The Story of the Pedophile-catching Hacker

missing30 writes "A Turkish hacker seeding usenet groups with trojan horses has made it a habit to hunt down pedophiles trolling the groups. The cases go back to 2000, with the mysterious good samaritan responsible for several arrests. The man now has tacit approval from the FBI for his actions." From the article: "At the urging of Montgomery Police Capt. Kevin Murphy, '1069' eventually turned over more and more information that led back to a computer owned by Bradley Joseph Steiger, who had worked as an emergency room physician in Alabama. The hacker's finds included information from Steiger's AT&T WorldNet account, records from his checking account, and a list of directories on his computer's hard drive where sexually explicit photographs were stored."

yeah

[misey]

that's awesome, and it may give those fbi agents a different view on things like the 2600 magazine, Off the Wall/Hook, and Emmanuel Goldstein.

But your honor...

[gwayne]

This hacker obviously planted that child pornography on my computer with a trojan, in an attempt to blackmail me, a promonent local physician...

Re:But your honor...

[legoburner]

Good point, if the defendant can prove they did not have absolute control over their computer, perhaps the charges are null and void. Only if the FBI were directly monitoring him after the tip off would he not be able to use that defense, and even then it can be argued that it was a hacker making his computer do it, making it look like him.

I think its great (preparing for flame)

[Keaster]

As I read the brief article it defiantly made me consider both sides of the story; however, in the end I side with my heart. Fuck the kid touchers, let em' rot. This guy could be doing some real garbage cracking, screwing with legit business and good people, but, he didn't. He went after the scum. I agree 100% with 1069. Go for it!

Before I get the crap flamed out of me I will remind, it's just my opinion.

Re:It's called a "search warrant".

[zecg]

Otherwise, anyone in ... say Russia for example, can crack your computer and search for child pornography ... and credit card numbers.

Also, they also can plant the pornography themselves, once they root the user's box.

Re:I say the ends don't justify the means.

[TheSkyIsPurple]

The difference is that the government was prosecuting the burglar already... they were pursuing him for a crime, which means they didn't approve his actions.
If they are not going after this guy, then they are approving his actions, and he's effectively working for them, and the evidence is subject to 4th ammendment protections.

At least that's how it looks in my head

Ah, yes, blackhat vigilantes...

[TheNoxx]

Normally I'd agree that taking the law into your own hands is not only illegal but a very bad idea; however, there are always exceptions. 99% of vigilanteism is a bad idea, as it does not entail people taking the law into their own hands to help others in a non-violent way, but usually runs from personal matters gone awry to the militant folks that "help patrol" the U.S.-Mexico border or other groups that believe it their duty to create a mob mentality when handling real or perceived threats (I can't help but add my favorite quote, from Men in Black of all movies: "A person is smart and intuitive; people are dumb, panicky, and dangerous animals").

The difference is, when it comes to pederasty, I can't really think of many methods I wouldn't condone to cull the abomination. However, many people make a great logical fault in believing that they need to make the rules based on the exception (people that try and use pedophilia as the means to creating whatever laws they want) or in believing that the exception must fall under the same rules as all other crimes in being found and prosecuted, lest authorities create abusive legislature on the pretense of catching child molesters.
There is a middle road in all things, and vigilanteism makes a fine one for this. You don't want to give police the rights to do what a blackhat does to find a pedophile, but you want the pedophile caught.

However, the case in point is an exception. The man lives in another country and the FBI, of course, won't and couldn't file charges, but I don't believe that this constitutes "tacit approval"... although the FBI may simply be trying to send a signal to the blackhat community that reads something like "Sweet Christ, we have no fucking idea how to use computers (Database? The fuck is that?), if any of you guys wants to give us a hand in catching these guys, by all means, go ahead. Do whatever you can."
The feds can't approve of someone breaking the law, obviously, or acknowledge that someone without warrants or CARNIVORE can do the job better than the ol' FBI. But they can turn a blind eye to it, if only for the crime of pedophilia and nothing else.

If I recall correctly, wasn't there a hacker group in the U.S. that did this in the late 90's or are still doing this? I distinctly remember seeing a few adverts and hearing a few inquiries about people who wanted to join up in the old hidden IRC rooms way back when. Ah, sweet nostalgia... days of linux shell accounts, little sleep, and keeping an extra machine running only OS/2 Warp, if only out of spite, back when code came so easily. Christ, my mind has addled.

Steiger's defense attorney must have really sucked

[John Jorsett]

My immediate reaction to this story was: if '1069' had the capability to break in to a computer to extract images, he also had the opportunity to plant the images there in the first place. A strong line of defense would be to assert that the anonymous 1069 is some sort of vigilante nut who gains access to the computers of innocent people, plants bogus evidence on them, then turns the victims in to authorities.

This whole case has so many holes that the defense could use, I'm amazed that they were able to convict. Stiger's attorney had to have blown it.

Re:But your honor...

[Anonymous Coward]

its the unprovable-without-confession arrousal that is the sick act.)

Arousal is not an conscious act, so how can it be a crime or an "act"? A device was made to measure "arousal" in men (measures blood flow to penis), it is not admissible in court:

http://skepdic.com/penilep.html [skepdic.com]
http://en.wikipedia.org/wiki/Penile_plethysmograph [wikipedia.org]

It is embarassing to admit, but I've experienced "arousal" in circumstances that I cannot explain sometimes. Around one male teacher when I was 14, even though I am not gay nor have never had the least urge to experiment. I have also experienced "arousal" as a teenager and adult with my maternal aunt, she is attractive. Yet I have not acted upon it. Nor do I obsess over it - I figure it is normal for a person to have thoughts/daydreams/arousals that are just out there. Arousals cannot be countrolled nor are they acted upon for the most part.

What should be condemned is someone who can't control themselves and act upon these sudden impulses or like the case for child pornography, cause others to act upon it (demand for more pictures, etcetera).

Mathematically, the ends justifies the means...

[themonkman]

If your doing something illegal, you should be punished if someone other than the police finds out and reports it, regardless of how they get the information. Now, if you had to break a law in your country to prove that someone did something illegal, you should be punished for breaking that law, such as trespassing. This man from Turkey broke no laws because he is not bound to our laws. US law is not universal. If he broke a law in Turkey, then he should probably be punished in some way for breaking that law, while keeping in mind the good he did by breaking that law. He should receive a less severe punishment, such as probation. If he broke that law for his own gain or selfishness (e.g. hacking for the purpose of identity theft or fraud) then he should feel the full force of the law in his country.

While I don't advocate hacking for any other purpose other than to expose threats in an ethical manner, I feel that the good that this man did to bring these pedophiles to justice cancels out the unethical act of hacking those pedophile's computers. Let us say an unethical act like hacking could be expressed in a negative number, such as -3. Let us also say that an ethical act of bringing pedophiles to justice is expressed as a postive number, say 5. You add the sums of the ethical and unethical acts, and together you get 2. The outcome of the actions, and their final sum measured says that in the end, his acts were positivly ethical, overall. Add that to the fact that he is not bound to our laws and opinions of what is right or wrong. This should be considered when forming your opinion on whether the ends justifies the means.

Re:But your honor...

[Sage Gaspar]

who at worst are shown simply to possess an image of an act (not actually participated in the act) no more or less heinous than videotapes of the twin towers falling and killing 3,000 people. (i.e. the images themselves are just images, its the unprovable-without-confession arrousal that is the sick act.)

As far as I understand, the rationale behind child pornography laws isn't the arousal, it's the implicit support of child pornographers. The Supreme Court struck down the parts of COPA that made virtual child porn illegal, and I'm guessing that virtual child porn has pretty much the same "arousal factor" as the real stuff.

Real child pornography is illegal because it damages the child. Your possession of it has, in a sense, made you complicit in its creation by giving them motivation. Basically, I think it comes down to that they're really looking for the person abusing the kids, not the deviant jerking off to it, but they need some leverage over the deviant to get to the people producing the images. Also, possession of large quantities of said pornography probably has a pretty high correlation to people that directly supported the making of it with their money or have actually perpetrated such acts in reality.

I'm not sure I agree with that stance, but it is a real tricky issue since legal minors are involved. I honestly don't know how I'd fix it.

Re:It's called an informant and it's totally legal

[Kadin2048]

There's a big difference here. Normally, when you have an informant, they either need to give the police enough information to go and do the investigation themselves and find the conclusive evidence; or, if they come up with the evidence themselves (or provide a lot of very specific information), then they usually have to go and testify in court.

In this case, the 'mystery hacker' basically came up with the evidence (he told them exactly where to find it, and he had ample opportunity to have planted it), but he's not in a position where he could easily testify. Because he had access to the defendant's computer (illegally), but can't come testify (because he's in Turkey, because the police don't know who he is, whatever), it seems like they're giving the guy a good defense that the evidence was planted.

It's just sloppy policework.

For a phyiscal-goods example, it's as if somebody dropped a dime on you and told the police that when they had broken into your car earlier in the day to steal your radio, they saw that you had a baggie of heroin in the ashtray. So the police go and arrest you, and find the bag of heroin. Without being able to track down the informant and get their testimony, or some form of physical evidence linking the bag to you in such a way that doesn't leave you with a planted-evidence defense, they have a pretty weak case. (Unless they can get you to confess, which is actually pretty common.)

I'll be interested in seeing what the outcome of this case actually is. If they guy doesn't negotiate some sort of plea deal, and the only thing they found on his computer was the porn that the hacker told them about, I think he has a pretty good chance of either getting off, or forcing the police to find some way of getting the hacker to come in and testify.

Allowing in evidence that was obtained in this manner would be a mistake, and justice wouldn't be served in the long run by it, even if the immediate consequence was letting the guy off the hook.

Re:Thank you, from a real-life boogieman

[Anonymous Coward]

Believe me, I find the thought of an abused child with a warped world view infinitely sad too, as does most other pedophiles (and most other people with their sanity intact). The point is that pedophilia is not illegal, because pedophilia is not an action. When you use it to depict an action, you advocate the criminalization of millions of perfectly law-abiding morally aware human beings. You are part of the process which indoctrinates these people into thinking "I am a pedophile, and all my life society has told me that pedophiles act such and such, so I guess I'm worthless and I'll act that way." No, you're not a bad person and you don't have to act that way. We have support groups [boychat.org] telling these people that, but we don't reach everybody. You couldn't imagine the suicide rate among young pedophiles. That is another thing I find infinitely sad.

Most child sexual abusers are not pedophiles (as in they're not attracted to children, but the child is just a convenient outlet of sexual frustration), and most producers of child pornography are not pedophiles (they are the Russian mafia, stone cold cynical when it comes to making money). Most pedophiles are not child sexual abusers. Please call a spade a spade; if you mean child sexual abusers, don't say "pedophile".

Re:Steiger's defense attorney must have really suc

[Konster]

I read from the court documents that the evidence collected was physical as well as digital, and that additional evidence...chains, cuffs, etcetera was collected from Steiger's home that also appeared in the photographs.

Re:I say the ends don't justify the means.

[Maxmin]

The other thing the Constitution says is that you have the right to confront your accusers. Ah, who is the accuser in this case? An anonymous person! Could the FBI and the police have made this person up? You don't know. Dilemma.

If the doc has any mettle, this case would likely go to the supremes, as clearly there are unanswered questions.

Re:Steiger's defense attorney must have really suc

[munpfazy]

Not true. Just like in other fields of forensics, you can tell when something has been modified. Therefore, even if the timestamps on the file were altered by the hacker, there are several ways they can still tell when the actual date was. There are alot more tools out there, software and hardware based, that can identify tampering.

Even if you can unambiguously date every file, that only makes a set up harder, not impossible.

Consider the following (rather extreme) thought experiment:

You create a trojan that downloads a bunch of child porn to some out of the way place on the infected computer and then removes itself. You selectively distribute it to individual users, so as to make discovery less likely. Perhaps you make it fairly smart, so that it hunts for directories containing legal porn and hides material there or in an analogously labeled place.

Then, ten months later, you release a very simple trojan that installs itself, looks for child porn using a very general search, and then reports what it finds. Make sure your victim gets it, and also post it to child porn usenet groups and other seemingly incriminating places in order to distribute it as widely as possible.

Then, when it finds the porn on your victim's computer, you go the FBI. Tell them what you found, and give them the source code to your new trojan. They take a close look at your victim's hard drive and find your trojan right where you said it would be, no other backdoors or exploits, and a 10 month old stash of kiddie porn.

I'm no computer forensics expert, but trying to prove that a machine has never been infected by software able to download material and then remove itself seems pretty close to impossible, at least if you don't know exactly what you're looking for. (Sure, there are security policies that would make such an identification possible, but I imagine a large number of home pc users don't employ them.)

If you're lucky enough to find a really tasty exploit in some exisiting software (like an unpatched browser) you might even be able to get by without ever writting anything (except the pornographic images) to the hard drive.

Now, I will readily agree this is a pretty extreme example. But, if it weren't for ethical constraints, I or thousands of other slashdot readers could pull this off, given a few months of work and a suitable victim (a windows user who's lazy about patches and doesn't run a good virus checker). There are plenty of personal grudges out there that would compel someone to go to this much trouble to set up a foe. And, if you are lucky enough to make friends with some organized crime types, you could probably turn a nice profit offering it as a service.

Now, if you really want to go to town and are willing to risk early discovery, you modify the user's software so that it adds a few MB of kiddy porn to every burned CD and DVD and then mounts them with a filter that removes any sign of their existence. Now the FBI finds physical media obviously burned and handled by the victim, containing child porn. Your victim is going to have a tough time explaining that he had no idea that the DVD he burned of legal porn also contained a directory called "young children" full of explicit images.

Re:Thank you, from a real-life boogieman

[Anonymous Coward]

Your numbers are pretty far off. Statistics show that 1 in 6 are 'molested' by age 16, 'molestation' being a rather broad term ranging from a single touch through clothing to extended abuse involving full-on penetration. Whatever the case, studies have shown that 1 in 10 men (9%) are sexually attracted to boys aged 10 and under and 1 in 5 (23%) are sexually attracted to girls 10 and under. One would guess that these percentages only increase as the age is raised into the early teens (hence the popularity of those like Brittany Spears).

So the number of potential abusers is HUGE, as is the market for kiddie porn. A friend of mine owned a business that offered usenet services to small ISPs and individuals and he had thousands of subscribers. In the three or four years he owned it I got to see the logs a few times. The kiddie porn groups were always amongst the most popular, and as soon as he would stop offering certain groups he would see a substantial drop in his user base. He finally closed his business out of feeling guilty for contributing to the spread of kiddie porn.

I think we as a society need to get past the taboo surrounding pedophiles (most pedophiles do NOT sexually abuse children) and focus more on 1) what exactly it is that causes them to become pedophiles (whether it be nature or nurture) and then ultimately 2) how to prevent future pedophiles from becoming pedophiles in the first place. It may seem impossible, but after all the dust clears from the hysteria we're experiencing now (largely fueled by the media) maybe we'll be able to be more constructive and move forward. As it stands we're just burying our heads in the sand and jailing kids in their homes.

Why didn;t the FBI get a warrant and log in

[DrSkwid]

As the target machines where infected with Sub7, why wouldn't the FBI get a warrant to access the trojanned machine themselves the Sub7 back door?

Gary McKinnon is "not a citizen of the United States and are not bound by our laws" and yet he was extradited to face trial in the US. He was accessing Pentagon, NASA, US Air Force and other DoD facilities in 2001 and 2002 the same time 1069 was breaking into private US citzen's systems.

As usual, it's one law for private individuals, one law for the poice.

a morally bankrupt response

[TomRitchford]

For all the reasons you've listed 1069 isn't performing performing any good, but a grave injustice.

Hard to believe a caring human being could hold such a morally awful position.

Looking at the facts of the case as stated, the result appears to be that two children were saved from sexual servitude or even horrible deaths and that two pederasts were jailed. If what we are told is true, justice was clearly done -- if you wish to refute me, please identify who is being unjustly treated. The childen? The criminals? The police? Please do not claim that you, as a representative of the "people", are experiencing an injustice, because you are not.

If this hacker really did present the police with information which would allow them to save two children from sexual abuse, what would you have wanted to happen?

I believe what you are actually claiming is that allowing law enforcement officials to operate in this fashion is illegal and would allow possible injustices to occur in the future. I agree that sometimes injustices must occur because of the "system", the rules that ensure fairness: this is not one of those cases.

Do you really believe that police shouldn't be allowed to use evidence gathered by criminals? Why? Exactly how do you think law enforcement works, anyway? Police routinely use informers, stool pigeons and the like -- why is this wrong? There are very specific rules on conduct, on admissability of evidence, and defence attorneys routinely and often successfully challenge the believability of such witnesses because of their poor character, but there's nothing intrinsically "unjust" in having criminals testify against other criminals, it happens every day.

In fact, it's not even clear that the hacker is doing anything that is illegal.

If the facts are as presented, the police had physical evidence linking the criminals with the children in question -- the possibly-unreliable hacker's information would be presented as corroborating evidence. It's interesting to note that the defense attorney did not in fact challenge the reliability of the evidence as gathered.

I might add that I'm very much a liberal and strongly support strict oversight of the police and limits to their powers. But this is not one of those cases I think illustrates any sort of problem, and worse, I think you seriously damage our case by screaming about "injustice" in a case where your mother or any common-sense person would see that justice was obviously done (if the facts are as presented in the short article in question).

Oh, and don't waste the Franklin quotation! It gets a little weaker each time we use it pointlessly. Save it for things where it really applies.

Re:a morally bankrupt response

[TomRitchford]

It is counterintuitive and on its face offensive, but the entire point of my post was that setting a precedent for circumvention of our legal and justice system is not justified by catching a few pederasts unlawfully.

What you said was that it was a "grave injustice". It was not: I proved it: you did not succeed in refuting that.

I'm not sure where these mentions of sexual servitude or horrible deaths are.

Why, it's in the referenced article that you didn't bother to read. The FBI investigator claimed that the hacker saved the lives of two children; the charges included "sexual exploitation of children".

That's not what the issue is here. The hacker (according to our laws, which are the ones we are trying to enforce)

The hacker is claimed by the article to be in Turkey, where this sort of activity is not illegal.

illegally intruded this downloader's computer and used it to gather evidence, that evidence was given to the FBI, and the FBI used it in court to prosecute the defendant. This is not a legal use of informant in any sense.

Sorry, you are wrong. Read here [wikipedia.org]about the exclusionary rule: "The Exclusionary Rule is designed to provide a remedy and disincentive, short of criminal prosecution, for prosecutors and police who illegally gather evidence in violation of the Fourth and Fifth Amendments in the Bill of Rights, which provide for protection from unreasonable searches and seizure and compelled self-incrimination." Note that the Fourth and Fifth Amendments protect individuals from search and seizure by the government, not by other private citizens.

The hacker is not "acting as the agent of the FBI" -- if you'd *read the article* you'd see that he simply provided anonymous tips that were later used to apprehend the criminals. Again, this happens all the time. Cocaine dealers turn in their upstream dealers; kidnappers turn in their accomplices; thieves rat on other thieves; in each case, they got their information during the commission of a crime. In fact, police routinely outfit criminals with a wire and use them to gather information which holds up in court -- this is far closer to the idea of "acting as an agent of the FBI" than simply an anonymous tipster is.

Again, I ask you -- what would you have wanted to have happen? Should the police have ignored the information and, according to the article, allowed two children to die horribly?