Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Bitcoin

Child Abuse Imagery Found Within Bitcoin's Blockchain (theguardian.com) 321

German researchers have discovered unknown persons are using bitcoin's blockchain to store and link to child abuse imagery, potentially putting the cryptocurrency in jeopardy. From a report: The blockchain is the open-source, distributed ledger that records every bitcoin transaction, but can also store small bits of non-financial data. This data is typically notes about the trade of bitcoin, recording what it was for or other metadata. But it can also be used to store links and files. Researchers from the RWTH Aachen University, Germany found that around 1,600 files were currently stored in bitcoin's blockchain. Of the files least eight were of sexual content, including one thought to be an image of child abuse and two that contain 274 links to child abuse content, 142 of which link to dark web services. "Our analysis shows that certain content, eg, illegal pornography, can render the mere possession of a blockchain illegal," the researchers wrote. "Although court rulings do not yet exist, legislative texts from countries such as Germany, the UK, or the USA suggest that illegal content such as [child abuse imagery] can make the blockchain illegal to possess for all users. This especially endangers the multi-billion dollar markets powering cryptocurrencies such as bitcoin."
This discussion has been archived. No new comments can be posted.

Child Abuse Imagery Found Within Bitcoin's Blockchain

Comments Filter:
  • Wow (Score:5, Interesting)

    by AlanObject ( 3603453 ) on Tuesday March 20, 2018 @12:51PM (#56291523)

    So -- someone is going to declare that hundreds of millions of people world wide woke up this morning and are suddenly prosecute-able criminals and have been ever since that content was added to the blockchain? That should interesting to see how they work that out.

    • To be clear, buying or owning bitcoins doesn't require you to possess the entire blockchain, right? You only have a key to a wallet so the hundreds of millions of people involved in bitcoin probably aren't affected although the various miners and ledger guys (I don't know the terms) are the only ones who should be worried.

      p.s. I don't own any bitcoins so please correct me
    • I'd like to see the US government try and prosecute some folks... then maybe society will finally realize that the whole "crime without intent" thing is bullshit, and we can go back to having an at least half-assed functioning due process.

      Or the government will succeed and we'll all be totally fucked

      • by raymorris ( 2726007 ) on Tuesday March 20, 2018 @02:48PM (#56292491) Journal

        The federal law on the matter is 18 U.S. Code  2252A. It says it's illegal to KNOWINGLY send and receive child porn. Anyone who doesn't know it's there has not committed a crime. Even having read the summary, I know that the chain contains a) porn and b) links to child porn. I don't know/remember if it contains child porn, so it's not illegal for me to send or receive it.

        Also, as confirmed in ELONIS, mens rea (guilty mind) is still required. To be criminally responsible for any action, one would have to intend to do something bad. That's true by default unless the statute for a particular crime specifically lays out a different treatment of mens rea for the elements of that particular crime. Since 2252 doesn't specify otherwise, the standard mens rea rule applies and one is not guilty unless they were they had guilty intent, unless they were trying to do a bad thing.

        • The federal law on the matter is 18 U.S. Code  2252A. It says it's illegal to KNOWINGLY send and receive child porn. Anyone who doesn't know it's there has not committed a crime.

          Now that it's been made public knowledge that the Bitcoin blockchain contains illegal child abuse images, if you continue to maintain a copy on your computer you won't be able to claim that you didn't know it contained illegal child abuse images. So yes, now that you are fully aware of the presence of illegal material in the blockchain, you cannot claim ignorance in regard to sending or receiving that material.

          I get that there's a way the law is supposed to work; I hate to break this to you, but it doesn't

    • Selective enforcement.
  • by mysidia ( 191772 ) on Tuesday March 20, 2018 @12:58PM (#56291569)

    Does possession of a blockchain count as "possession of every possible image that could be derived from it"?

    Probably not. To get the "file" or "image data" you need the Blockchain PLUS some 3rd party tool, which is not part of the core implementation of the BTC protocol.

    If you've never used the tool, then there is no way you could produce the image.

    • by PPH ( 736903 )

      you need the Blockchain PLUS some 3rd party tool

      Like a web browser? Now who would have one of those?

    • Does possession of a blockchain count as "possession of every possible image that could be derived from it"?

      Better make deriving pi illegal, you can derive every possible numerical combination from it.

  • by Qbertino ( 265505 ) <moiraNO@SPAMmodparlor.com> on Tuesday March 20, 2018 @12:58PM (#56291571)

    Ban Cryptocurrency! ...

    I guess some academic nobody needed attention.
    Well, he did get his 5 minutes.

  • by Cajun Hell ( 725246 ) on Tuesday March 20, 2018 @12:59PM (#56291579) Homepage Journal
    This is one of the best long-con trolls that I think I have ever heard of. I wish I could claim responsibility for this masterpiece, and I don't even hate Bitcoin!
    • by Bradmont ( 513167 ) on Tuesday March 20, 2018 @01:06PM (#56291665)
      Of course there are perverts out there that would do this sort of thing, but one of my first thoughts was : Maybe it was someone in the banking industry trying to discredit a competitor. And I'm not even a bitcoin fanboy!
      • Of course there are perverts out there that would do this sort of thing, but one of my first thoughts was : Maybe it was someone in the banking industry trying to discredit a competitor. And I'm not even a bitcoin fanboy!

        I don't think banks are the ones with the most to gain by manipulating the price of bitcoin right now.

      • by eepok ( 545733 )
        Same here. I think cryptocurrency is a fleeting scam with little real world potential (let alone current utility)... and STILL I think this smells like a dark prank or frame job.
      • 17 Trillion [bankbryancave.com]. And that's just America. If all the bitcoins in the world are mined and they're worth $20k a pop they'd be worth $420 billion (based on 21 million being the estimated max # of bitcoins). The bank industry could buy out and/or crush bitcoin any time they want. They're not behind this.

        This is probably just an offshoot of the illegal activity bitcoins are used for. Folks think (wrongly) that BTC is untraceable. So they do dumb things with it.
    • by Nidi62 ( 1525137 ) on Tuesday March 20, 2018 @01:20PM (#56291809)

      This is one of the best long-con trolls that I think I have ever heard of. I wish I could claim responsibility for this masterpiece, and I don't even hate Bitcoin!

      It would be interesting to know how far back in the blockchain it goes. Was it added in before bitcoin blew up? If so, then it sounds like someone was hoping they found a new way to disseminate or sell/buy CP. IF it's more recent, then it possibly could be an attempt to discredit bitcoin or, as you say, a troll from an anti-bitcoin person.

    • It's well-known that governments dislike the concept of a currency that they don't control, and that various secretive TLA agencies possess big bags of dirty tricks, so...

      With a quick stroke of the "think of the children" brush, they can marginalise Bitcoin and, by extension, all other crypto-currencies, and be seen to be doing so for the highest, "moral" reasons.
  • by Joe_Dragon ( 2206452 ) on Tuesday March 20, 2018 @12:59PM (#56291583)

    now the feds can pull the CP line on any bitcoin user and force them into any plea deal that is good for the FEDS.

    • Re: (Score:2, Interesting)

      by Anonymous Coward

      now the feds can pull the CP line on any bitcoin user and force them into any plea deal that is good for the FEDS.

      Makes you wonder who put it there in the first place....

      • I had to scroll a long way to find this post, but it seems so obvious. Literally, what, one day after the US tries to make Venezuela's cryptocurrency illegal?

  • by sinij ( 911942 ) on Tuesday March 20, 2018 @01:00PM (#56291589)
    Bedobear coin ICO in 1..2..3
  • Wikileaks? (Score:5, Interesting)

    by VeryFluffyBunny ( 5037285 ) on Tuesday March 20, 2018 @01:03PM (#56291633)
    It seems to me like Bitcoin would be a great place to publish leaked documents and perform whistle-blowing activities. That could be one actually useful purpose for blockchain :)
  • by RobinH ( 124750 ) on Tuesday March 20, 2018 @01:05PM (#56291657) Homepage

    For a moment a few years ago I was interested in some kind of crypto messaging system loosely based on the concept of BitTorrent (I forget the name, like BitMessage or something) but your PC, acting as a node, basically got a copy of every message, encrypted, and your client could only decrypt the messages that were encrypted with your public key, so you could only read your mail. So far so good... if your PC had a copy of a message with illegal material in it, you'd have plausible deniability - there's no way you could read it without the recipient's key so no (sane) court would convict you for possession.

    The problem is the system also supported broadcast messages. So I could write a message encrypted with my private key, and everyone who had my public key could decrypt it. It offers a way of authenticating that a certain person sent a message. The problem is, now I've potentially got illegal content on my PC and since the key to decrypt it is public, I can no longer claim I can't read it. Any forensic group could grab my PC and "prove" that it had illegal content on it very easily. In fact, it allows someone to plant easily provable illegal content on everyone's PC. Bad idea.

    I brought up this issue, but nobody on the forums took it seriously. I gave up on the whole idea after that. Seems to me the idea of allowing random text into the blockchain is an obviously bad idea. I didn't even realize that was possible.

    • That is an interesting story- thank you for sharing. I guess a consideration when starting a new software project should always be how others will abuse it. Its sad, but the example at hand shows that people are infinitely inventive when it comes to finding ways to ruin a commons...
    • by Kjella ( 173770 )

      So I could write a message encrypted with my private key, and everyone who had my public key could decrypt it.

      That's just not how public-private key cryptography works. You can sign it with your private key and others can verify that signature, but it doesn't take any key to read the contents. In any case, it looks like this could be trivially solved by adding some kind of symmetric encryption key to the "public" feed that you may share only with friends or some closed group. Those who want can just post it publicly like here's my feed: keyId = 123 & accessKey = "abc", but it wouldn't be reasonable to ask you t

      • by RobinH ( 124750 )
        My memory is a bit funny, but I don't think there's anything that prevents you from encrypting with your private key [stackexchange.com]. In fact, I believe signing is just creating a hash of the message and then encrypting the hash with your private key. As the receiver, I computer the hash on the message, then decrypt the signature with your public key and validate it matches the hash I calculated. However in this case I believe they were encrypting the entire message with the private key. Again, it's been a while.
      • It is _precisely_ how such cryptography can work. It would be unusual: It's much more common to simply sign such messages with the private key, so that the public key can be used to authenticate it. But there's nothing preventing the requirement of a separate, public key to decrypt it. Think of it as swapping the normal private and public key usage of the receiving party.

    • I brought up this issue, but nobody on the forums took it seriously. I gave up on the whole idea after that. Seems to me the idea of allowing random text into the blockchain is an obviously bad idea. I didn't even realize that was possible.

      Let me guess, some jobless pedantic nazi took issue with "forums" and argued for "fora" to be the correct word. Right?

    • I brought up this issue, but nobody on the forums took it seriously.

      Cryptography forums or legal forums? You could get vastly different results between the two.

      • by RobinH ( 124750 )
        I believe it was the forum and/or newsgroup related to the development of the messaging protocol itself.
    • From TFA:

      This is not the first time warnings over the ability to store non-financial data within the blockchain have been issued. Interpol sent out an alert in 2015 saying that “the design of the blockchain means there is the possibility of malware being injected and permanently hosted with no methods currently available to wipe this data”. The agency warned that the technology could be used in the “sharing of child sexual abuse images where the blockchain could become a safe haven for hosting such data”.

  • Sure, it's transparent and immutable, but once data is added -- correct or not -- it's there permanently. There still needs to be a method for correcting or removing data.
    • by religionofpeas ( 4511805 ) on Tuesday March 20, 2018 @01:20PM (#56291811)

      There still needs to be a method for correcting or removing data.

      Just. No.

      The whole system is based on the fact that you can't do that.

    • by mysidia ( 191772 )

      Sure, it's transparent and immutable, but once data is added -- correct or not -- it's there permanently. There still needs to be a method for correcting or removing data.

      This goes against the whole idea of having a decentralized universally-verifiable trustless ledger.

      Even if Bitcoin did not provide any way for future extensibility or to add extra data to a transaction: You could embed arbitrary databits using Vanity addresses, SegWit transactions, and some of the integer fields --- or even use c

      • by Dwedit ( 232252 )

        Non-ledger data shouldn't have been allowed in the first place, but then you have the problem with steganography as a way of embedding secret data in there.

  • Shouldn't it be fairly simple to determine when this was added to the blockchain? My assumption was this was injected early on, when single systems still had a decent chance to write a block. If we know when it was injected, we should know the wallet to which coins were issued to, then there's a decent probability this could be traced back to the individual running the system, who may (or may not) be responsible.
    • by chispito ( 1870390 ) on Tuesday March 20, 2018 @01:32PM (#56291903)

      Shouldn't it be fairly simple to determine when this was added to the blockchain? My assumption was this was injected early on, when single systems still had a decent chance to write a block. If we know when it was injected, we should know the wallet to which coins were issued to, then there's a decent probability this could be traced back to the individual running the system, who may (or may not) be responsible.

      It doesn't matter if you find who did it, the--likely intentional--damage is done. This is was likely done to manipulate the value of bitcoin by demonstrating a very real problem with the technology. If you really want to find out who injected some of this content, look into why the university performed this research. Maybe somebody tipped them off.

      • by mentil ( 1748130 )

        The persons who injected these files likely would've publicized the fact, if it was done to demonstrate a flaw with the ability to post arbitrary data to blockchain. That we're only hearing about it now suggests not.

        • The persons who injected these files likely would've publicized the fact, if it was done to demonstrate a flaw with the ability to post arbitrary data to blockchain. That we're only hearing about it now suggests not.

          It's called a poison pill. For it to work, you need the patient/victim to swallow the pill first. If they publicized this when they first did it, people would have been on the lookout, updated the tools to make it visible, and adopted a policy of rolling back "bad" commits. Now the blockchain is irrevocably (probably) tainted.

  • This is beside the point, but I know little about the blockchain other than it requires massive computation to modify. Does it also require a massive amount of computation to extract these images and links? If so, is this maybe why it hasn't been found and reported, publicly at least?
    • by mysidia ( 191772 )

      The Blockchain is a 152 Gigabyte file.
      While anyone could technically download it --- automatically extracting data from it would be quite a chore.

  • Drugs and Child pornography are two things that, at least in America, you're basically guilty until proven innocent. It doesn't help that, like it or not, the main use for bitcoin right now is buying illegal things and laundering money.

    This needs to be nipped in the bud fast, but I'm not sure how. Once the feds come down it'll be too late. The time to self regulate is before then.
    • Drugs and Child pornography are two things that, at least in America, you're basically guilty until proven innocent.

      Might not incidents like this one, become part of the reason for a change? Imagine you were on a jury tomorrow.

      Some people point out that this shatters the dream that Bitcoin could be a way to move finances beyond the law. But where did that dream come from? It came from the ridiculous assumption that people have freedom of speech. Embedding CP in the blockchain doesn't so much expose the blo

  • The article appearing adjacent to this in slashdot's feed is indistinguishable from paranoia. Except it's not paranoia if they really are out to get you.
  • That's the beauty of blockchains, isn't it? You can trace transactions back through the chain. OK, so the source is an anonymous wallet address. But one can find other occurrences of that address and eventually trace it back to something that occurred in meatspace.

    • But one can find other occurrences of that address and eventually trace it back to something that occurred in meatspace.

      Unless no other activity was conducted with that wallet, in which case it's untraceable.

      Or if lots of other activity was conducted with that wallet but none of that activity is traceable.

      Basically a wallet is only traceable if the person using it doesn't put any effort into protecting their anonymity.

  • I imagine in some jurisdictions, Mens Rea will apply to the local CP possession law. So people there will be able to possess the blockchain so long as they're unaware of what's in it; likely, even then, it'd be excusable so long as one is plausibly only interested in the blockchain for necessary administrative reasons.

    More relevantly, one can use/own Bitcoin or other cryptocoins without downloading the entire blockchain, it just might cause problems for miners or exchanges in certain places. That said, the

    • by green1 ( 322787 )

      I imagine in some jurisdictions, Mens Rea will apply to the local CP possession law. So people there will be able to possess the blockchain so long as they're unaware of what's in it; likely, even then, it'd be excusable so long as one is plausibly only interested in the blockchain for necessary administrative reasons.

      While a good theory, all rationality tends to go out the window when CP is involved. And even if you were found innocent, your life would still be irrevocably ruined just because you were accused in the first place.

  • by 140Mandak262Jamuna ( 970587 ) on Tuesday March 20, 2018 @02:05PM (#56292185) Journal
    I checked out, what appeared to be an innocuous book on the History of the Pennsylvania Railroad Steam Locomotives.

    But I found someone has underlined strange and apparently random letter in page 33. When I transcribed all those underlined letters, it revealed links fo dark web, illegal porno content etc. I hurriedly returned the book. Anyone caught with that book is in for it ....

  • Stenography has long been used to hide information within other files. ( text files, video, audio and static imagery )

    I can hide entire images or links to whatever I want within any carrier file I want ( and even encrypt it ) and the world hasn't stopped spinning because of it. . . . .

    So the only reason this gets any attention at all is because crypto-currency is pretty much the buzzword of the day.

  • by 140Mandak262Jamuna ( 970587 ) on Tuesday March 20, 2018 @02:23PM (#56292303) Journal
    After he published the first dictionary of the English language, a high society lady thanked him. "Thank you, Mr Johnson, for leaving certain unsavoury words out of your dictionary!". Johnson replied, " I am shocked, m`lady! You knew them and were looking for them!?".
  • Now it's a story on Slashdot. I mean, come on. It's a PERMISSIONLESS distributed database. That anything other than a transaction amount was even allowed to be written was pure fucking lunacy and a vulnerability in and of itself.

  • Based on the strings at https://bitcoinstrings.com/all [bitcoinstrings.com], it appears someone encoded the entire Hidden Wiki main page's text into the chain. Is this the abusive content they're referring to?
    • Old news... From the actual block chain itself:

      "http://cointelegraph.com/news/113806/warning-kaspersky-alerts-users-of-malware-and-blockchain-abuse

      Warning! Kaspersky Alerts Users of Malware and 'Blockchain Abuse'

      Kaspersky Labs warns users of a possible exploit in cryptocurrency blockchains
      that would allow malicious actors to distribute malware or even images
      depicting child abuse.

      The warning is the result of research of INTERPOL Cyber threat experts, a group
      that includes a Kaspersky employee.

      They warn that t

  • by AnotherBlackHat ( 265897 ) on Tuesday March 20, 2018 @04:13PM (#56293085) Homepage

    A link, something like https://www.youtube.com/watch?v=dQw4w9WgXcQ [youtube.com]?
    A link is a pointer. It can point to anything - it could even change after the fact.

    If there's a link to something bad, then go after what's linked to, not the link itself.

  • You can't tax or confiscate cash if you don't know who's got it or how much there is.
    THAT is the problem.

    The same people that decided not to print US denominations larger than $100 would like to see crypto currency disappear, and for the same reasons.

    Hiding the most offensive possible data in the currency then deeming it "illegal" is *exactly* the same tactic as testing the money for dope and confiscating the money.

  • by surfcow ( 169572 ) on Tuesday March 20, 2018 @04:51PM (#56293315) Homepage

    An old lady calls the police, complaining that her neighbors parade around, naked, in plain view, putting on lewd displays, even having sex.

    The cops come, she leads them to a tall fence, and says: "there".

    The cops says, "All I can see is a fence".

    The old lady says, "Well, you a have to stand on this chair to actually see them."

    -------
    It's a terrible joke, but it has a kernel of truth.

    No one would know about these images, or care.
    You really have to go out of your way to be offended.

  • "Somebody's poisoned the waterhole!" -- Sheriff Woody

  • by Joey Vegetables ( 686525 ) on Wednesday March 21, 2018 @10:22AM (#56296907) Journal
    Someday, sooner or later, people will start to figure out that you can't fight child porn, or any other crime, by pretending that certain large numbers are somehow "illegal". All digital content by definition consists of large numbers. All digital content can be XORed with a certain other large number to transform it into any other digital content. There exist an infinite number of combinations of large numbers, which, when XORed with one another, can be interpreted as "child porn" or any other content. The war against large numbers cannot be won. The war against child pornography needs to be one. Hence, it will need to be fought some other way.

Nothing is finished until the paperwork is done.

Working...