - http://uscyberlabs.com/blog/2012/06/11/tor-black-... Yesterday I de-mystified ToR hidden Services if anyone want's yo check it out - http://uscyberlabs.com/blog/2012/06/14/what-are-t... - ToR is a great service but people are scared to use it.
    In reality THEY - the forces that be don't want you to use it- It gives you privacy, they can't sell your Internet browsing habits to anyone because they can't track you. Yeah bad guy's use it WHY because it works - it keep gives you anonymity online - sorry I'm not a bad guy but when I'm searching for Hemorrhoid Cream or other medical stuff- I don't want Yahoo or Google to know about it- and to sell that information so my surfing experience will be better because I will get 14 Hemorrhoids adds in (every site) the next 24 hour of online activity.
    my 2 cents - give me privacy

  12. DAVID BROOKS · 808 days ago

    FBI claims that Tor "stymied" child abuse investigation...???
    "Stymied"...forgive this american but where in the artical does the FBI use this term???
    Is that like stubbing your toe and having to stop for a second for the pain to go away? Or is that your added term?
    What I see & hear is the good news reminder that if man made it man can break it…
    and the vulnerabilities that are used as an advantage by the bad guys are also vulnerabilities that eventually with bring them down...
    The bad news is the kids are still being abused...
    The most important point seems to be missed by all of the commentors before me...at least in their "comments' to be fair...
    Part of the focus is that children are "enslaved"...world wide by "sleaze bags"...making money for one from this negative traffic...

  13. David Brooks · 808 days ago

    part2: Tor's is deffinitely not the problem...it's just another "path" of access OF MANY the sleaze bags are using...
    I'm glad Tor exists...it actually has kept some nations more at liberty...
    THOUGH THE ARTICLE IS ABOUT SECURITY & SECRECY AND ENCRYPTED TRAFFIC AND THE ABUSE OF IT...
    AND LESS ABOUT FREEDOM AND LIBERTY BEING TAKEN AWAY...
    YOU MISSED THE POINT ABOUT THE CHILDREN'S LIBERTY AND FREEDOM AND PROTECTION...
    PLEASE DON'T BE HEARTLESS TO THAT ISSUE...
    (DB/ IT for a local PD & local Boys & Girls Club of America/ Dept of Justice TSORS trainee)

  14. david brooks · 808 days ago

    http://globalpublicsquare.blogs.cnn.com/2012/06/1...

    in light of the comments...found this article today..

  15. Is this part of building a case to outlaw tor? Whenever you want to drop a tor-related case, for whatever reason like manpower, blame tor. Then later you can claim tor blocked X cases and Y likely convictions, while arguing it should be illegal.

  16. Mark Fisher · 807 days ago

    This does not surprise me in the least - in my dealings with law enforcement agencies I have found them to have all the technical skills of a baboon.

  17. guest · 805 days ago

    The lack of technical skills is not the only problem with law enforcement. There is also a lack of access to quality training with respect to technical disciplines. And, of course, there is good, old-fashioned laziness.

  18. Internaut · 801 days ago

    Child porn has been an issue long before the Internet was born.

    Authorities had a hard time tracking down people who were sharing C-porn over regular modems and landlines. Before that, the perps published and sold magazines and photo series to the underground core. Many have been exposed, many convicted, but the battle goes on.

    Policing authorities seem to have it all bass ackwards. They go after those collecting the stuff. Why not go right after the people behind the cameras?

    I'd like to see Anonymous collecting and handing over concrete evidence of the Internet pond scum to the police, in whatever country the stuff originates and the other governments to put pressure on their neighbours to do the same.

    I hate to guess what the total world budget of all participating countries that investigate c-porn is, but I bet it is shameful compared to a politicians travel expenses, and miniscule compared to weapons for war. Instead of helping children, governments provide the tools that kill, injure, and maim children - the innocent bystanders in all of it.

    It's no secret that where most child porn originates is cash-strapped and corrupted countries like Russia, Poland, Ukraine, and Czechoslovakia. Many run by the Russian mafia.

    It would be interesting to re-investigate each quarter to see just what has improved in protecting the kids, without entering the bedrooms of the poor.

    • FYI · 503 days ago

      nb Czechoslovakia hasn't been a country in way over a decade.

  19. True Patriot · 367 days ago

    I use TOR to hide my location from a dangerous stalker. It is the only way I can keep in touch with friends and family.

    I wish TOR came with a MAC randomizer. And have the connections 'fractured' with each piece sent through a different server, culminating at one end.

    Any MITM attacks would only get a 'fractured' part and that info would be meaningless.

    It also would be nice to set an encryption level to what you want. If I felt I needed 16535 bit encryption I should be able to set it for that.

    Another observation is that most free wifi providers block tracert/traceroute.

    I am not sure why either.

    Best suggestion is to buy with cash a laptop, toss windows out, install linux (tails maybe), macchanger, and randomly use various free wifi providers.

    Of course, TOR is mandatory in that case.

    I also hear about 'netscrambler'.

    I wonder if there is any other free web mail that is better than hushmail.
    I have to use TOR and hushmail.

    PS that stalker is out for BLOOD. MINE that is. I turned them in for violating federal law and they face up to $300million in fines and up to 300 years in prison. So, I got to watch my back. Literally.

    • Hay You "There is NO good reason to even use TOR" I use it, and I do not got nothing to hide. I just don't like the idea of so many different ways people can see my info, As a dad and grandfather, I don't want to be part of a on going problem,(Kid-Porn Enabler) by using tor.so I have been looking into tor a lot more then when I first started, but we all are not bad just want freedom back.
      On the Fence,

  20. Dagon · 242 days ago

    I'm all about security and privacy, but to do it for criminal activity is repulsive. There are plenty of pivacy and security add-ons on Firefox not to even use Tor. I browse tor once a week looking to see how much closer the Gov. Is to stopping the criminals on Tor. That new Torzip is prob the best idea I have seen and also the new java enabled TBB.

  21. Joey · 82 days ago

    "Saying that you have no leads is ridiculous. … Hidden services are just like a street address. You can't break an address. You can break the doors or windows of the house at that address. An attack on a .onion and a .com are the same. The usual PHP vulnerabilities to SQL injection and the like are applicable."

    The author of that particular statement is missing a very important detail, or is more likely being intentionally misleading. Yes, websites hosted as hidden services may be vulnerable to certain PHP and SQL injection vulnerabilities (if PHP or SQL are used that is).

    So, with some hacking skill it may be possible to take down the site. Good, take down the site. However, what these sorts of attacks are very unlikely to accomplish, if the folks running the site have taken any precautions at all, is revealing the physical location or owners of the system. Which is kind of a problem for law enforcement.

    If you never find the people running the show, you can never hold them accountable, or prevent them from simply moving to another site.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

I've been writing about technology, careers, science and health since 1995. I rose to the lofty heights of Executive Editor for eWEEK, popped out with the 2008 crash, joined the freelancer economy, and am still writing for my beloved peeps at places like Sophos's Naked Security, CIO Mag, ComputerWorld, PC Mag, IT Expert Voice, Software Quality Connection, Time, and the US and British editions of HP's Input/Output. I respond to cash and spicy sites, so don't be shy.