Why aren't all Internet child pornographers caught?

[md2000]

chrisk:

With my home routers, I can’t run a web server inside unless I configure the router to route incoming traffic on a port to a particular address. The thing is, the web server doesn’t start network sessions - it’s the web client (the browser) that does. So even if the other person trying to browse to my webserver isn’t behind a firewall, they won’t get through.

Of course, there’s other things you could do at a laptop at Starbucks to distribute your pics, I’m sure. But drachillix mentioned a web server, and AFAIK they don’t work like that; you can’t start a network session from a webserver to your clients to let the router know how to forward their requests.

Chats work the same as Skype or bittorrent or other peer to peer networks.

You make a connection to some server, say you want to join the chat. If someone wants to talk to you, your info is availablef or the server to hand off. The peer then contacts you. It akes advantage of a feature of most (cheaper) firewalls; when you establish a session to the outside, your return path is open for everyone, if the application is willing to receive packets from alternative IP addresses.

So you contact “ChatMaster.ru” on http, on port 80. Your firewall takes your session and assigns it some port number on the firewall as the return address - public IP 100.200.30.40 port 6543, lets say. Your browser or chat program may only want to talk to chatmaster.ru, but if a signal comes in from some other source, the firewall can forward it and your program may respond appropriately. This is logical, because you may contact your bank on web server www.mybank.ng, but their load balancing will forward your session to “www419.mybank.ng”. Your firewall has to allow this hand-off to take place.

Once A and B are chatting privately, any further intercepts of their communication require you to tap the connection between them, the central server is no longer in the loop.

[RickJay]

PatriotGrrrl:

InI assume law enforcement does their best, but they have limited resources. Civilians can’t help them since they’d be committing a crime by seeing the child porn.

Well, the police are not exempt from the law either. I am sure that people investigating such things are exempt from the law for the purposes of their jobs, whether or not they are, technically, officers of the peace.

[Moonlitherial]

RickJay:

Well, the police are not exempt from the law either. I am sure that people investigating such things are exempt from the law for the purposes of their jobs, whether or not they are, technically, officers of the peace.

My husband is in IT security and as a part of investigations of the idiotic things people put on their work laptops is required to review them then testify when trials are involved. It’s definitely one of the least pleasant parts of his job and people are morons.

[grude]

There was an anonymous article released on wikileaks that was titled something like confessions of a child pornographer, everything detailed within was at least physically possible in the real world, and great detail is gone into on the business running side. Encrypted files are placed on hosts, customers never contact these hosts directly but use go between servers etc.

The author also claims that they are selling access to basically nude pictures of children, and that no one is selling stuff like child rape porn. That those are traded by enthusiasts via private online channels.

[brazil84]

RickJay:

I honestly find it baffling how people get away with this crime.

Isn’t pretty much every image traceable? If I post a picture on a website, isn’t my IP address, one way or another, traceable? Obviously that information is not necessarily easily had, but if someone is committing a criminal offense surely warrants will be forthcoming?

Why can’t the cops catch them every time? If nerds and geeks can seemingly ferret out every bit of deception that pisses them off, like a company using a sock account or something, why can they not apply their skills to catching purveyors of child porn? How on earth can anyone get away with this (at least, on the Internet)?

Your question reminds me of an observation Robert Heinlein is reputed to have made:

The answer to any question starting, “Why don’t they-” is almost always, “Money.”

Anyway, I agree with the other posters that it’s a matter of resources. As long as it takes significant (but scarce) time and effort to bust child pornographers, there will be people who produce and distribute the stuff.

[dzeiger]

md2000:

the Starbucks router isn’t much different from your home router; uses NAT, hands out addresses, becomes the gateway address on that network. On the internet, all traffic looks like it comes from the gateway’s address. it forwards back to you any replies to network sessions you started. To connect two people behind firewalls, yes, you initially need some sort of connection server.

do you actually have knowledge of how the current iteration of WiFi at Starbucks works, or are you just assuming they do the same things that mom-and-pop coffee shops often do?

I helped run the WiFi network for all Starbucks stores back when it was all done via the T-Mobile Hotspot network, and I’d say that it resembles a home network in the same way that any network resembles a home network–that is to say, a lot of the basic terms and concepts are the same, but there’s a lot of actual differences.

For example, NAT/PAT pools were deep in the data centers, not the stores, and yes, I do recall a lot of peer-to-peer stuff did have problems, particularly if it was something we weren’t aware of.

There was also the problem that you couldn’t get anywhere without a paid account, and if we’re talking about not being tracked down, putting in a username backed by a valid online payment option sounds like exactly the wrong way to go about it.

Now, a few years ago, Starbucks switched from T-Mobile running their WiFi to AT&T running it, so things certainly could be very different now–but I have a hard time thinking that AT&T has made things more open and free.

[md2000]

For a while Starbucks was free wifi, and there were stories about the problem with “squatters” buying one cup and occupying the best spots all day. (One clever solution was to cover the outlets so their laptops could not be charged. Then yes, many years ago they switched to pay or “do you have an AT&T account?” services. (McDonalds and others did the same).

Lately I notice various establishments have “opened up”, recognizing that not everyone deals with the same phone company and of course, you are competing against “I can use cellular” so wifi is a courtesy service again, not a cash cow.

I haven’t made a study of Starbucks or other services, just what I read from time to tome. I assume they have at least higher end firewalls (cisco, Sonicwall, Watchguard; maybe even the equivalent of ISA Server?) not home routers; but I suspect outside the big cities, it sure does not pay to route all your customer traffic by WAN to a central data point.

The trouble is, as demonstrated by Skype, for every clever tech support there’s an equally clever programmer, releasing clients for whatever that can make their way through a firewall.

[drachillix]

chrisk:

Can you really? I assume that starbucks wi-fi generally hands out private network IP addresses to every laptop that signs on and acts as a gateway to the internet.

That means that incoming webserver requests aren’t going to be forwarded back from the gateway to your laptop unless someone specifically configures the gateway to do this. Or am I missing something obvious?

Or you link to a proxy outside of starbucks network.

[drachillix]

ZipperJJ:

You know too much.

I just got done with a server migration…I have networking on the brain…

[Princhester]

PatriotGrrrl:

I assume law enforcement does their best, but they have limited resources. Civilians can’t help them since they’d be committing a crime by seeing the child porn.

Which is what Pete Townsend, errm, says happened with him.

[dzeiger]

md2000:

I haven’t made a study of Starbucks or other services, just what I read from time to tome. I assume they have at least higher end firewalls (cisco, Sonicwall, Watchguard; maybe even the equivalent of ISA Server?) not home routers; but I suspect outside the big cities, it sure does not pay to route all your customer traffic by WAN to a central data point.

That was one of the issues we had–Starbucks insisted that all of their stores be covered and treated equally. Which makes sense from their side, the entire point of chains is that you get the same thing everywhere, but from the WiFi provider’s perspective that means that yes, we did have to run a T1 from stores in North Dakota to wherever the closest aggregation point was (probably Milwaukee in our case), and then the data would cross our internal network to our nearest internet peering point. No way that store’s usage would make that store profitable for us directly, but we had to do it.

The trouble is, as demonstrated by Skype, for every clever tech support there’s an equally clever programmer, releasing clients for whatever that can make their
way through a firewall.

Sure, but you still have to log into an account (unless you’re hiding things in DNS packets, which can work, but makes 300-baud modems seem fast). Easier to wardrive through neighborhoods looking for “2WIRE” SSIDs.

[Rzacks]

Why are you baffled? Can you think of any category of crime where law enforcement succeeds in catching people 100% of the time? Of course not, because that is logistically impossible. Think about things like drinking and driving, using drugs, trafficking drugs, shop lifting, etc., etc. Lots of people get away with every type of crime every day.

And it really is not difficult for someone who is even a little bit technically savvy to get away with a whole range of online computer crimes indefinitely, including trading child porn.

Here are some of the things online criminals often do to both commit their crimes and to avoid detection:

War Driving: For those of you who are not familiar with this term, it consists of driving around in your car looking for open or poorly protected wireless networks that belong to other people. You can download a simple app for your smart phone that shows you all wireless networks in the vicinity and the type of encryption–or lack thereof. If you were to try this sometime, you would be amazed at how many people still don’t password protect their wireless networks. Moreover, even many password protected routers are using older encryption methods that are easily compromised using readily available hacking tools. And of course, if you log into someone else’s network, it is their IP address that shows up when law enforcement is scanning for IP addresses, not yours.

Public Proxy Servers: Proxy servers are servers that allow you to redirect all of your network traffic through someone else’s network, which, again, masks the IP address of the end user. There are many companies out there on the web that provide these services for a small fee and give you a broad range of servers to chose from in countries that still do not have child porn laws and that do not cooperate with law enforcement agencies in other countries. This one measure alone with defeat most law enforcement efforts to find the end user, and when combined with other measures, like war driving, the odds of getting caught become very slim.

Keep on the Move: Someone who uses other people’s networks and chooses a different network in a different place every time greatly reduces the risk that they will be detected.

Software Selection: Purchase online programs that encrypt all of your network traffic and hide your IP address. (These do exist.)

Untraceable Networks: Use something like the freely available Tor network that is virtually impossible to trace.

Use Common Sense: Here are some examples: Do not use public computers, family computers or any shared computer, for that matter. Use a single, small laptop that no one else uses and no one else knows about, and hide it some place where it will not be found. (This is not really hard to do.) Do not download illegal content to your phone and then carry that evidence around with you everywhere you go. (I see lots of people on the news getting caught this way!) Once open networks are identified, leave the cell phone at home when you use them. (Cell phones are exceptional tracking devices that enable law enforcement to trace your every step, including where you were at the time the crime was committed.)

This is only a partial list, but it gives you a good idea of some of the things that criminals can do to greatly reduce the odds of getting caught–and these measures apply to all sorts of crime, not just child porn. Nor is it difficult to find this type of information. With an hour or two of Googling, it’s actually pretty easy to find ways to get away with a whole host of cyber crimes. Even mainstream media is an excellent resource! (Most of what I have mentioned above are things I found in news articles.)

The fact of the matter is, most people who get caught get caught because they assume the odds of getting caught are low and don’t bothered to conceal their activities. But anyone who does take the level of risk seriously has a pretty good chance of getting away with their crimes. And sure, even very careful people are taking some risk and can get caught, but I suspect a lot of them never do.

[Rzacks]

Why are you baffled? Can you think of any category of crime where law enforcement succeeds in catching people 100% of the time? Of course not, because that is logistically impossible. Think about things like drinking and driving, using drugs, trafficking drugs, shop lifting, etc., etc. Lots of people get away with every type of crime every day.

And it really is not difficult for someone who is even a little bit technically savvy to get away with a whole range of online computer crimes indefinitely, including trading child porn.

Here are some of the things online criminals often do to both commit their crimes and to avoid detection:

War Driving: For those of you who are not familiar with this term, it consists of driving around in your car looking for open or poorly protected wireless networks that belong to other people. You can download a simple app for your smart phone that shows you all wireless networks in the vicinity and the type of encryption–or lack thereof. If you were to try this sometime, you would be amazed at how many people still don’t password protect their wireless networks. Moreover, even many password protected routers are using older encryption methods that are easily compromised using readily available hacking tools. And of course, if you log into someone else’s network, it is their IP address that shows up when law enforcement is scanning for IP addresses, not yours.

Public Proxy Servers: Proxy servers are servers that allow you to redirect all of your network traffic through someone else’s network, which, again, masks the IP address of the end user. There are many companies out there on the web that provide these services for a small fee and give you a broad range of servers to chose from in countries that still do not have child porn laws and that do not cooperate with law enforcement agencies in other countries. This one measure alone with defeat most law enforcement efforts to find the end user, and when combined with other measures, like war driving, the odds of getting caught become very slim.

Keep on the Move: Someone who uses other people’s networks and chooses a different network in a different place every time greatly reduces the risk that they will be detected.

Software Selection: Purchase online programs that encrypt all of your network traffic and hide your IP address. (These do exist.)

Untraceable Networks: Use something like the freely available Tor network that is virtually impossible to trace.

Use Common Sense: Here are some examples: Do not use public computers, family computers or any shared computer, for that matter. Use a single, small laptop that no one else uses and no one else knows about, and hide it some place where it will not be found. (This is not really hard to do.) Do not download illegal content to your phone and then carry that evidence around with you everywhere you go. (I see lots of people on the news getting caught this way!) Once open networks are identified, leave the cell phone at home when you use them. (Cell phones are exceptional tracking devices that enable law enforcement to trace your every step, including where you were at the time the crime was committed.)

This is only a partial list, but it gives you a good idea of some of the things that criminals can do to greatly reduce the odds of getting caught–and these measures apply to all sorts of crime, not just child porn. Nor is it difficult to find this type of information. With an hour or two of Googling, it’s actually pretty easy to find ways to get away with a whole host of cyber crimes. Even mainstream media is an excellent resource! (Most of what I have mentioned above are things I found in news articles.)

The fact of the matter is, most people who get caught get caught because they assume the odds of getting caught are low and don’t bothered to conceal their activities. But anyone who does take the level of risk seriously has a pretty good chance of getting away with their crimes. And sure, even very careful people are taking some risk and can get caught, but I suspect a lot of them never do.

[kayaker]

Rzacks:

And it really is not difficult for someone who is even a little bit technically savvy to get away with a whole range of online computer crimes indefinitely, including trading child porn.

You ever done time?

[AK84]

Rzacks. Fascinating. And a little bit scary.

[engineer_comp_geek]

Moderator Action

This thread is turning into a little too much of a “how to” for those wishing to get away with child pornography.

Rzacks, please note the following from the Registration Agreement:

You agree not to post material that in our opinion encourages activity that is illegal in the U.S.

Thread closed.