The Tech Herald

FBI conducts raids and makes arrests for clicking on hyperlinks

by Steve Ragan - Mar 21 2008, 12:00

The word coming out of the mouths of many online after reading the reports on recent FBI arrests is entrapment. The FBI has created honeypots, and scattered links online, which link to supposed child pornography. Anyone who clicks these links is then subject to a visit form the friendly feds and could face arrest and jail time.

CNET is reporting the story of Roderick Vosburgh, a doctoral student at Temple University, who was subjected to an FBI raid in February 2007 after he clicked on one of the honeypot links. Vosburgh was charged with violating federal law, which criminalizes "attempts" to download child pornography with up to 10 years in prison. He was found guilty, and faces sentencing April 22. He faces four years max if given the stiffest punishment.

So he’s a pervert right? He got what he earned you say. Not so fast, because there is something seriously scary about all of this, and this could lead the FBI into hot water. The FBI’s operation worked like this: They start by posting links to child porn on a forum called Ranchi, according to FBI reports and CNET this site was picked because it was thought that its users routinely sought underage subjects in movies and images. Those links are actually pointed at an FBI server. If they were clicked, the FBI would record the IP address, and visit the owner. The problem is there is no referring link recorded, so there was no way for the FBI to track where the visit came from.

One example of such links, from court documents, reads “Here is one of my favs - 4yo he with dad (toddler, some oral, some anal) - supercute!" one of the agent's messages stated. "Havent'seen her on the board before - if anyone has anymore, PLEASE POST.”

“Now, I understand the noble pursuit, but there’s a fairly huge flaw in the old logic. I can force users to click on links anytime I want. Now here comes some interesting CSRF technology grey area. The authorities might reasonably say, “The referrer doesn’t match.” Okay, well that’s what our good friend META refresh is for. I can force you to click on things without leaving a referring URL at all,” RSnake said over at ha.ckers.org when blogging about this issue.

“So now the real question is would a user with no referring URL be worthy of investigation? Is this the newest wave in reasons to turn off referring URLs?” he adds pointing out flaws in the logic, such as Pre-fetching browsers. If an attacker were to use hovering Iframes beneath the mouse, or older browsers that still allow spoofed URL’s, each can lead to someone being tricked into visiting the FBI’s website. “Again, I’m all for the noble pursuit, but seriously - this seems a little dangerous to me. Is clicking a link evidence enough of guilt?”

The issue of assumed guilt is huge here. The nature of the crime is harsh as well. This will cause most people to pre-judge the accused. Pedophiles are sick, sick people. However, while it is a good assumption to say that most people would support the FBI ridding the world of pedophiles, no one would want to be falsely accused.

“I thought it was scary that they could do this. This whole idea that the FBI can put a honeypot out there to attract people is kind of sad. It seems to me that they've brought a lot of cases without having to stoop to this,” Vosburgh’s lawyer, Anna Durbin told CNET.

What about entrapment? There are many people screaming that line, in comment sections and blogs. “Claims of entrapment have been made in similar cases, but usually do not get very far,” Stephen Saltzburg, a professor at George Washington University's law school said to CNET. “The individuals who chose to log into the FBI sites appear to have had no pressure put upon them by the government...It is doubtful that the individuals could claim the government made them do something they weren't predisposed to doing or that the government overreached.”

The potential for false arrests and character assassination by branding someone a pedophile is huge here. Vosburgh has filed an appeal to his case, no word yet on a ruling.

Around the Web

Comment on this Story

comments powered by Disqus
Security
Index
News
 
Features
Reviews

From Autosaur.com

How to wash a car: The perfect formula

Tests have shown there is a perfect formula for how to wash a car — and boffins have even put it into a mathematical equation. The formula is below, but first a team of car experts found the top five tips for how to wash a car are as follows: 1) Always try to wash [...]

The post How to wash a car: The perfect formula appeared first on Autosaur.

Fastest Car in The World: The ultimate guide

EVERYONE wants to know what the fastest car in the world is and here is a list of the cream of the crop. It gives you a thorough guide as to the main contenders, talks you through the rest of the world’s fastest automobiles, and reveals the two main future potential holders of the most [...]

The post Fastest Car in The World: The ultimate guide appeared first on Autosaur.

World’s first flat-pack truck the OX could help Africa

A flat-pack truck which can be put together by anyone in just half a day has been invented to help people living in remote places in Africa and other parts of the developing world. The OX is shipped in pieces but can be assembled with just three people in 11.5hours — and they need no [...]

The post World’s first flat-pack truck the OX could help Africa appeared first on Autosaur.