Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  nodelist  faq  login

For a man to truly understand rejection, he must first be ignored by a cat.


rocksolid / Security / case study of undercover police work in darknets

SubjectAuthor
* case study of undercover police work in darknetsanon
`* Re: case study of undercover police work in darknetsanon
 `* Re: case study of undercover police work in darknetsAnonUser
  `- Re: case study of undercover police work in darknetsanon

1
Subject: case study of undercover police work in darknets
From: anon
Newsgroups: rocksolid.shared.security
Organization: def4
Date: Fri, 17 Aug 2018 20:04 UTC
Path: rocksolid2!def3!.POSTED.localhost!not-for-mail
From: ano...@anon.com (anon)
Newsgroups: rocksolid.shared.security
Message-ID: <49ff5b2941e197ea6eb06d4c05d7fd63@def4.com>
Subject: case study of undercover police work in darknets
Date: Fri, 17 Aug 2018 20:04:38+0000
Organization: def4
Lines:
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
View all headers
in this case the person hunted down was a rapist of children, so many will not shed a tear.
the point is however what the police can do today if they enough ressouces on it.
let's learn from this:

https://www.deepdotweb.com/2016/07/20/police-infiltrated-darknet-forum-hunt-pedophiles/

How Police Infiltrated a Darknet Forum to Hunt Down Pedophiles

Posted by: C. Aliens July 20, 2016 in Articles, Featured 45 Comments

In 2015, we wrote about how a taskforce known as Argos, started focusing on hunting down pedophiles on the deepweb. Argos was not entirely composed of police officers – among the employed were IT specialists, hackers, and detectives. The agents had had to see thousands and thousands of what the head of Argos, Jon Rouse, describes as absolutely unbelievable, horrifying imagery and videos. But their prevalence ended up paying off, as they ended up secretly running one of the largest pedophilia networks on the internet and catching Britain’s worst ever pedophile ever.

In a special report from The Guardian, Jon Rouse describes that once they took down a pedophile that had been in Argos’s sights for a while, they took over his account on the darknet pedophilia forum in question. They took it over as if nothing had ever happened, with nobody the wiser. From there, police realized the forum was run just like any other company or business – it had intricate hierarchy – and senior members took control of single groups or boards. At the top, Rouse says, was a man who was “effectively the CEO.” He notably started his messages with “hiyas.”

Richard Huckle, known as Britain’s worst pedophile, was a top player on the site. He was a zealous producer and uploader of content; he got to the point where he was titling and branding the pictures and videos he was uploading. Despite the fact that he was not very popular, he belittled other forum members for claiming they were pedophiles but not living the true pedophile lifestyle. He was proud of what he was. The site even had a 180 page guide titled “the exclusive step by step guide for practicing safe and fun sex with children” and Huckle added one of his own: “Paedophiles and Poverty: Child Lover Guide.”

Part of the reason Huckle’s work was not incredibly popular was due to the fact that his victims were not white males or females – they were poor Indian children – and those weren’t what forum members wanted to see. The exclusivity of the demographic Huckle abused ended up working against him as it helped the police work to narrow down his location. Site users believed he lived in or near India, and although he never explicitly said yes, he went along with it.

Meanwhile, in Brisbane, agents were combing over posts on both the clearnet and deepweb for another user, the “CEO” who used the introduction “hiyas.” They believed, since it was a fairly uncommon word to use, it would help narrow down suspects. The search results yielded over 450, 000 uses of the word “hiyas” on the internet, a number that stacks the odds against the police. However, the majority of those posts were able to be ruled out as they linked back to women and in situations like this, a male suspect is far more likely. They were able to narrow down the location even more when Danish authorities notified Argos that the “hiyas” user was likely in Australia. With Australia in mind, focusing on Adelaide, the search became a little bit easier. Argos agents found a post on a 4WD forum where a user was asking about altering his ride height – the poster used the “hiyas” introduction and had a username very similar to the one on the pedophilia forum. That was too much of a coincidence, Paul Griffiths, a police officer who was working with Argos stated.

When people replied to the forum post, they suggested what parts would be required for lifting his vehicle. Police then found a Facebook post from a man in Adelaide, asking for information on sourcing those same parts.

....

Posted on def4.i2p


Subject: Re: case study of undercover police work in darknets
From: anon
Newsgroups: rocksolid.shared.security
Organization: def4
Date: Fri, 17 Aug 2018 20:07 UTC
References: 1
Path: rocksolid2!def3!.POSTED.localhost!not-for-mail
From: ano...@anon.com (anon)
Newsgroups: rocksolid.shared.security
Message-ID: <2499b2233ec7ae936a1ce5caac50cb95@def4.com>
Subject: Re: case study of undercover police work in darknets
Date: Fri, 17 Aug 2018 20:07:03+0000
Organization: def4
In-Reply-To: <49ff5b2941e197ea6eb06d4c05d7fd63@def4.com>
References: <49ff5b2941e197ea6eb06d4c05d7fd63@def4.com>
Lines:
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
View all headers
The man they found was 32-year-old Shannon McCoole, a man who had worked in childcare for 4 years, raising concerns from his colleagues. In 2014, the police raided McCoole but made sure to keep the news hidden from the eye of the public in order to keep forum members in the dark. Police tell The Guardian that in 2011, an anonymous call had been made, telling authorities that McCoole was inappropriately physical with children. A psychological assessment was later made where he was found to be high risk and very unsuitable for the job but both the anonymous call and assessment had been ignored.

McCoole is now serving 35 years.

His online presence was immediately taken over by Argos agents, and the internet community was completely unaware of what had happened. Unlike the previous low level infiltration, McCoole’s account, being the “CEO,” had access to everything. The police were now able to read every private message sent between any of the 45,000 users. Included in the now unveiled messages were those of Richard Huckle, Britain’s worst pedophile.

For 6 months, they searched through every picture and post by Huckle and realized the content of the pictures was not going to yield any useful information; what the photos were captured with proved to be the key. Most of the pictures had the metadata completely swept. The mistake that lead to his demise was when he forgot to clean one photo and it let the police know the pictures were taken on an Olympus camera. They then exhaustively searched photo-uploading sites like Flickr for pictures taken by the model camera that Huckle was using, in the general area they suspected him to be living in. Southeast Asia.

As the search went on, they found some pictures taken in Cambodia, Laos, and Vietnam that matched the camera and profile of Huckle. The unknown photographer had a number of pictures of children, sometimes naked, but “nothing illegal,” Griffith says. The photographs were innocent, in and of themselves, but they still fit the profile of the pedophile they had been hunting. The pictures traced to an email address, which, in turn traced to other sites Huckle had signed up for using the same email. Following the McCoole example, one of the sites he had signed up for had a username very similar to the one on the illegal darknet forum.

It became far simpler for police when they found that his email linked to a photography studio called Huckool Photography Productions, based in Malaysia. And it became even simpler when the studio’s website linked to Huckle’s personal Facebook profile. His  Facebook page had pictures of children as well. Legal pictures. But many of them were the same children he published being abused on the pedophilia forum.

Huckle was in Malaysia, but Malaysian authorities didn’t believe there was enough evidence against him for a lawful arrest. To Argos’s dismay, Huckle stayed in Malaysia for another 4 months. Police got a break when he posted something that would directly lead to his arrest. Griffiths said “I just saw a [Facebook] post he made, basically saying, ‘Great news, I’ve just booked a flight home for Christmas’ and “He had hashtagged the airline. It was almost too easy.”

In December 2014, he was arrested as soon as he got off the plane at Gatwick airport, a British Airways hub. He possessed over 20,000 images of children, and at least 1,000 of them were of children that he had personally abused. His laptop, with potentially more victims and thousands of images, is still encrypted and unexplored as Huckle refuses to let authorities access it.

On June 3rd, 2016, Huckle was convicted of 71 serious sexual assaults against children which resulted in 22 life sentences. He will serve a minimum of 25 years before eligible to apply for parole, despite being only 28 at the time of his arrest.

After the Huckle arrest, police posing as McCoole on the forums posted a closing message:

    “[Forum name redacted] is a living creature. We have survived a lot of ups and downs. It’s been a passion of mine for a long time, and Posted on def4.i2p


Subject: Re: case study of undercover police work in darknets
From: AnonUser
Newsgroups: rocksolid.shared.security
Organization: RetroBBS
Date: Sat, 18 Aug 2018 18:56 UTC
References: 1
Path: rocksolid2!.POSTED.retrobbs!not-for-mail
From: anonu...@retrobbs.rocksolidbbs.com.remove-h1r-this (AnonUser)
Newsgroups: rocksolid.shared.security
Subject: Re: case study of undercover police work in darknets
Date: Sat, 18 Aug 2018 11:56:18 -0700
Organization: RetroBBS
Message-ID: <580e20900d96cdba1f27cb479c61e0df$1@retrobbs.rocksolidbbs.com>
References: <2499b2233ec7ae936a1ce5caac50cb95@def4.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Info: novabbs.com; posting-host="retrobbs:10.128.3.129";
logging-data="21733"; mail-complaints-to="usenet@novabbs.com"
To: anon
X-Comment-To: anon
In-Reply-To: <2499b2233ec7ae936a1ce5caac50cb95@def4.com>
X-FTN-PID: Synchronet 3.17a-Linux Feb 20 2018 GCC 6.3.0
X-Gateway: retrobbs.rocksolidbbs.com [Synchronet 3.17a-Linux NewsLink 1.108]
View all headers
  To: anon
The amount of work they go through to find similarities around the internet shows it must be easier than breaking the anonymity.

It's best to always assume the person you're talking to is compromised if you're doing something risky.

Thanks for posting this
--- Synchronet 3.17a-Linux NewsLink 1.108
Posted on RetroBBS


Subject: Re: case study of undercover police work in darknets
From: anon
Newsgroups: rocksolid.shared.security
Organization: def4
Date: Sat, 18 Aug 2018 20:43 UTC
References: 1
Path: rocksolid2!def3!.POSTED.localhost!not-for-mail
From: ano...@anon.com (anon)
Newsgroups: rocksolid.shared.security
Message-ID: <0df44fc1c63335f96a4a31d734578dff@def4.com>
Subject: Re: case study of undercover police work in darknets
Date: Sat, 18 Aug 2018 20:43:31+0000
Organization: def4
In-Reply-To: <580e20900d96cdba1f27cb479c61e0df$1@retrobbs.rocksolidbbs.com>
References: <580e20900d96cdba1f27cb479c61e0df$1@retrobbs.rocksolidbbs.com>
Lines:
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
View all headers
The amount of work they go through to find similarities around
the internet shows it must be easier than breaking the
anonymity.

thats a good point, actually. It means at the time where this happened they could not (or were not ready to) break the anonymity of the services as such. So they used a time intensive side channel attack.

Posted on def4.i2p


1
rocksolid light 0.7.2
clearneti2ptor