ISPs maintain hash values of known child porn files? Show me a single ISP in the Seattle area that runs any of its residential customer http traffic through a caching proxy that examines and hashes each file, I'll eat my shoe.
Apparently, the National Center for Missing and Exploited Children provides ISPs with a hash database of known illegal images [1]. ISPs are then required by statute to notify the government when images with matching hashes cross their network [2].
I know the hashes exist, but they're not used on traffic in transit except in very unusual circumstances. They're used by web hosting companies/dedicated server providers/VPS hosting companies etc to examine the disk/storage device contents of a suspicious server against a known list of the hashes of previously-seized CP.
All you have to do is get access to that DB and then you have A1 blackmail material, ready to bury any enemy of yours, specially in America, specially if they have/deal-with children.
I think, since it's a database of hashes, it's non-reversible. Access to the database gives you nothing but a way to detect the files, and even if a file happens to have the same hash (which would be exceedingly rare) it's easy to see that it's a false positive. Actually a pretty good win for cryptography in fighting the problem (as it doesn't require the illegal material to detect the illegal material - regardless of how irresponsible it is to have a concept of illegal information).
If someone were to crop an arbitrary side of the image by 1-2 pixels would that defeat a system like this? Extending that thinking a bit further, would it be trivial to just build out an Apache extension like Google Pagespeed that sort of did this randomly?
"This hash is computed such that it is resistant to alterations in the image, including resizing and minor color alterations."
(https://en.wikipedia.org/wiki/PhotoDNA)
Ugh, this is not how you do crypto. Crypto algorithms have to be understood with regards to what guarantees they provide and in what context. Your approach here is basically ZOMG COLLISIONS ARE BAD when in fact collision-resistance was never a property of this hash function and a collision doesn't provide an attacker with any power they didn't already have.
If an attacker has the power to create a non-CP file that has the same hash as a CP file and plant it without detection, they have the power to plant a CP file without detection. Why would they go to the effort to create a collision with a non-CP file? It's wasted effort.
Bob is found with a file of pseudo random data that matches a hash on the database.
There's no evidence of other images of child sexual abuse on his machine; there's no history of sites that distribute images of child sexual abuse; there's no history of the file being opened by Bob; Bob claims that he didn't know the file was there and he doesn't know what it is.
How does that benefit an attacker? How does that benefit an attacker more than just taking actual images of child sexual abuse and putting those on Bob's computer?
I don't know the laws in the US; is the police obligated to respond if someone warns them of this event? (Bob has a file matching a "bad hash".) How seriously - will there be a polite guy knocking on the door, or a SWAT team at 3 am? If nothing is found, and another such event occurs next month, will they have to check again?
People can come up with crazy scenarios for anything :)
>"[t]he duty to provide public services is owed to the public at large, and, absent a special relationship between the police and an individual, no specific legal duty exists."
That's not how this works. When a service provider detects a match, they send the file when they report the match. They don't just say "hey, some file matched this hash" and then SWAT kicks down the door, because that would be stupid. They send the file, NCMEC looks at it, and then forwards it to law enforcement who also looks at it. If it's a random file that happens to collide, NCMEC won't send it to law enforcement, and if they did, law enforcement wouldn't act on it.
It not like a md5 hash. The hashing function is designed such that similar images will produce similar hashs. But yes if you modify it enough it will not match, you will have to modify it much more then just cropping though. They usually do very well with that.
Isn't that what they're going for? I certainly haven't seen any signs of intent to correct or rehabilitate the convicted for many crimes. The Department of Corrections should just be called the Department of Punishment, in my opinion, though that's perhaps not as catchy.
This is 100% true for anyone in IT could ruin anyone they want to. I am shocked the number of people caught doing this is so low but few people realize the power an IT person has.
I can't even think of how someone could prevent this type of thing. Even if you kept your own access logs it's doubtful a judge would allow you to use it as evidence.
While good, sort of scary because a lot of small players would host ads to get revenue and some of the ads would be filed with sexual content, even though these websites aren't even porn sites. Just some random humor site or some fortunate teller site, so if this were really true, wouldn't we be be looked at!?
yes, I know, but 1/1000 may be. what if it's loaded over http behind the scene without any display? still transmitted over your network. What if the site just got hacked?
Then those facts become part of the investigation. Having your computer searched doesn't mean you at guilty or even that you will be charged. It just means your machine is implicated in a crime.
The unfortunate reality is that if you become a suspect that is good enough to burn you at the stake for much of the population. The same with rape really. Once you've been a suspect or, even worse, accused you are basically screwed.
There is so much explaining going on here that it seems like the judge has no understanding of how the internet works.
If that's the case, how could the judge be able to give a reasonable response to this affidavit? Seems like a case that requires such a long-winded technical preface could at least be handled by a judge who knows what an IP address is...
Most of the text in the warrant appears to be boilerplate language that is legally required or at least legally advisable in case it is ever challenged in court. I'm sure FBI agents have template word documents they keep, detailing their experience and relevant basic facts about each kind of case and then they just fill in the blanks when they have a case of that genre. This way no one can argue that the judge was not apprised of the basic facts.
That is an interesting read. They just seem to dump everything they know about how computers are used in relation to child pornography even if it's unrelated to the case at hand.
Even though they mention the hashing and Photo DNA (which is a real system that ISPs use) the warrant rests on regular old reporting of a video by site admins.
Don't know about Seattle but my ISP does run a transparent proxy that does mitm for http and caches files.
They use http://www.peerapp.com/ devices to do so.
I was also successful in poisoning their cache quite easily
http://www.thestranger.com/images/blogimages/2016/04/08/1460...
ISPs maintain hash values of known child porn files? Show me a single ISP in the Seattle area that runs any of its residential customer http traffic through a caching proxy that examines and hashes each file, I'll eat my shoe.