You always have to remember you are fighting the good fight, not for yourself, but for the next generation. It is good to take time off and to run and skip with them and be sure to make the children work hard to beat you (which they somehow manage to do every time). Our family believes you are starting to get old when you forget how to skip. So I guess, I always remain young enough to skip with the kids. They seem to like it.
Archive for May, 2007
I’ve already discussed the accidental downloading of kiddie porn by social engineering and one of the great legal defenses of honeypots is that no one gets there by accident. You simply have to be doing something wrong. I’ll get back to that in a minute, but first a little bit about YapBrowser which is a cross between social Engineering and a seductive honeypot.
Everybody has bitched so much about the insecurity of Windows Internet Explorer that people are trying alternate browsers and Yap Browser has guaranteed to block porn. Soo, knowing that the kids surf the net and wanting to protect them, you install it. The browser has a built in search bar which is built in so there is no need to install Google. Great job, you protected the kids but failed to Google Yap Browser. If you had, you would have realized that this is a state of the art Russian designed, English owned porn browser that no matter what search term you put in after a certain number of uses, it returns kiddie porn. Not so Sweet but very Dangerous Honeypot – the Yap Browser delivering unintentional downloads of kiddie porn.
My tripping into a honey pot is slightly less defensible for an expert. On a lazy Sunday morning, I was cleaning up lose ends related to young-`models.org and decided to visit teens18.biz – I mean there is nothing terribly nasty about the name so I had misjudged it. I thought that it was the sweet alternate side to young-models.org for people who had not yet been tagged. Still, I never enter a site directly anymore.
I went to Alexa.com and it automatically referred me to cute sites designed by cops and lawyers (sliced white bread and vanilla ice cream type guys) and got the same treatment from aboutus.com – I looked up copyright holder and found it was a Danish company which had other sites with less legal crap and less attractive girls. Everybody was over 18, they looked it and birth certificates were available on request.
Feeling very bored and safe, I went directly to teens18.biz to see what was there currently and BAM – I got hit with a shit storm
This crap was nasty and I felt so dirty, all I could force myself to do was to rip the code. Parts are published at tigerstail.wordpress.org
I wanted this shit out of my possession instantly. I mean how could an expert say that they stumbled into the site accidentally because of carelessness. I gave the drive the “Lot’s wife treatment” and almost fucked the whole hood. I put it in a pail, and pored muriatic acid on it and locked the door. When I returned a half hour later there was a cloud of acid fumes, acid mist and I couldn’t breath. I had to get the bucket outside or it would shut down the building and might have been embarassing for me trying to explain a hard drive dissolving in a bucket of acid. Christ, it was damn near as nasty as the site it came from.
This site is definitely not driven by the profit motive – I mean they never asked for a dime for a drive scrubber to remove the nasty pictures; they never asked for a membership fee. All they did was load about 600 pictures from 100 spawned sites onto my machine in 6 minutes before I pulled the plug.
I guess they don’t want me as a repeat customer.
A comment was posted in the “About” section and the person asked how to contact me. Simple, that person just did. I read all comments , check the search terms searched and react to what my information needs are during the up and coming appeal process or retrial and what you the reader wants to learn.
In the comment area of WordPress an email is required. If you want a personal reply make sure that it is a correct email address and I’ll get back to you fairly quickly while I’m working on a pending case because I’m constantly doing research and always on the computer.
The cases are coming quickly and some you just don’t want or can’t help. For instance, there is the guy who had a full production and editing facility and was engaging in normal consensual sex with 12 year olds (paid of course.). While there was computer evidence and he was publishing the crap on line, the police got him the old fashioned way – A parent talked to their child who ratted the pervert out and the parent went to the cops and they did their job. Shit the guy coped a plea rather than pay a bunch of legal fees and still lose in court.
After all, when you have flesh and blood adolescent participants from a community who can be identified, you don’t have much of a defense. And that is not what this blog is about. It’s about the government sponsored kiddie porn sites which disgust me.
It’s also, about Carnivore being more than ever described in Congress or wikipedia.. It is not just a computer motoring tool that is placed on a computer at your Internet host. Carnivore is an intrusive data gathering system which altered the settings on your firewall, places intelligence gathering tools on your computer and uses your resources including electricity and computing power to track your every move. It can even activate your web cam to confirm the identity of the keytracker log and surfufing history. It also alters the setting on your network adapter to open up all group activities and allow remote administration of your machine. No wonder they glossed over this at trial.
I don’t like kiddie porn, I’m not a religious terrorist, I’m not an anarchist and up to that asshole Junie Bush became president, I used to be a Republican. But this level of bedroom partnership is intrusive and offensive.
This blog is about freedom – so let’s keep it simple and remember that.
PS Junie is a Caribbean diminutive for Junior and in this case it is truly diminutive.
The most bothersome thing about teens18.biz are the abused and haunting faces of the naked children reminiscent of the Holocaust Museum. Now, no matter how disgusting these pictures or the 500 pictures shown at trial are, at least one must depict violence and at least one must be a real person to insure that they are not retouched photos for a sick audience. This is the only way to insure a conviction.
Someone must testify that this is a living human being, who was sexually abused. You have to admit, it’s a lot easier task for the Government to find one picture when hundreds of pictures automatically downloaded from a stinkpot you happened to wander into and then its hidden in a secret index.dat file so there is no chance it will be erased.
According to the newspaper report, Sergent Matthew Cawthon, testified that he had worked a case of a know sexual predator and earlier had seen a haunting picture of a young child (5 years old) being abused. He was able to track her down after they arrested the pervert and located his former wife. In addition to others, he was abusing his own daughter. He testified that she is now a living nine year old child. The pervert got a five year sentence for screwing his daughter and distributing the pictures.
Actually, there was a lot more to his testimony, it was presented in full gory details while the picture remained on the screen. After his testimony, a woman ran from the room in tears and the Defense Attorney’s only question was why they didn’t execute the man. No other Defense question was possible.
Now Texas Ranger Cawthon appeared to be an honorable older man who probably didn’t know shit about law enforcement honeypots and the claims of law enforcement personnel that they own all kiddie porn distribution.
My questions would have been slightly different. I would want to know if it’s so easy for the Fat Savage to track these hosts to big business hosting and backbone carriers, why doesn’t the government shut them down. Why is it that every single site that I traced which publishes kiddie porn is residing in America.? Why are kiddie porn sites all not for profit in an industry driven by greed? Why do these sites load you with pictures, redirect you to sites you never asked to go to and spawn new browsers that load URL’s and pictures into your cache memory without your consent or participation? Why is our government condoning the publication in America of real pictures of abused naked girls who are just now reaching puberty? Why have these sites stayed on line for almost a decade while the government goes to the expense of flying you all over the world to prosecute little boys and old men caught playing with themselves?
If that dumb fuck knew how easy it was for our Government to shut these hosts down and stop embarrassing the child, do you really believe he would still testify on the government side?
I kind of feel sorry for good old Matthew, – he appears to be just a good old country boy trying to do the right thing for his country and the child. He would never believe that the government is the one exploiting these pictures in the name of child protection even if I taught him enough Internet Forensics to track them to the host and distributor.
PS Femalesex.com, Raunchy.com, and Naked.com are shown to be located in Houston Texas and Femalsex.com offered to take me to their pages offering “Sexual Child Abuse”. Enough to do a Texas Ranger proud.
PPS. Actually, I think they are really located outside of Washington DC and the feds are just fucking with Texas in placing the host in that state.
I got the following feed back on the Honeypot Basic Post and I appreciate it. The email, IP and language base all track to Indonesia and I’m glad that my global viewers are concerned with what I consider to be an internal American Problem, that is an oppressive government spying on it’s private citizens.
The quote is:
“pingin belajar masalah virus, mohon tuk dikirim cara-caranya”
My best attempt at translation is as follows:
“Pingin studied the problem of the virus, [mohon tuk] was sent by his methods.”
I presume this means that the delivery of a shut down virus from honeypots is more than just an American Problem.
I hope my Translation is somewhat correct.
However, it makes me wonder. Do you think the American Government exports its Stinkpot Technology as Shareware to other oppressive Governments?
Maybe. When laws totally conflict, it is only possible to obey one of them. In the case of testimony at trial, all experts are sworn to tell the truth. At the same time Agents of the Government are sworn to defend the government from all threats.
An interesting article at www.itsecurity.com points out that one element of the Homeland Security Act is to restrict Freedom of Information in relation to the critical infrastructure. If Shannon Perkins had told the truth and not acted stupid, she would have been led to discuss Government Honeypots and Shutdown mechanisms. Since honeypots are marginally legal, they still might have won the case (except for indefensible porn loading and damaging machines but the jury might have ignored that nicety).
The problem is since it’s the FBI and The National Homeland Security and Kiddie Porn Agency, the same tools that are used to hurt the Russian Mafia and Arab Terrorists are being used to destroy private Americans and she cannot discus those tools.
So poor frumpy hardworking Shannon Perkins appears to be one very stupid Pawn. So sad – all at the start of a brilliant career.
On the other hand she may well be stupid and never heard of the association between porn and Trojans, the use of Trojans on dial-up or a honeypot or government use of honeypots. After all, she’s not a SANS scholar, she’s just a government expert.
Maybe – It sort of depends on the type of honeypot, who owns it, The Judge, The Jury, and The Lawyers and who tells the truth and who believes in the truth or lies. In the case of a kiddie porn trial, legality plays a minor role as emotions rule the day.
So let’s take a look at clearly illegal activity. I click on a link to a “free pzzle Inlay Game” and am automatically redirected to a pornsite which may contain kiddie porn which they probably stole from the National Archive of Kiddie Porn. They then offer a security program which will remove the 600 porn pictures on the machine. If you are part of the 86% who occasionally visit porn of any kind, there will be other pictures on your machine and no one will believe you. If you pay the extortion you lose, if you don’t you lose. Clearly you are a victim of fraud and extortion and you have no way to prove it or any place to turn for help. It’s not a honeypot, it’s illegal and no one cares.
The classic honeypot is a marvelous piece of work and very legal. The portal seemed to be Americanthumbs.com which as I said before barely had any really nasty pictures. Some were young and all of them had rating and age data associated with them. Now you never had to click a link and even though 60 images were loaded onto your machine, you simply did not have to play the game. You could have clicked on the older full figured woman and left.
However, if you stayed, and clicked on the young but fully clothed schoolgirls, they were probably starting to mine your information and create a file on you. Probably each time you returned or went to a sister site the pictures got a little worse. Corinnas.com and Sugarthumbs.com were also part of the game as were other sites from the UCJ Traffic Trading game. Just by staying with the UCJ family of porn sites you could develop a hell of a collection of kiddie porn from the National Archie of Hashed Kiddie Porn Pictures which would be remarkably easy for a Data Miner to find and associate it with a list of all the sites visited on your machine.
So what happens now???
They have full knowledge of your machine and they have to wait for you to do something clearly wrong, like distribute (email a file) or publish on your own site or to self incriminate in some way but what if you do nothing????
Well now it gets a little greyish and very messy and here’s where the stinkpots comes in.
When you go to a site like young-models.org, you don’t get many elegant chances to self incriminate youself. It just keeps loading you up with nastier and nastier porn and you get hundreds of images per session and then they shut you down with a Trojan which seals your machine. You don get a chance to click a link as the spawned pages keep coming with more and more images and the only way to stop it is to pull the plug.
You have entered the wrong neighborhood so a law enforcement officer damages your machine so you self incriminate at a repair shop so they catch you. This sounds like just a little more than entrapment it sounds a whole like aiding and abetting in the process and speeding it along. I mean if Jack Kavorikean was guilty of accelerating the death of people that were dying, these cops are accelerating the apparent moral decline of a person with bad taste.
I can’t even believe that in the day and age of the Patriot Act that this process is truly legal which is why at trial the Federal Agents deny knowing about the use of honeypots even though it’s common knowledge to the rest of the world. .
Does Law Enforcement Use Honeypots?
Oh Hell yeah! And there use is almost a no “brainer”.
As soon as the military had created an Internet for secure redundant communications, they started to develop defenses for it. And just like the defense of any secret installation, the first protective devices were retaliatory in nature. If their information seeking honeypots could not track you or identify you and the attack persisted, they had to take you out with a shutdown command or a virus or Trojan command on your computer. In the world of Spy verses Spy verses Spy, there are not many rules or for that matter not many complains of unfair practices.
Now in the area of Domestic use by the FBI, there is a rich body of literature and you can Google Law Enforcement honeypots and FBI’s honeypot to start exploring the area. Seems that every time the FBI works with an outside contractor, there’s another article published about the success and an offer to do the same for your business. Because of the large blocks of IP’s in use worldwide by Military, Governments and Financial Institutions there could be Billions of honeypots in use globally. The problem of stumbling on a honeypot for spammers is so big, that there is a program offered for sale called Honeypot Hunter ($495) which identifies which sites are protected by honeypots and lists of Honeypots and their owners are also online.
So everybody who uses the net probably has daily exposure to honeypots. The most commonly cited use of Government Honeypots is the Military and government protecting their secrets, the FBI defending big business, especially Financial Institutions, and gathering information on citizens who have kiddie porn on their machines. Since all of the images that were ever on a page that your machine went to are still on your machine, and since 86% of all men who are on line occasionally surf porn, I’d have to guess that half the machines in America have at least one illegal picture of kiddie porn.
Read the Article in Wikipedia on Child Pornography which discusses the use of Honeypots to track users and also, a claim at a Law Enforcement Conference that all Child Porn Distribution was Owned by Law Enforcement.
They said it – I believe it and that settles it.
What is a Honeypot?
In the traditional sense, a honeypot was exactly what it’s name implied. It was a homemade clay pot with a lid that was used to store honey. In one sense, it was seductively sweet but as Poo Bear well knew it could be dangerous as he got his nose stuck in it. Other dangers were that a honeypot could attract bugs and animals that might be a problem to the honeypot operator.
The first humorous adaption to the term was when the old people who lived in towns and cities would store there human waste in a bucket to be taken away. Inside the house was a chamber pot to be used for night time visits to the bathroom and these were either pored into the outhouse in the morning or put into a honeypot to becarted off for sanitary sewage removal. To a fly, a bucket of shit is a Honeypot.
One of the earliest scientific adoptions of the concept was the invention of flypaper or those ugly fly rolls of gummy tape, The sweet smelling goop on the paper would attract the flys which stuck to the paper until they died.
During World War’s I and II, the ungodly enemies used the baser services of woman to prey on the weaknesses of men but the temptresses were not referred to as honeypots. They were of course Mata Harri and Tokyo Rose.
During the Cold War, The Ungodly Russian’s standardized the process and through selection and training started mass producing Honeypots which were labeled as such by the Cold War Warriors. They were attractive and dangerous spys seeking information.
Now their’s a huge difference between a mugger or an extortionist and a true honeypot. A true honeypot doesn’t have to threaten harm or blackmail you for information, they rely on their strength as a woman and the general banal weaknesses of men to get some men to reveal their inner secrets. They may uses sex as a weapon or just the conversational skills of a seductive woman might be enough. Now just remember in a true honeypot situation, the person voluntarily gives up the desired information by doing something that he probably knows is wrong to gain some sort of gratification.
In the computer field, use of a honeypot is not necessarily an ungodly act. It is actually based on another fairly easy concept to understand and that is a chain will break at it’s weakest link and an enemy will attempt to find you weakest link when they attack you. In this case a honeypot is similar to The Original Trojan Horse. The honeypot is a weak computer usually placed just outside a very hardened computer network with the rest of the computers behind the firewall. (The exception is if you’re spying on employees you put it inside the firewall and if you trust nobody, you do both.)
In the traditional sense, a honeypot is passive and used to spy on the intruder, to gather information which can be tracked back to the intruder and used to identify the person. A real honeypot, if feminine in nature, would not harm or destroy the intruder because their would be no more future benefits from information. It appears that the Military and the FBI have developed retaliatory Honeypots which I have been referring to as stinkpots. These computers are pushing the spirit and letter of the law and may well be illegal. However, when the jury gets done looking at 500 nasty pictures, the niceties of the law hardly matter.
Your Guilty and That’s It.