The neverending story about FBI’s TorBrowser 0-Day

Let’s try to retrace the steps of this strange story


July 14, 2015

From Seattlepi.com:

A Vancouver middle school teacher accused of collecting child pornography online now faces federal charges.

Federal prosecutors in Seattle claim Jay Michaud was caught downloading child pornography in February. Michaud was arrested Monday and has since been charged in U.S. District Court.

Writing the court, an FBI special agent said Michaud spent nearly 100 hours surfing a hidden online network specializing in child pornography. The agent noted that the secret nature of the website would make it extremely difficult to come across accidentally.

The Washington Post reported that FBI seized the site’s servers and in February 2015 launched the exploit on the site leading to charges against 137 people:

The user’s online handle was “Pewter,” and while logged on at a website called Playpen, he allegedly downloaded images of young girls being sexually molested.

In order to uncover Pewter’s true identity and location, the FBI quietly turned to a technique more typically used by hackers. The agency, with a warrant, surreptitiously placed computer code, or malware, on all computers that logged into the Playpen site. When Pewter connected, the malware exploited a flaw in his browser, forcing his computer to reveal its true Internet protocol address. From there, a subpoena to Comcast yielded his real name and address.

https://www.washingtonpost.com/world/national-security/how-the-government-is-using-malware-to-ensnare-child-porn-users/2016/01/21/fb8ab5f8-bec0-11e5-83d4-42e3bceea902_story.html


February 25, 2016

The U.S. District Judge Robert J. Bryan has confirmed what has probably been the worst-kept secret in security, that Carnegie Mellon University’s Software Engineering Institute was indeed contracted by the Department of Defense to study how to break Tor anonymity.

https://www.washingtonpost.com/world/national-security/how-the-government-is-using-malware-to-ensnare-child-porn-users/2016/01/21/fb8ab5f8-bec0-11e5-83d4-42e3bceea902_story.html

“Based upon the submissions of the parties, it is clear to the court the government has provided to the defendant basic information about the technique used by SEI to obtain IP addresses of Tor users, including the defendant. Among other items, the government’s disclosures included information regarding the funding and structure relationship between SEI and DOD, as well as directing the defendant to publicly available materials regarding the Tor network.”

https://www.washingtonpost.com/world/national-security/how-the-government-is-using-malware-to-ensnare-child-porn-users/2016/01/21/fb8ab5f8-bec0-11e5-83d4-42e3bceea902_story.html


May 11, 2016

Mozilla filed a motion with the U.S. District Court in Tacoma, Wa., asking the government to disclose the zero-day vulnerability it exploited in the Tor Browser and Firefox:

https://assets.documentcloud.org/documents/2830393/Mozilla-s-Motion-to-Intervene-in-the-Playpen-Case.pdf


May 25, 2016

Judge Robert J. Bryan granted defendant Jay Michaud’s motion to exclude the evidence.

“For the reasons stated orally on the record, evidence of the N.I.T., the search warrant issued based on the N.I.T., and the fruits of that warrant should be excluded and should not be offered in evidence at trial”

https://assets.documentcloud.org/documents/2842885/Michaud-Order.pdf

Stay tuned to the next episode …

Comments