[Script Info]
Title: 
[Events]
Format: Layer, Start, End, Style, Name, MarginL, MarginR, MarginV, Effect, Text
Dialogue: 0,0:00:00.00,0:00:14.49,Default,,0000,0000,0000,,{\i1}33C3 preroll music{\i0}
Dialogue: 0,0:00:14.49,0:00:18.48,Default,,0000,0000,0000,,Herald: The talk is gonna be called\N“Law Enforcement Are Hacking the Planet”
Dialogue: 0,0:00:18.48,0:00:24.27,Default,,0000,0000,0000,,by Joseph Cox. Joseph is an investigative\Njournalist for Vice’s Motherboard,
Dialogue: 0,0:00:24.27,0:00:28.05,Default,,0000,0000,0000,,covering hackers, data breaches\Nand digital security. When I went
Dialogue: 0,0:00:28.05,0:00:32.89,Default,,0000,0000,0000,,to check him out and looked at his Twitter\Naccount I discovered I already follow him.
Dialogue: 0,0:00:32.89,0:00:36.32,Default,,0000,0000,0000,,Which is funny, or it was for me\Na little anecdote about the modern world.
Dialogue: 0,0:00:36.32,0:00:41.22,Default,,0000,0000,0000,,I recognized his avatar immediately\Nbut not his name.
Dialogue: 0,0:00:41.22,0:00:44.50,Default,,0000,0000,0000,,I guess that's just something\Nabout how we live these days.
Dialogue: 0,0:00:44.50,0:00:50.01,Default,,0000,0000,0000,,So then with no further ado, Joseph,\NI’d like to give it over to you.
Dialogue: 0,0:00:50.01,0:00:56.74,Default,,0000,0000,0000,,{\i1}applause{\i0}
Dialogue: 0,0:00:56.74,0:01:00.59,Default,,0000,0000,0000,,Joseph Cox: Hello, hello hello.
Dialogue: 0,0:01:00.59,0:01:05.68,Default,,0000,0000,0000,,How would you react if the FBI\Ncame over from the United States,
Dialogue: 0,0:01:05.68,0:01:11.60,Default,,0000,0000,0000,,came into Germany, went to an apartment\Nin, say, Hamburg, kicked down the door
Dialogue: 0,0:01:11.60,0:01:15.49,Default,,0000,0000,0000,,and then started searching the apartment?
Dialogue: 0,0:01:15.49,0:01:18.68,Default,,0000,0000,0000,,They haven’t been invited\Nby German law enforcement,
Dialogue: 0,0:01:18.68,0:01:24.29,Default,,0000,0000,0000,,they’re acting on their own accord.\NThey then seize a load of evidence
Dialogue: 0,0:01:24.29,0:01:26.98,Default,,0000,0000,0000,,and go back to the States.
Dialogue: 0,0:01:26.98,0:01:32.31,Default,,0000,0000,0000,,You might think this isn’t a great thing,\NI mean what does the FBI have to do
Dialogue: 0,0:01:32.31,0:01:35.36,Default,,0000,0000,0000,,coming in to another country and then
Dialogue: 0,0:01:35.36,0:01:39.48,Default,,0000,0000,0000,,searching buildings or arresting suspects?
Dialogue: 0,0:01:39.48,0:01:43.50,Default,,0000,0000,0000,,But the searching is essentially\Nwhat the FBI is doing, but digitally
Dialogue: 0,0:01:43.50,0:01:49.18,Default,,0000,0000,0000,,with malware and hacking tools. Breaching\Ninto computers in other countries,
Dialogue: 0,0:01:49.18,0:01:51.80,Default,,0000,0000,0000,,extracting evidence from them\Nand then sending them back to
Dialogue: 0,0:01:51.80,0:01:56.29,Default,,0000,0000,0000,,a government server in Virginia,\Nor wherever it may be.
Dialogue: 0,0:01:56.29,0:02:00.65,Default,,0000,0000,0000,,To clear, we’re not talking\Nabout a normal intelligence agency here
Dialogue: 0,0:02:00.65,0:02:04.79,Default,,0000,0000,0000,,like the NSA or GCHQ. They’re\Ngonna hack computers internationally
Dialogue: 0,0:02:04.79,0:02:10.09,Default,,0000,0000,0000,,all the time as part of espionage,\Nwe expect that, maybe that’s a good thing.
Dialogue: 0,0:02:10.09,0:02:14.72,Default,,0000,0000,0000,,Here we’re talking about\Nan agency that’s predominantly
Dialogue: 0,0:02:14.72,0:02:20.03,Default,,0000,0000,0000,,focused with the law enforcement\Nhacking to computers in other countries
Dialogue: 0,0:02:20.03,0:02:25.78,Default,,0000,0000,0000,,as part of criminal investigations.
Dialogue: 0,0:02:25.78,0:02:31.90,Default,,0000,0000,0000,,I’m gonna talk about one FBI case in\Nparticular, briefly touch upon another one
Dialogue: 0,0:02:31.90,0:02:36.21,Default,,0000,0000,0000,,and then just explain an operation\Nthat was led by local Australian
Dialogue: 0,0:02:36.21,0:02:41.80,Default,,0000,0000,0000,,law enforcement which hacked\Ncomputers in the United States.
Dialogue: 0,0:02:41.80,0:02:46.66,Default,,0000,0000,0000,,At the moment, typically, these sort of\Ninvestigations are done to counter
Dialogue: 0,0:02:46.66,0:02:53.41,Default,,0000,0000,0000,,child sexual exploitation\Nor child abuse on the Darkweb.
Dialogue: 0,0:02:53.41,0:02:57.37,Default,,0000,0000,0000,,Just about me, briefly:\NJournalist for Motherboard as mentioned,
Dialogue: 0,0:02:57.37,0:03:03.09,Default,,0000,0000,0000,,which is the Technology and Science\Npart of Vice. Hackers, cybercrime,
Dialogue: 0,0:03:03.09,0:03:08.31,Default,,0000,0000,0000,,the Darkweb drug trades or\Nstuff like Silk Road or the usual stuff.
Dialogue: 0,0:03:08.31,0:03:12.27,Default,,0000,0000,0000,,But for the past year I’ve been really\Ninterested in law enforcement’s
Dialogue: 0,0:03:12.27,0:03:17.52,Default,,0000,0000,0000,,international use of malware.\NWhich brings us to
Dialogue: 0,0:03:17.52,0:03:21.12,Default,,0000,0000,0000,,“Operation Pacifier”.\NThe FBI is not very good at naming
Dialogue: 0,0:03:21.12,0:03:26.72,Default,,0000,0000,0000,,its child sexual exploitation\Ninvestigations.
Dialogue: 0,0:03:26.72,0:03:33.01,Default,,0000,0000,0000,,So in August 2014 a new Darkweb child\Nabuse site was launched, called “Playpen”.
Dialogue: 0,0:03:33.01,0:03:36.14,Default,,0000,0000,0000,,It was a Tor hidden service,\Nmeaning that the majority of people
Dialogue: 0,0:03:36.14,0:03:40.75,Default,,0000,0000,0000,,who connect to it would do so\Nover the Tor anonymity network,
Dialogue: 0,0:03:40.75,0:03:47.04,Default,,0000,0000,0000,,masking their real IP address.\NBut because it ran as a hidden service
Dialogue: 0,0:03:47.04,0:03:51.03,Default,,0000,0000,0000,,the physical location of the server itself\Nwas also protected.
Dialogue: 0,0:03:51.03,0:03:55.52,Default,,0000,0000,0000,,Meaning that the FBI couldn’t just go and\Nimmediately subpoena the hosting company
Dialogue: 0,0:03:55.52,0:04:00.24,Default,,0000,0000,0000,,or seize the server whatever may be,\Nbecause they didn’t know where it was.
Dialogue: 0,0:04:00.24,0:04:05.17,Default,,0000,0000,0000,,A few months passed and Playpen is a\Nreally, really big deal. It’s the largest
Dialogue: 0,0:04:05.17,0:04:10.78,Default,,0000,0000,0000,,child pornography site on the Darkweb.\N215.000 members,
Dialogue: 0,0:04:10.78,0:04:17.88,Default,,0000,0000,0000,,117.000 posts, and an average\N11.000 unique people
Dialogue: 0,0:04:17.88,0:04:22.11,Default,,0000,0000,0000,,were visiting every week.
Dialogue: 0,0:04:22.11,0:04:25.85,Default,,0000,0000,0000,,The FBI was trying to find a way in,\Nthey were acting in an undercover capacity
Dialogue: 0,0:04:25.85,0:04:30.56,Default,,0000,0000,0000,,on the site as law enforcement often do\Nwith these sorts of hidden services.
Dialogue: 0,0:04:30.56,0:04:36.43,Default,,0000,0000,0000,,But at one point a foreign law enforcement\Nagency, and we don’t know which one,
Dialogue: 0,0:04:36.43,0:04:42.25,Default,,0000,0000,0000,,provided the real IP address\Nof the Playpen server to the FBI.
Dialogue: 0,0:04:42.25,0:04:46.95,Default,,0000,0000,0000,,It turned out that Playpen’s administrator\Nwho’s now been convicted, Steven Chase,
Dialogue: 0,0:04:46.95,0:04:51.75,Default,,0000,0000,0000,,he’d misconfigured his server\Nso the real IP address was exposed
Dialogue: 0,0:04:51.75,0:04:55.70,Default,,0000,0000,0000,,in the normal internet.\NSo in February 2015
Dialogue: 0,0:04:55.70,0:04:59.32,Default,,0000,0000,0000,,the FBI go to the North Carolina\NData Centre, they seize the server
Dialogue: 0,0:04:59.32,0:05:02.54,Default,,0000,0000,0000,,and they take control of Playpen.
Dialogue: 0,0:05:02.54,0:05:05.42,Default,,0000,0000,0000,,Just as a side note:\NSteven Chase, the administrator,
Dialogue: 0,0:05:05.42,0:05:10.84,Default,,0000,0000,0000,,he had paid for the hosting via a Paypal\Naccount in his own name.
Dialogue: 0,0:05:10.84,0:05:14.65,Default,,0000,0000,0000,,So it was incredibly easy to convict him.\NIf you’re gonna run
Dialogue: 0,0:05:14.65,0:05:19.03,Default,,0000,0000,0000,,an illegal Tor hidden service,\Ndon’t use Paypal!
Dialogue: 0,0:05:19.03,0:05:23.32,Default,,0000,0000,0000,,And this is where the hacking comes in.
Dialogue: 0,0:05:23.32,0:05:27.94,Default,,0000,0000,0000,,Even though the FBI is in control of the\Nsite – they can see what people are doing,
Dialogue: 0,0:05:27.94,0:05:30.98,Default,,0000,0000,0000,,what videos they’re watching,\Nas mentioned – they can’t see
Dialogue: 0,0:05:30.98,0:05:34.26,Default,,0000,0000,0000,,where these people are coming from\Nand they can’t identify them.
Dialogue: 0,0:05:34.26,0:05:37.42,Default,,0000,0000,0000,,So they need another way,\Nand what they decided to do
Dialogue: 0,0:05:37.42,0:05:42.52,Default,,0000,0000,0000,,is hack the computers of individual users.
Dialogue: 0,0:05:42.52,0:05:45.65,Default,,0000,0000,0000,,Very, very shortly after the FBI seized\Nthe server they started to run it
Dialogue: 0,0:05:45.65,0:05:50.68,Default,,0000,0000,0000,,from a government facility in Virginia.\NSo the site is fully functioning,
Dialogue: 0,0:05:50.68,0:05:55.00,Default,,0000,0000,0000,,except one section that encourages people
Dialogue: 0,0:05:55.00,0:05:58.86,Default,,0000,0000,0000,,to produce more child porn. It’s still\Na fully functional website, though.
Dialogue: 0,0:05:58.86,0:06:04.14,Default,,0000,0000,0000,,They run that and the FBI deploys what\Nit calls a “Network Investigative Technique”,
Dialogue: 0,0:06:04.14,0:06:10.06,Default,,0000,0000,0000,,an NIT or nit or what we would probably\Njust call “a piece of malware”.
Dialogue: 0,0:06:10.06,0:06:15.91,Default,,0000,0000,0000,,In short, and this is a really, really basic\Noverview the nit just did several things.
Dialogue: 0,0:06:15.91,0:06:20.49,Default,,0000,0000,0000,,First somebody would log in to Playpen\Nand then go visit a specific
Dialogue: 0,0:06:20.49,0:06:24.87,Default,,0000,0000,0000,,child porn related forum.\NThe exploit is then automatically
Dialogue: 0,0:06:24.87,0:06:29.15,Default,,0000,0000,0000,,delivered to that computer.\NThis exploit certainly affected…
Dialogue: 0,0:06:29.15,0:06:32.65,Default,,0000,0000,0000,,and the underlying vulnerability\Ncertainly affected the Tor browser.
Dialogue: 0,0:06:32.65,0:06:38.62,Default,,0000,0000,0000,,We don’t know if it affected Mozilla\NFirefox. As many of you will know,
Dialogue: 0,0:06:38.62,0:06:42.33,Default,,0000,0000,0000,,Tor browsers are oftenly based on Firefox,\Nand they share much of the same code base.
Dialogue: 0,0:06:42.33,0:06:45.23,Default,,0000,0000,0000,,But we don’t actually know\Nmuch about the vulnerability
Dialogue: 0,0:06:45.23,0:06:49.82,Default,,0000,0000,0000,,or the exploit at all.\NAll that we know is that they used
Dialogue: 0,0:06:49.82,0:06:55.39,Default,,0000,0000,0000,,a non publicly known vulnerability.
Dialogue: 0,0:06:55.39,0:06:59.91,Default,,0000,0000,0000,,And then when the exploit is delivered the\Nrest of the code causes the target machine
Dialogue: 0,0:06:59.91,0:07:04.47,Default,,0000,0000,0000,,to phone home outside of the Tor network\Nto a government server, and now the FBI
Dialogue: 0,0:07:04.47,0:07:08.08,Default,,0000,0000,0000,,has a real IP address.
Dialogue: 0,0:07:08.08,0:07:14.50,Default,,0000,0000,0000,,Armed with that the FBI just goes to the\NISP, Comcast, Verizon, gets a name,
Dialogue: 0,0:07:14.50,0:07:18.96,Default,,0000,0000,0000,,subscriber details and address,\Nkicks down a door, arrests the person
Dialogue: 0,0:07:18.96,0:07:22.63,Default,,0000,0000,0000,,– if there’s enough evidence – and\Npresumably, and in many many of the cases
Dialogue: 0,0:07:22.63,0:07:28.47,Default,,0000,0000,0000,,if not all of them, find a lot of child\Nporn on the suspect’s machine.
Dialogue: 0,0:07:28.47,0:07:33.45,Default,,0000,0000,0000,,But that’s not everything\Nthe FBI collected with a nit,
Dialogue: 0,0:07:33.45,0:07:38.52,Default,,0000,0000,0000,,it also got the username,\Nthe host name, the MAC address.
Dialogue: 0,0:07:38.52,0:07:42.75,Default,,0000,0000,0000,,And it also generated a unique code\Nper unique infection, I think
Dialogue: 0,0:07:42.75,0:07:49.71,Default,,0000,0000,0000,,that you could then use to correlate\Nactivity on the site with an IP address.
Dialogue: 0,0:07:49.71,0:07:54.34,Default,,0000,0000,0000,,And just remember this whole time\Nthe FBI could see what people
Dialogue: 0,0:07:54.34,0:07:59.54,Default,,0000,0000,0000,,were doing on the site, so “user Jimmy\Nwent onto this section of the site
Dialogue: 0,0:07:59.54,0:08:02.83,Default,,0000,0000,0000,,and looked at this thread,\Nnow we have his IP address,
Dialogue: 0,0:08:02.83,0:08:07.70,Default,,0000,0000,0000,,we can link it to that”.
Dialogue: 0,0:08:07.70,0:08:11.89,Default,,0000,0000,0000,,So the FBI deploys its malware,
Dialogue: 0,0:08:11.89,0:08:15.81,Default,,0000,0000,0000,,for 13 days it runs the site.\NOver that amount of time,
Dialogue: 0,0:08:15.81,0:08:19.33,Default,,0000,0000,0000,,100.000 users log into Playpen,\Nwhich as you’ll notice
Dialogue: 0,0:08:19.33,0:08:23.49,Default,,0000,0000,0000,,is a lot more than 11.000, which\Nwas apparently the average login rate.
Dialogue: 0,0:08:23.49,0:08:30.42,Default,,0000,0000,0000,,For some reason the site became a lot more\Npopular when the FBI was running it.
Dialogue: 0,0:08:30.42,0:08:33.31,Default,,0000,0000,0000,,You can hear whatever you want from that. (?)
Dialogue: 0,0:08:33.31,0:08:40.25,Default,,0000,0000,0000,,So in the U.S. the FBI gets around 1300\NIP addresses of U.S. users of the site.
Dialogue: 0,0:08:40.25,0:08:45.77,Default,,0000,0000,0000,,Europol say they generated 3229 cases
Dialogue: 0,0:08:45.77,0:08:49.57,Default,,0000,0000,0000,,– I haven’t highlighted it, but it’s\Nin the middle column at the bottom –
Dialogue: 0,0:08:49.57,0:08:54.43,Default,,0000,0000,0000,,and 34 of those were in Denmark.\NThis is a presentation I just found online
Dialogue: 0,0:08:54.43,0:08:57.07,Default,,0000,0000,0000,,when I found out it was called\N“Pacifier”.
Dialogue: 0,0:08:57.07,0:09:01.16,Default,,0000,0000,0000,,I searched that, filetype:pdf and\Nsomeone from law enforcement had
Dialogue: 0,0:09:01.16,0:09:05.91,Default,,0000,0000,0000,,left this online, so that was convenient.\N{\i1}laughter{\i0}
Dialogue: 0,0:09:05.91,0:09:08.60,Default,,0000,0000,0000,,Austria, staying with this\Npart of the world,
Dialogue: 0,0:09:08.60,0:09:12.82,Default,,0000,0000,0000,,I think this is a letter from an MP\Nto a group of politicians
Dialogue: 0,0:09:12.82,0:09:16.26,Default,,0000,0000,0000,,just talking about the country’s\Nchild porn investigations
Dialogue: 0,0:09:16.26,0:09:21.81,Default,,0000,0000,0000,,and it mentions Operation Pacifier\Nand 50 IP addresses so the FBI hacked
Dialogue: 0,0:09:21.81,0:09:27.18,Default,,0000,0000,0000,,at least 50 computers in Austria.\NLatin America as well.
Dialogue: 0,0:09:27.18,0:09:29.91,Default,,0000,0000,0000,,Again, this is another presentation\Nthat I found online,
Dialogue: 0,0:09:29.91,0:09:32.48,Default,,0000,0000,0000,,law enforcement are really, really sloppy
Dialogue: 0,0:09:32.48,0:09:35.89,Default,,0000,0000,0000,,with just leaving all this stuff\Nonline, which is great.
Dialogue: 0,0:09:35.89,0:09:40.75,Default,,0000,0000,0000,,And you can just see Operation Pacifier\Nthere. As for Chile it was
Dialogue: 0,0:09:40.75,0:09:46.14,Default,,0000,0000,0000,,local media reports that just said\N‘Pacifier’, ‘Playpen’, ‘child porn arrests’
Dialogue: 0,0:09:46.14,0:09:52.28,Default,,0000,0000,0000,,so it was pretty easy to infer that\Ncomputers were hacked there as well.
Dialogue: 0,0:09:52.28,0:09:56.53,Default,,0000,0000,0000,,Australia – this is part of a\Nfreedom of information request
Dialogue: 0,0:09:56.53,0:10:02.40,Default,,0000,0000,0000,,I made with the Australian federal police,\Nasking for documents and communications
Dialogue: 0,0:10:02.40,0:10:07.24,Default,,0000,0000,0000,,about Operation Pacifier. This isn’t\Nactually the result of the request
Dialogue: 0,0:10:07.24,0:10:09.81,Default,,0000,0000,0000,,this is them saying “Hey, we have\Ntoo much stuff on Operation Pacifier,
Dialogue: 0,0:10:09.81,0:10:13.63,Default,,0000,0000,0000,,so we can’t give it to you” which\Nobviously already gave me
Dialogue: 0,0:10:13.63,0:10:18.67,Default,,0000,0000,0000,,enough information to confirm that\NPacifier hit Australia as well.
Dialogue: 0,0:10:18.67,0:10:21.38,Default,,0000,0000,0000,,Anyway, you get the idea. I’m not\Njust gonna list all these countries
Dialogue: 0,0:10:21.38,0:10:26.79,Default,,0000,0000,0000,,apart from them. The U.K. and Turkey\Nwere probably hacked as well.
Dialogue: 0,0:10:26.79,0:10:32.21,Default,,0000,0000,0000,,But it turns out the FBI hacked computers\Nin many, many more countries.
Dialogue: 0,0:10:32.21,0:10:35.86,Default,,0000,0000,0000,,And this just came out\Nend of last month, I think.
Dialogue: 0,0:10:35.86,0:10:43.79,Default,,0000,0000,0000,,In total the FBI hacked\N8.700 computers in 120 countries.
Dialogue: 0,0:10:43.79,0:10:49.74,Default,,0000,0000,0000,,8.700 in 120 countries with one warrant.
Dialogue: 0,0:10:49.74,0:10:52.70,Default,,0000,0000,0000,,And arguably that warrant was illegal.
Dialogue: 0,0:10:52.70,0:10:56.97,Default,,0000,0000,0000,,But we have to back up a little bit,\Njust to see what that is.
Dialogue: 0,0:10:56.97,0:11:01.39,Default,,0000,0000,0000,,Right, okay.\NSo the U.S. has something called Rule 41,
Dialogue: 0,0:11:01.39,0:11:05.29,Default,,0000,0000,0000,,which dictates when a judge\Ncan authorize searches
Dialogue: 0,0:11:05.29,0:11:08.86,Default,,0000,0000,0000,,including remote searches, so hacking.
Dialogue: 0,0:11:08.86,0:11:13.27,Default,,0000,0000,0000,,A judge can only authorize a search\Nwithin his or her own district.
Dialogue: 0,0:11:13.27,0:11:16.33,Default,,0000,0000,0000,,So if the judge is in the\Nwestern district of Washington,
Dialogue: 0,0:11:16.33,0:11:19.35,Default,,0000,0000,0000,,he or she can only sign a warrant\Nthat’s gonna search stuff
Dialogue: 0,0:11:19.35,0:11:24.27,Default,,0000,0000,0000,,within that district. With a few\Nexceptions. I think, terrorism,
Dialogue: 0,0:11:24.27,0:11:27.95,Default,,0000,0000,0000,,and if there’s a tracking device\Nand then the person moves out of state
Dialogue: 0,0:11:27.95,0:11:32.32,Default,,0000,0000,0000,,it’s still okay.\NIn the case of Playpen,
Dialogue: 0,0:11:32.32,0:11:35.97,Default,,0000,0000,0000,,Judge Theresa Buchanan\Nwas in the Eastern district of Virginia,
Dialogue: 0,0:11:35.97,0:11:41.74,Default,,0000,0000,0000,,as you can see at the top.\NClearly, the vast majority of computers
Dialogue: 0,0:11:41.74,0:11:46.52,Default,,0000,0000,0000,,were not in the Eastern\Ndistrict of Virginia.
Dialogue: 0,0:11:46.52,0:11:50.24,Default,,0000,0000,0000,,The search warrant application which is\Nthat document that the FBI presents
Dialogue: 0,0:11:50.24,0:11:54.15,Default,,0000,0000,0000,,to a judge, and say “Here’s our reasons,\Nplease sign our search warrant!”,
Dialogue: 0,0:11:54.15,0:11:59.03,Default,,0000,0000,0000,,it said that what was gonna be searched\Nwas computers logging into Playpen,
Dialogue: 0,0:11:59.03,0:12:04.63,Default,,0000,0000,0000,,wherever located. It’s pretty\Ndebatable how explicit that is.
Dialogue: 0,0:12:04.63,0:12:09.86,Default,,0000,0000,0000,,I mean, the FBI did not write “Hey we’re\Ngonna hack into computers no matter
Dialogue: 0,0:12:09.86,0:12:12.88,Default,,0000,0000,0000,,what state they’re in, what country\Nthey’re in, anything like that, and
Dialogue: 0,0:12:12.88,0:12:16.43,Default,,0000,0000,0000,,we’re gonna hack into them”. The word\N‘hack’ is obviously never ever used in the
Dialogue: 0,0:12:16.43,0:12:21.40,Default,,0000,0000,0000,,search warrant application.\NSo with that in mind it’s kind of unclear
Dialogue: 0,0:12:21.40,0:12:26.37,Default,,0000,0000,0000,,if Judge Theresa Buchanan would have\Nactually understood that she was signing
Dialogue: 0,0:12:26.37,0:12:32.78,Default,,0000,0000,0000,,a global hacking warrant. And this isn’t\Ncastaging the judge, at all. It’s more
Dialogue: 0,0:12:32.78,0:12:38.22,Default,,0000,0000,0000,,that these warrants applications aren’t\Nvery explicit. And it’s still unclear
Dialogue: 0,0:12:38.22,0:12:47.69,Default,,0000,0000,0000,,because Judge Buchanan won’t respond\Nto my requests for comment.
Dialogue: 0,0:12:47.69,0:12:54.16,Default,,0000,0000,0000,,So wherever operation Pacifier violated\Nrule 41 has probably been the central
Dialogue: 0,0:12:54.16,0:12:59.77,Default,,0000,0000,0000,,component of all the legal cases that came\Nout after the FBI started dusting people.
Dialogue: 0,0:12:59.77,0:13:03.36,Default,,0000,0000,0000,,Defense lawyers have brought it up, saying\N“Hey, this judge did not have authority,
Dialogue: 0,0:13:03.36,0:13:06.96,Default,,0000,0000,0000,,you now need to throw out all the\Nevidence against my client”.
Dialogue: 0,0:13:06.96,0:13:11.51,Default,,0000,0000,0000,,According to the most recent figures, and\Nthis might be very, very slightly out-of-date
Dialogue: 0,0:13:11.51,0:13:18.89,Default,,0000,0000,0000,,21 decisions have found the operation\Ndid violate rule 41. Out of those,
Dialogue: 0,0:13:18.89,0:13:23.40,Default,,0000,0000,0000,,judges in four cases have thrown out all\Nevidence obtained by the FBI’s malware.
Dialogue: 0,0:13:23.40,0:13:27.41,Default,,0000,0000,0000,,So that obviously includes the main bit\Nof evidence which to the IP address
Dialogue: 0,0:13:27.41,0:13:31.04,Default,,0000,0000,0000,,but then also everything that came after\Nthat. I mean the only reason the FBI
Dialogue: 0,0:13:31.04,0:13:34.73,Default,,0000,0000,0000,,found child porn on people’s devices is\Nbecause the IP address led them there.
Dialogue: 0,0:13:34.73,0:13:38.75,Default,,0000,0000,0000,,So all of that child porn is also struck\Nfrom the record as well.
Dialogue: 0,0:13:38.75,0:13:49.07,Default,,0000,0000,0000,,And those people are essentially free,\Nby DOJ appeals which are ongoing.
Dialogue: 0,0:13:49.07,0:13:54.60,Default,,0000,0000,0000,,Whether people based outside the United\NStates will have a similar sort of defense
Dialogue: 0,0:13:54.60,0:13:59.12,Default,,0000,0000,0000,,is kind of unclear at the moment. The\NIP address could fall under something
Dialogue: 0,0:13:59.12,0:14:05.55,Default,,0000,0000,0000,,like the Third-Party Doctrine, whereas in:\Nif there’s a German suspect,
Dialogue: 0,0:14:05.55,0:14:10.33,Default,,0000,0000,0000,,and they tried to challenge the legality\Nof the search the German police may say:
Dialogue: 0,0:14:10.33,0:14:13.12,Default,,0000,0000,0000,,“Hey, look, we didn’t do the hacking,\Nwe just got given this IP address
Dialogue: 0,0:14:13.12,0:14:19.60,Default,,0000,0000,0000,,by third party”. And then the defense\Nmight not have much like to stand on.
Dialogue: 0,0:14:19.60,0:14:25.20,Default,,0000,0000,0000,,But I do know of one lawyer in a country\Noutside the U.S. who is going to challenge
Dialogue: 0,0:14:25.20,0:14:29.22,Default,,0000,0000,0000,,the legality of that hacking operation.\NI can’t really say where he is right now
Dialogue: 0,0:14:29.22,0:14:34.09,Default,,0000,0000,0000,,because I think that’s still sourcing out (?)\Nbut that’s gonna be really, really interesting
Dialogue: 0,0:14:34.09,0:14:39.09,Default,,0000,0000,0000,,when that happens, hopefully in the new\Nyear. So forget everything I just told you
Dialogue: 0,0:14:39.09,0:14:43.75,Default,,0000,0000,0000,,about Rule 41 because it doesn’t matter\Nany more. Earlier this month changes
Dialogue: 0,0:14:43.75,0:14:49.93,Default,,0000,0000,0000,,to Rule 41 came into place. Meaning that\Njudges now can authorize searches
Dialogue: 0,0:14:49.93,0:14:56.15,Default,,0000,0000,0000,,outside of their district. So if the Playpen\Nwarrant was signed today it probably
Dialogue: 0,0:14:56.15,0:14:59.11,Default,,0000,0000,0000,,would not violate Rule 41, and the FBI\Nwouldn’t have done anything wrong.
Dialogue: 0,0:14:59.11,0:15:04.36,Default,,0000,0000,0000,,Or the DOJ wouldn’t have done anything\Nwrong. And I just wanna emphasize that
Dialogue: 0,0:15:04.36,0:15:09.94,Default,,0000,0000,0000,,these changes to Rule 41 came about\Nin part, specifically because of
Dialogue: 0,0:15:09.94,0:15:14.06,Default,,0000,0000,0000,,the problem that anonymity networks and\NTor present to law enforcement.
Dialogue: 0,0:15:14.06,0:15:18.40,Default,,0000,0000,0000,,It’s not like Operation Pacifier was over\Nhere, FBI doing its thing, and the DOJ
Dialogue: 0,0:15:18.40,0:15:24.08,Default,,0000,0000,0000,,was sorting out these Rule 41 changes. The\Nchanges have come specifically in response
Dialogue: 0,0:15:24.08,0:15:30.54,Default,,0000,0000,0000,,to criminal investigations\Non the so-called “Darkweb”.
Dialogue: 0,0:15:30.54,0:15:35.27,Default,,0000,0000,0000,,And that’s just this Department quote\Nhere: “We believe technology should
Dialogue: 0,0:15:35.27,0:15:39.66,Default,,0000,0000,0000,,not create a law-less zone merely because\Na procedure rule has not kept up
Dialogue: 0,0:15:39.66,0:15:45.20,Default,,0000,0000,0000,,with the times”. Their argument is that\Nthe Rule 41 is basically an antique,
Dialogue: 0,0:15:45.20,0:15:48.83,Default,,0000,0000,0000,,and they need to change the rules to keep\Nup with criminals that are using stuff
Dialogue: 0,0:15:48.83,0:15:53.82,Default,,0000,0000,0000,,like Tor or VPNs. So that was Pacifier.
Dialogue: 0,0:15:53.82,0:15:58.77,Default,,0000,0000,0000,,That’s the largest law enforcement hacking\Noperation to date that we know about.
Dialogue: 0,0:15:58.77,0:16:02.22,Default,,0000,0000,0000,,Just very, very briefly I’m gonna talk\Nabout another FBI one where they likely
Dialogue: 0,0:16:02.22,0:16:07.09,Default,,0000,0000,0000,,hacked into computers abroad. This one\Nis called “Torpedo” which is even worse
Dialogue: 0,0:16:07.09,0:16:12.48,Default,,0000,0000,0000,,than Operation Pacifier when it comes\Nto child porn names.
Dialogue: 0,0:16:12.48,0:16:17.30,Default,,0000,0000,0000,,In 2012 or 2013 the FBI take over\NFreedom Hosting which is
Dialogue: 0,0:16:17.30,0:16:22.97,Default,,0000,0000,0000,,sort of a turnkey hosting provider.\NYou sign up to the service
Dialogue: 0,0:16:22.97,0:16:27.94,Default,,0000,0000,0000,,that hosts your Darkweb site. It doesn’t\Nmatter if it’s legal or not, whatever.
Dialogue: 0,0:16:27.94,0:16:33.15,Default,,0000,0000,0000,,The FBI sees it, they deploy an NIT\Nagain, a piece of malware.
Dialogue: 0,0:16:33.15,0:16:41.70,Default,,0000,0000,0000,,And this time the FBI trying (?) identify\Nusers of 23 different child pornography sites.
Dialogue: 0,0:16:41.70,0:16:44.92,Default,,0000,0000,0000,,In the warrant application there’s\Na section specifically about
Dialogue: 0,0:16:44.92,0:16:49.37,Default,,0000,0000,0000,,a Hungarian language site.\NI mean even the FBI officer
Dialogue: 0,0:16:49.37,0:16:53.51,Default,,0000,0000,0000,,– I think it’s the FBI writing it – says:\N“Oh, if you put this into Google Translate
Dialogue: 0,0:16:53.51,0:16:59.94,Default,,0000,0000,0000,,it means this, it’s Hungarian, blablabla”.\NAs I mentioned in the Playpen example
Dialogue: 0,0:16:59.94,0:17:03.37,Default,,0000,0000,0000,,the FBI did not know where the computers\Nthat they were going to hack
Dialogue: 0,0:17:03.37,0:17:07.41,Default,,0000,0000,0000,,were located. This is an interesting case\Nbecause I’m going to guess
Dialogue: 0,0:17:07.41,0:17:13.22,Default,,0000,0000,0000,,that a lot of the users of a Hungarian\Nlanguage site are probably in Hungary.
Dialogue: 0,0:17:13.22,0:17:16.76,Default,,0000,0000,0000,,So the FBI might have had some idea\Nthat they were gonna hack computers there.
Dialogue: 0,0:17:16.76,0:17:20.66,Default,,0000,0000,0000,,Did the FBI warn Hungarian law\Nenforcement? Did they get permission
Dialogue: 0,0:17:20.66,0:17:24.40,Default,,0000,0000,0000,,of the Hungarian authorities to hack\Ncomputers in their country?
Dialogue: 0,0:17:24.40,0:17:30.52,Default,,0000,0000,0000,,We don’t know yet.\NAnd I somehow doubt it.
Dialogue: 0,0:17:30.52,0:17:36.83,Default,,0000,0000,0000,,And then just finally it’s – excuse me –\Nit’s not just the FBI
Dialogue: 0,0:17:36.83,0:17:40.42,Default,,0000,0000,0000,,that’s using hacking tools\Nto target suspects overseas.
Dialogue: 0,0:17:40.42,0:17:45.12,Default,,0000,0000,0000,,A local Australian police department,\NQueensland Police,
Dialogue: 0,0:17:45.12,0:17:49.51,Default,,0000,0000,0000,,has a specialized task force\Nfor child sexual exploitation,
Dialogue: 0,0:17:49.51,0:17:52.53,Default,,0000,0000,0000,,Taskforce Argos.
Dialogue: 0,0:17:52.53,0:17:56.75,Default,,0000,0000,0000,,And they were the ones that led this\Noperation. There wasn’t any sort of
Dialogue: 0,0:17:56.75,0:18:00.74,Default,,0000,0000,0000,,an official statement from Queensland\NPolice saying: “Hey look, we unmasked
Dialogue: 0,0:18:00.74,0:18:05.86,Default,,0000,0000,0000,,all of these criminals in the U.S.”.\NIt was only by piecing together
Dialogue: 0,0:18:05.86,0:18:11.76,Default,,0000,0000,0000,,pretty spread-out (?) U.S. court documents\Nthat I could map the contours of this
Dialogue: 0,0:18:11.76,0:18:15.83,Default,,0000,0000,0000,,hacking operation that everyone\Nkind of wants to keep quiet about.
Dialogue: 0,0:18:15.83,0:18:21.52,Default,,0000,0000,0000,,So in 2014 Taskforce Argos take over\Nanother Darkweb child porn site
Dialogue: 0,0:18:21.52,0:18:28.64,Default,,0000,0000,0000,,called ‘The Love Zone’. They run it – not\Nfor 13 days like the FBI but for 6 months,
Dialogue: 0,0:18:28.64,0:18:34.76,Default,,0000,0000,0000,,posing as the site’s administrator\Nwho they’d already arrested.
Dialogue: 0,0:18:34.76,0:18:39.28,Default,,0000,0000,0000,,According to one document – not this one –\Nthe Australians obtained at least
Dialogue: 0,0:18:39.28,0:18:45.49,Default,,0000,0000,0000,,30 IP addresses of U.S. based\Nusers of the site. I don’t know
Dialogue: 0,0:18:45.49,0:18:48.42,Default,,0000,0000,0000,,about other countries yet, it’s only\Nthrough these U.S. court documents
Dialogue: 0,0:18:48.42,0:18:54.10,Default,,0000,0000,0000,,that we’ve been able to figure this out.\NAnd the way they did it was
Dialogue: 0,0:18:54.10,0:18:57.78,Default,,0000,0000,0000,,pretty different to the FBI. What they\Nwould do is they would send a link
Dialogue: 0,0:18:57.78,0:19:05.35,Default,,0000,0000,0000,,to a suspect, for a video file.\NThe suspect would click the link,
Dialogue: 0,0:19:05.35,0:19:09.92,Default,,0000,0000,0000,,they will get a warning, saying: “Warning,\Nyou’re opening a file on an external site,
Dialogue: 0,0:19:09.92,0:19:14.11,Default,,0000,0000,0000,,do you want to continue?” Something to\Nthat effect. If the person ignored
Dialogue: 0,0:19:14.11,0:19:19.24,Default,,0000,0000,0000,,the warning and clicked “Yes”\Na video of real child pornography
Dialogue: 0,0:19:19.24,0:19:22.59,Default,,0000,0000,0000,,played on the supect’s machine,\Nand then that video phoned home
Dialogue: 0,0:19:22.59,0:19:28.54,Default,,0000,0000,0000,,to an Australian server. I mean, you can\Ndebate whether this is hacking or not.
Dialogue: 0,0:19:28.54,0:19:34.13,Default,,0000,0000,0000,,I mean the FBI weren’t clearly delivering\Na Tor browser exploit with malware etc.
Dialogue: 0,0:19:34.13,0:19:38.38,Default,,0000,0000,0000,,Is this hacking? I would say so. If we\Nthink the phishing for Government e-mails
Dialogue: 0,0:19:38.38,0:19:43.74,Default,,0000,0000,0000,,is hacking – sure. But that’s kind of the\Ntrivial debate, anyway. The real debate
Dialogue: 0,0:19:43.74,0:19:49.24,Default,,0000,0000,0000,,is: was this a search in illegal sense of\Nthe word? Did the Australians obtain
Dialogue: 0,0:19:49.24,0:19:54.43,Default,,0000,0000,0000,,information from a private place, namely\Na private computer, in a private residence,
Dialogue: 0,0:19:54.43,0:19:58.30,Default,,0000,0000,0000,,and did they get a search warrant to do\Nthat? And again, we don’t know,
Dialogue: 0,0:19:58.30,0:20:03.55,Default,,0000,0000,0000,,because they wont't talk to me.
Dialogue: 0,0:20:03.55,0:20:08.59,Default,,0000,0000,0000,,So clearly, that was all about child abuse\Nand child pornography investigations.
Dialogue: 0,0:20:08.59,0:20:13.19,Default,,0000,0000,0000,,Insofar this sort of international hacking,\Nas far as we know, as far as I know,
Dialogue: 0,0:20:13.19,0:20:18.15,Default,,0000,0000,0000,,has only been used for those sorts of\Ninvestigations. But as for the future
Dialogue: 0,0:20:18.15,0:20:25.10,Default,,0000,0000,0000,,with Rule 41, the changes there, we could\Npresumably see it to go to other types
Dialogue: 0,0:20:25.10,0:20:30.40,Default,,0000,0000,0000,,of investigations, maybe Darkweb drug\Nmarkets. Plenty of these markets have
Dialogue: 0,0:20:30.40,0:20:35.16,Default,,0000,0000,0000,,dedicated vendor-only sections that you\Ncan only login to if you are a drug dealer
Dialogue: 0,0:20:35.16,0:20:41.09,Default,,0000,0000,0000,,on the site. I mean here, this isn’t from\NNIT or a malware investigation.
Dialogue: 0,0:20:41.09,0:20:45.30,Default,,0000,0000,0000,,This is when Carnegie Mellon University\Nattacked the Tor network, obtained
Dialogue: 0,0:20:45.30,0:20:49.36,Default,,0000,0000,0000,,IP addresses, and then gave those – well,\Nwas subpoenaed for those and gave them
Dialogue: 0,0:20:49.36,0:20:55.49,Default,,0000,0000,0000,,to the FBI. But the key part is that in\Nthis search warrant it’s saying: “Hey look,
Dialogue: 0,0:20:55.49,0:20:58.37,Default,,0000,0000,0000,,there’s probable cause because this\Nsuspect was logging in to the
Dialogue: 0,0:20:58.37,0:21:03.57,Default,,0000,0000,0000,,drug dealer-only section of Silk Road 2.0\Nso we have reason to raid his house”.
Dialogue: 0,0:21:03.57,0:21:07.89,Default,,0000,0000,0000,,I can easily see this sort of section\Nbeing in a malware warrant or an NIT
Dialogue: 0,0:21:07.89,0:21:14.24,Default,,0000,0000,0000,,warrant, as well. And then I suppose the\Nother more obvious example
Dialogue: 0,0:21:14.24,0:21:18.53,Default,,0000,0000,0000,,– if that hasn’t happened already –\Nis putting a piece of malware to hack
Dialogue: 0,0:21:18.53,0:21:23.44,Default,,0000,0000,0000,,suspects internationally on a Jihadi\Nforum. Maybe in administrator or moderator
Dialogue: 0,0:21:23.44,0:21:28.55,Default,,0000,0000,0000,,sections, so you know you’re gonna be\Ntargeting high-ranking members of the forum.
Dialogue: 0,0:21:28.55,0:21:31.33,Default,,0000,0000,0000,,I mean I personally don’t know if that\Nwould be the FBI or another agency
Dialogue: 0,0:21:31.33,0:21:35.53,Default,,0000,0000,0000,,doing that. But that’s clearly somewhere\Nwhere malware can be useful
Dialogue: 0,0:21:35.53,0:21:42.51,Default,,0000,0000,0000,,in international context. But apart from\Npredicting where this might go, I mean,
Dialogue: 0,0:21:42.51,0:21:47.33,Default,,0000,0000,0000,,clearly this is gonna continue, just a few\Nweeks ago there was a Firefox zeroday
Dialogue: 0,0:21:47.33,0:21:52.72,Default,,0000,0000,0000,,out in the wild. Me and my colleague\NLorenzo tracked it back to a specific
Dialogue: 0,0:21:52.72,0:21:57.02,Default,,0000,0000,0000,,child porn site in the Darkweb where\Nthat 0-day had been deployed.
Dialogue: 0,0:21:57.02,0:22:02.01,Default,,0000,0000,0000,,So this is an active thing.\NThis is still going on.
Dialogue: 0,0:22:02.01,0:22:07.40,Default,,0000,0000,0000,,And that’s it. But… just a last thing\Nif you have any documents, data,
Dialogue: 0,0:22:07.40,0:22:12.46,Default,,0000,0000,0000,,information, tips on FBI malware,\Nlaw enforcement malware, who is using it,
Dialogue: 0,0:22:12.46,0:22:17.61,Default,,0000,0000,0000,,who is buying it, how they’re using it –\Nthese are my various contact channels.
Dialogue: 0,0:22:17.61,0:22:19.07,Default,,0000,0000,0000,,Thanks a lot!\N{\i1}applause{\i0}
Dialogue: 0,0:22:19.07,0:22:29.58,Default,,0000,0000,0000,,{\i1}ongoing applause{\i0}
Dialogue: 0,0:22:29.58,0:22:35.45,Default,,0000,0000,0000,,Herald: Thank you, Joseph.\NThank you.
Dialogue: 0,0:22:35.45,0:22:41.89,Default,,0000,0000,0000,,Any questions from the audience?
Dialogue: 0,0:22:41.89,0:22:45.60,Default,,0000,0000,0000,,Oh, we got one on [microphone] 4.
Dialogue: 0,0:22:45.60,0:22:49.48,Default,,0000,0000,0000,,Question: Thanks for the talk.\NReally nice. Quick question,
Dialogue: 0,0:22:49.48,0:22:54.36,Default,,0000,0000,0000,,you’ve presented\Nsome pretty illegal things.
Dialogue: 0,0:22:54.36,0:22:59.48,Default,,0000,0000,0000,,On both sides.\NOn child pornography,
Dialogue: 0,0:22:59.48,0:23:03.52,Default,,0000,0000,0000,,and all of those things.\NAnd on the law enforcer’s side.
Dialogue: 0,0:23:03.52,0:23:09.72,Default,,0000,0000,0000,,Now my question is, did you intentionally\Nmention those really illegal aspects
Dialogue: 0,0:23:09.72,0:23:16.31,Default,,0000,0000,0000,,like child pornography to justify the\Nactions of the FBI in any way?
Dialogue: 0,0:23:16.31,0:23:19.83,Default,,0000,0000,0000,,Joseph: You mean, did I specifically\Nspeak about child pornography
Dialogue: 0,0:23:19.83,0:23:22.37,Default,,0000,0000,0000,,to justify the FBI’s actions?\NQuestion: Yes.
Dialogue: 0,0:23:22.37,0:23:28.08,Default,,0000,0000,0000,,Joseph: No. This is just… I mean child\Npornography and child sexual exploitation
Dialogue: 0,0:23:28.08,0:23:32.45,Default,,0000,0000,0000,,is where law enforcement are using the\Nreally cool stuff. This is where they’re
Dialogue: 0,0:23:32.45,0:23:37.22,Default,,0000,0000,0000,,using their Tor Browser exploits. This is\Nwhere they’re using their Firefox zerodays.
Dialogue: 0,0:23:37.22,0:23:41.33,Default,,0000,0000,0000,,And I’m just attracted to where the cops\Nare doing interesting things.
Dialogue: 0,0:23:41.33,0:23:47.22,Default,,0000,0000,0000,,So, if it was on drug markets I’d cover\Nthat as well. But at the moment,
Dialogue: 0,0:23:47.22,0:23:52.19,Default,,0000,0000,0000,,at least to my knowledge, it’s just\Nlocalized to the child pornography
Dialogue: 0,0:23:52.19,0:23:55.73,Default,,0000,0000,0000,,investigations. Presumably, because law\Nenforcement feel like not many people
Dialogue: 0,0:23:55.73,0:23:59.62,Default,,0000,0000,0000,,are going to argue with them with maybe\Ndoing illegal search for child porn
Dialogue: 0,0:23:59.62,0:24:03.89,Default,,0000,0000,0000,,because everybody finds that crime\Nabhorrent. But, no, that’s just
Dialogue: 0,0:24:03.89,0:24:05.18,Default,,0000,0000,0000,,how it is at the moment.
Dialogue: 0,0:24:05.18,0:24:08.84,Default,,0000,0000,0000,,Question: Okay, let me rephrase that.\NDo you feel it’s justified for them
Dialogue: 0,0:24:08.84,0:24:10.100,Default,,0000,0000,0000,,to use exploits?
Dialogue: 0,0:24:10.100,0:24:13.43,Default,,0000,0000,0000,,Joseph: Do I feel it’s justified for\Nthem to use exploits? I don’t think
Dialogue: 0,0:24:13.43,0:24:19.40,Default,,0000,0000,0000,,it’s anything intrinsically wrong\Nwith law enforcement hacking.
Dialogue: 0,0:24:19.40,0:24:24.55,Default,,0000,0000,0000,,But even though child pornography is\Nan absolutely disgusting crime
Dialogue: 0,0:24:24.55,0:24:29.11,Default,,0000,0000,0000,,and I can’t find it, obviously, any way\Nto justify it I also want law enforcement
Dialogue: 0,0:24:29.11,0:24:32.42,Default,,0000,0000,0000,,to follow the law.\NAnd to respect the law as well.
Dialogue: 0,0:24:32.42,0:24:37.50,Default,,0000,0000,0000,,{\i1}applause{\i0}
Dialogue: 0,0:24:37.50,0:24:43.49,Default,,0000,0000,0000,,Question: Thank you.\N{\i1}ongoing applause{\i0}
Dialogue: 0,0:24:43.49,0:24:49.78,Default,,0000,0000,0000,,Herald: Any other questions?\NAnybody from IRC?
Dialogue: 0,0:24:49.78,0:24:52.78,Default,,0000,0000,0000,,The (?) on 5, go ahead.
Dialogue: 0,0:24:52.78,0:24:56.56,Default,,0000,0000,0000,,Question: Well, I wanted to ask probably\Nthe same question whether it’s dubious
Dialogue: 0,0:24:56.56,0:25:00.57,Default,,0000,0000,0000,,from the moral point of view?\NAnd you already answered it.
Dialogue: 0,0:25:00.57,0:25:05.24,Default,,0000,0000,0000,,You don’t see it dubious as I understand,\Nright? As the legislation can be questioned,
Dialogue: 0,0:25:05.24,0:25:11.16,Default,,0000,0000,0000,,and should be rearranged there is not much\Nethical discussion whether this should be
Dialogue: 0,0:25:11.16,0:25:16.07,Default,,0000,0000,0000,,done or not. But while you were at the\Ntopic for a while: do you have any other
Dialogue: 0,0:25:16.07,0:25:20.31,Default,,0000,0000,0000,,proposals how to resolve this issue,\Nmaybe? Technically,
Dialogue: 0,0:25:20.31,0:25:22.16,Default,,0000,0000,0000,,from the technical point of view.
Dialogue: 0,0:25:22.16,0:25:25.03,Default,,0000,0000,0000,,Joseph: Sure. So I mean, just before\NI answer that I just wanna make clear
Dialogue: 0,0:25:25.03,0:25:30.23,Default,,0000,0000,0000,,that I’m, like a journalist,\Nnot an activist or a technologist.
Dialogue: 0,0:25:30.23,0:25:34.05,Default,,0000,0000,0000,,I don’t think it will be right for me to\Nsay this is how we should combat this.
Dialogue: 0,0:25:34.05,0:25:38.35,Default,,0000,0000,0000,,I’m just saying, hey, that’s what\Nthe FBI did. That sort of thing.
Dialogue: 0,0:25:38.35,0:25:45.27,Default,,0000,0000,0000,,But to answer the question, I think\NMozilla and Tor have been working
Dialogue: 0,0:25:45.27,0:25:50.54,Default,,0000,0000,0000,,on a way to stop this sort of\Nde-anonymization attack, that,
Dialogue: 0,0:25:50.54,0:25:55.80,Default,,0000,0000,0000,,when the FBI would hit a computer with\Ntheir exploits and then the NIT code
Dialogue: 0,0:25:55.80,0:26:00.69,Default,,0000,0000,0000,,would deploy, that’s not enough. I really\Ncan’t remember the technical details
Dialogue: 0,0:26:00.69,0:26:04.97,Default,,0000,0000,0000,,off the top (?) in my head, but there is an\Narticle online that I wrote.
Dialogue: 0,0:26:04.97,0:26:08.28,Default,,0000,0000,0000,,But then they would have\Nto break out of the sandbox as well.
Dialogue: 0,0:26:08.28,0:26:11.84,Default,,0000,0000,0000,,But more to answer your question\Ngenerally: there are technological solutions
Dialogue: 0,0:26:11.84,0:26:16.80,Default,,0000,0000,0000,,that people are making here. And they\Ncould be live pretty soon. But then
Dialogue: 0,0:26:16.80,0:26:20.20,Default,,0000,0000,0000,,what is the FBI gonna do after that?\NThey’re not gonna stop making malware.
Dialogue: 0,0:26:20.20,0:26:25.10,Default,,0000,0000,0000,,They’re gonna… they’ll deploy a nit that\Nwill then rummage through your computer
Dialogue: 0,0:26:25.10,0:26:28.63,Default,,0000,0000,0000,,and find incriminating documents and then\Nphone home. If they can’t get your real
Dialogue: 0,0:26:28.63,0:26:33.98,Default,,0000,0000,0000,,IP address they’re gonna\Nget evidence somehow.
Dialogue: 0,0:26:33.98,0:26:36.01,Default,,0000,0000,0000,,Herald: No.1 was up next.
Dialogue: 0,0:26:36.01,0:26:40.78,Default,,0000,0000,0000,,Question: Hi Joseph. In your background\Nresearch on law enforcement
Dialogue: 0,0:26:40.78,0:26:45.66,Default,,0000,0000,0000,,using technology like this to target child\Nporn sites. So you profiled the FBI
Dialogue: 0,0:26:45.66,0:26:49.48,Default,,0000,0000,0000,,on how they may have (?)(?) around\Nsome of the letter of the law
Dialogue: 0,0:26:49.48,0:26:53.10,Default,,0000,0000,0000,,in order to get done the job they needed\Nto get done. Are the other law enforcement
Dialogue: 0,0:26:53.10,0:26:57.69,Default,,0000,0000,0000,,agencies you found that are kind of like\Na gold standard in their approach
Dialogue: 0,0:26:57.69,0:27:01.83,Default,,0000,0000,0000,,to solving this problem that abide\Nby the rules, and maybe
Dialogue: 0,0:27:01.83,0:27:03.81,Default,,0000,0000,0000,,solve this problem in a different way?
Dialogue: 0,0:27:03.81,0:27:06.90,Default,,0000,0000,0000,,Joseph: When you say… so the question\Nwas, are there other law enforcement
Dialogue: 0,0:27:06.90,0:27:11.53,Default,,0000,0000,0000,,agencies who may be better or the same\Nsort of standard (?) as the FBI this problem.
Dialogue: 0,0:27:11.53,0:27:15.13,Default,,0000,0000,0000,,When you say “this problem” you mean\N“combating child porn on the Darkweb”?
Dialogue: 0,0:27:15.13,0:27:17.89,Default,,0000,0000,0000,,Question: Yeah, clearly something needs to\Nbe done about these sites. And there’s
Dialogue: 0,0:27:17.89,0:27:23.50,Default,,0000,0000,0000,,a limited number of options available.\NSo the FBI is kind of busted out (?)
Dialogue: 0,0:27:23.50,0:27:26.81,Default,,0000,0000,0000,,in trying every single piece of technology\Nthey can to solve it. But are there others
Dialogue: 0,0:27:26.81,0:27:31.90,Default,,0000,0000,0000,,that maybe take a more restraint approach\Nbut still solve the problem?
Dialogue: 0,0:27:31.90,0:27:37.71,Default,,0000,0000,0000,,Joseph: When it specifically comes\Nto malware I haven’t seen much
Dialogue: 0,0:27:37.71,0:27:44.45,Default,,0000,0000,0000,,in the wild or publicly but in the U.K.\NGCHQ, the country’s
Dialogue: 0,0:27:44.45,0:27:51.26,Default,,0000,0000,0000,,signals intelligence agency has said,\Nor a report said, it is using
Dialogue: 0,0:27:51.26,0:27:57.04,Default,,0000,0000,0000,,bulk interception, so GCHQ’s mass\Nsurveillance capabilities, to do
Dialogue: 0,0:27:57.04,0:28:00.58,Default,,0000,0000,0000,,traffic correlation attacks, and they\Ncan then unmask Darkweb users
Dialogue: 0,0:28:00.58,0:28:05.64,Default,,0000,0000,0000,,and hidden service IP addresses.\NThat’s not malware but that is
Dialogue: 0,0:28:05.64,0:28:11.45,Default,,0000,0000,0000,,an extreme use of technological\Ncapability, I guess.
Dialogue: 0,0:28:11.45,0:28:17.03,Default,,0000,0000,0000,,And yeah, we could definitely see\Nmore of that. I think in the report
Dialogue: 0,0:28:17.03,0:28:21.13,Default,,0000,0000,0000,,the Home Office said the GCHQ had got\Nsomething like 50 individuals
Dialogue: 0,0:28:21.13,0:28:26.38,Default,,0000,0000,0000,,in the past 18 months through bulk traffic\Nanalysis. That’s not malware,
Dialogue: 0,0:28:26.38,0:28:28.45,Default,,0000,0000,0000,,but yeah, that’s where stuff could go,\Ndefinitely.
Dialogue: 0,0:28:28.45,0:28:30.45,Default,,0000,0000,0000,,Question: Cool. Thanks.
Dialogue: 0,0:28:30.45,0:28:33.68,Default,,0000,0000,0000,,Herald: I give you one last question,\Nit will be number 4, over here.
Dialogue: 0,0:28:33.68,0:28:38.58,Default,,0000,0000,0000,,Question: Hi, I was wondering, because you\Nmentioned bulk analysis which I considered
Dialogue: 0,0:28:38.58,0:28:44.32,Default,,0000,0000,0000,,to be significantly worse than targeted\Nanalysis, in the way that it violates
Dialogue: 0,0:28:44.32,0:28:47.94,Default,,0000,0000,0000,,everybody’s liberties rather than specific\Nindividuals who are definitely engaging
Dialogue: 0,0:28:47.94,0:28:52.78,Default,,0000,0000,0000,,in criminal activity.
Dialogue: 0,0:28:52.78,0:28:57.42,Default,,0000,0000,0000,,So why is it you feel that there’s\Nsome kind of violation,
Dialogue: 0,0:28:57.42,0:29:02.17,Default,,0000,0000,0000,,like these people they need to find\Nthese criminals, and the jurisdiction
Dialogue: 0,0:29:02.17,0:29:05.51,Default,,0000,0000,0000,,needs to be significantly wider,\Nand I understand that it’s terrible
Dialogue: 0,0:29:05.51,0:29:09.28,Default,,0000,0000,0000,,that they’re hacking us. But at the same\Ntime they need to be caught. So how
Dialogue: 0,0:29:09.28,0:29:16.79,Default,,0000,0000,0000,,can they make legislation that’s\Nable to find these people legally
Dialogue: 0,0:29:16.79,0:29:20.52,Default,,0000,0000,0000,,when it’s outside of their jurisdiction,\Nand they might be targeting people,
Dialogue: 0,0:29:20.52,0:29:24.76,Default,,0000,0000,0000,,if they’re doing a dragnet on a website,\Nlike you’re example. And they’re gonna be
Dialogue: 0,0:29:24.76,0:29:27.38,Default,,0000,0000,0000,,hacking people that are not in their\Ncountry. They can’t limit it to the people
Dialogue: 0,0:29:27.38,0:29:32.29,Default,,0000,0000,0000,,that are in that country. And only hack\Nthose people. It’s technically impossible.
Dialogue: 0,0:29:32.29,0:29:36.87,Default,,0000,0000,0000,,So what’s the solution for this?
Dialogue: 0,0:29:36.87,0:29:41.49,Default,,0000,0000,0000,,Joseph: I mean, some senators in the US\Ndid propose a Stop Mass Hacking Act
Dialogue: 0,0:29:41.49,0:29:46.50,Default,,0000,0000,0000,,which would have blocked the Rule 41\Nchanges. It was unsuccessful, and
Dialogue: 0,0:29:46.50,0:29:50.13,Default,,0000,0000,0000,,in part – this is just my personal\Nopinion – I think it’s because they
Dialogue: 0,0:29:50.13,0:29:55.47,Default,,0000,0000,0000,,didn’t present a viable alternative.\NI mean, as you say, these people
Dialogue: 0,0:29:55.47,0:30:01.14,Default,,0000,0000,0000,,need to be caught, I mean, that sort of\Nthing, but when these senators said:
Dialogue: 0,0:30:01.14,0:30:05.34,Default,,0000,0000,0000,,“Yeah, we need to stop all this global\Nhacking” there was no alternative presented,
Dialogue: 0,0:30:05.34,0:30:10.89,Default,,0000,0000,0000,,so we don’t know, basically.\NAs for legislative changes
Dialogue: 0,0:30:10.89,0:30:16.41,Default,,0000,0000,0000,,I think it’s more… it’s less the\N“Hey, here’s a concrete law or rule
Dialogue: 0,0:30:16.41,0:30:21.28,Default,,0000,0000,0000,,that we need to fix right now”, it’s more\Nlike there’s a looming issue of
Dialogue: 0,0:30:21.28,0:30:26.54,Default,,0000,0000,0000,,“What happens when the FBI hacks a child\Npornographer in Russia, or one who happens
Dialogue: 0,0:30:26.54,0:30:30.41,Default,,0000,0000,0000,,to be a politician in another country?”\NAre they still gonna go, and then go
Dialogue: 0,0:30:30.41,0:30:34.06,Default,,0000,0000,0000,,to local law enforcement, “Hey, we got\Nthis IP address of one of your senior
Dialogue: 0,0:30:34.06,0:30:37.99,Default,,0000,0000,0000,,politicians who happens to be looking at\Nchild porn”. I mean what are the ramifications
Dialogue: 0,0:30:37.99,0:30:42.03,Default,,0000,0000,0000,,of that gonna be? But to answer your\Nquestion: we don’t really know.
Dialogue: 0,0:30:42.03,0:30:46.57,Default,,0000,0000,0000,,It’s more of just this looming issue that\Nlaw enforcements are firing malware
Dialogue: 0,0:30:46.57,0:30:51.99,Default,,0000,0000,0000,,and asking questions later.
Dialogue: 0,0:30:51.99,0:30:54.61,Default,,0000,0000,0000,,Herald: Thank you so much. If you got\Na round of applause for Joseph Cox!
Dialogue: 0,0:30:54.61,0:30:58.100,Default,,0000,0000,0000,,{\i1}applause{\i0}
Dialogue: 0,0:30:58.100,0:31:02.36,Default,,0000,0000,0000,,{\i1}postroll music{\i0}
Dialogue: 0,0:31:02.36,0:31:22.88,Default,,0000,0000,0000,,{\i1}Subtitles created by c3subtitles.de\Nin the year 2017. Join, and help us!{\i0}