What A Dilemma. Hacker v. Porn

Police blotter: Trojan horse leads to porn convictions
By Declan McCullagh, CNET News.com
Published on ZDNet News: August 25, 2006, 6:00 AM PT

http://news.zdnet.com/2100-1009_22-6109567.html?tag=nl.e550

Alabama man tries again to throw out his conviction instigated by a hacker who broke into his computer and found child pornography.

When: U.S. District Judge W. Harold Albritton rules on Aug. 2.

Outcome: Albritton denies a request for a new trial.

What happened, according to court documents:
In early 2000, a computer hacker who used the now-defunct e-mail address unknownuser1069@hotmail.com seeded a Usenet newsgroup called alt.binaries.pictures.erotica.pre-teen with a clever bit of malicious Windows software.

The Trojan horse program, called SubSeven or Sub7, can look innocuous. But once installed, it installs a backdoor in the victim’s computer and can allow files to be extracted and a keystroke logger to be installed.

SubSeven did its job. On July 16, 2000, “1069” sent e-mail to the Montgomery, Ala., Police Department saying, “I found a child molester on the Net.” The e-mail included an attached photograph of what looked like a girl no older than 6 being sexually abused.

At the urging of Montgomery Police Capt. Kevin Murphy, “1069” eventually turned over more and more information that led back to a computer owned by Bradley Joseph Steiger, who had worked as an emergency room physician in Alabama. The hacker’s finds included information from Steiger’s AT&T WorldNet account, records from his checking account, and a list of directories on his computer’s hard drive where sexually explicit photographs were stored.

“1069” refused to be identified, saying he was living in Istanbul, Turkey, and did not want to be involved in any court proceedings. During Steiger’s trial, the prosecutor said “we have not seen anything to indicate that this person is other than?a citizen of Turkey.” That turned out not to be entirely true: The FBI actually had made contact with “1069” through a U.S. phone number. (Click here for PDF.)

A year later, “1069” fingered another man, William Adderson Jarrett, who lived in the Richmond, Va., area. He again contacted Murphy, who started an investigation that led to Jarrett’s arrest.

That’s when an odd thing happened. Instead of informing “1069” that he was committing federal felonies and should cease immediately, Murphy and the FBI encouraged the hacker to continue. The FBI wrote “1069” in January 2002: “The FACT still stands that you are not a citizen of the United States and are not bound by our laws. Our federal attorneys have expressed NO desire to charge you with any CRIMINAL offense. You have not hacked into any computer at the request of the FBI or other law (enforcement) agency. You have not acted as an agent for the FBI or other law enforcement agency. Therefore, the information you have collected can be used in our criminal trials.”

Steiger was convicted of sexual exploitation of children, possession of a computer containing child pornography, and receipt of child pornography. He was sentenced to more than 17 years in prison. In January 2003, the 11th Circuit Court of Appeals upheld his conviction, saying that Congress had left a loophole open in federal privacy law that lets hackers like “1069” get away with turning information over to the government and having it used in court. (The 11th Circuit called it a “legislative hiatus in the current laws purporting to protect privacy in electronic communications.”)

Jarrett, the Richmond-area man, also went to Club Fed. In May 2004, a federal judge accepted his guilty plea and sentenced him to more than 19 years in prison. That was after the 4th Circuit Court of Appeals rejected his argument that “1069” was effectively acting illegally with the government’s blessing. (The judges said that “1069” apparently had that kind of “relationship” with the government “going forward,” but not at the time the illegal intrusions took place.)

Since his conviction, Steiger has been trying to overturn it, first with the help of a federal public defender and then by filing legal briefs that he wrote himself. His latest one was filed last month, alleging that FBI agents who testified may have withheld evidence relating to the identity of “1069” and that a new trial is necessary.

Albritton, the U.S. District judge, rejected the request on Aug. 2. Albritton ruled: “There is simply no basis from which to conclude that Unknown User 1069 was acting as an informant of the FBI so as to allow for discovery as to whether the FBI concealed information.”

Excerpt from the court’s opinion in the Jarrett case:
At some point after sending the e-mail message, Agent Duffy, working with Agent Faulkner, composed a list of questions to ask Unknownuser in the event that Agent Duffy was able to talk with Unknownuser.

A few days after sending the e-mail, Duffy received a phone call in response to the message. The caller had a Turkish accent and identified himself as “Unknownuser.” Agent Duffy spoke with Unknownuser and asked him the list of questions he had prepared with Agent Faulkner. Unknownuser responded that he would get back to Agent Duffy with the answers. They also discussed the method by which Unknownuser searched Steiger’s computer, with Unknownuser explaining that he used a Subseven Trojan Horse virus and describing his activity as “hacking” into the computer.

Also during the telephone conversation, Agent Duffy thanked Unknownuser for what he had done, stated that he appreciated what Unknownuser had done, and told Unknownuser that he had possibly saved two young girls. Agent Duffy asked Unknownuser to reach out to him because Agent Duffy (wanted) to speak with and meet with Unknownuser. Agent Duffy claims that he did not provide directions to Unknownuser or encourage him to do additional searches. The written evidence in Agent Duffy’s e-mails as described herein indicates otherwise, however, and the Court does not give great weight to this assertion by Agent Duffy.

On November 28, 2000, Unknownuser called Agent Duffy’s office a second time, but Agent Duffy missed the call.

Agent Duffy sent another email on Nov. 29, 2000. In this message, titled “Good news,” Agent Duffy confirms that the United States authorities do not desire to prosecute Unknownuser and that they would like to interview Unknownuser. Agent Duffy suggests a date to meet at the United States Consulate and asks Unknownuser to “please answer this request.” Agent Duffy further states, again, that “(you) will not be arrested–that is a promise. You have helped to save at least two lives in the U.S. and (you) should be proud of that fact.”

Wow! That’s messed up. On the one hand, you have guys accessing kiddie porn and should be thrown under the prison. But on the other hand, you have an illegal hacker going into people’s computers and pulling up information. All with the FBI and the government being ok with it. Who is to say that this guy couldn’t upload some of this stuff on a computer as well as find it on a computer? Who is to say that this guy couldn’t do other damage as well? I’m pretty torn on this.

I was thinking along the same lines. The pedophile should’ve claimed that the images had been put there by the hacker; or by someone else, who could find SubSeven simply by using a port scanner. Unless the ISP keeps logs of every packet (unlikely) that goes to and from each of its customers, it should be enough for reasonable doubt.

The guy is probably in trouble because he panicked and fessed up to the crimes before talking to his attorney. I have zero sympathy for him.

To be clear, the mod added the “Hacker v. Porn” part to clarify what the thread was about. I don’t equate child porn to good old American spankin’ porn.

Note too that using the term “hacker” is rather generous for this guy. He didn’t “hack” much; he tricked a pedophile in trojaning his PC and accessed it that way. Those types are generally refered to as “script kiddies.”

This guy probably saves the porn he likes and then reports the guy he got it from.

This is a dangerous precedent. This kind of thing is what will lead to the arrest of Americans in the future for things like acts of dissent which will be labeled sedition. The precedent is set by attacking someone which no one will possibly have sympathy for, in this case child molesters. I really really hate to have to stick up for these assholes, but if we don’t stick up for them, when the time comes no one will stick up for us.

–Mike

[quote]Mikeyali wrote:
This is a dangerous precedent. This kind of thing is what will lead to the arrest of Americans in the future for things like acts of dissent which will be labeled sedition. The precedent is set by attacking someone which no one will possibly have sympathy for, in this case child molesters. I really really hate to have to stick up for these assholes, but if we don’t stick up for them, when the time comes no one will stick up for us.

–Mike[/quote]

Exactly.

[quote]Mikeyali wrote:
This is a dangerous precedent. This kind of thing is what will lead to the arrest of Americans in the future for things like acts of dissent which will be labeled sedition. The precedent is set by attacking someone which no one will possibly have sympathy for, in this case child molesters. I really really hate to have to stick up for these assholes, but if we don’t stick up for them, when the time comes no one will stick up for us.

–Mike[/quote]

The guy is up shit creek because he’s stupid just as much as because he’s a pedophile. He could’ve encrypted his illegal images (although with Subseven, intercepting the password was just a matter of time); but most of all, when arrested, he should’ve kept his mouth shut and repeated “I want my lawyer.” And make sure to get a lawyer that understands computers or who has access to experts who can explain what’s happened and what can be done.

Once the computer is compromised, there’s no way to get rid of the “reasonable doubt” that the images might have been planted.

There was even a case recently of a pedophile being “arrested” by a worm. http://news.softpedia.com/news/The-Sober-Worm-Apprehends-Pedophile-15414.shtml When the guy got an email sent by the worm to propagate itself that pretended to be from the FBI, the guy panicked and turned himself in.

This type of thing is actually very common. By the way, to clarify what is misconstrued by the media, any idiot can use a program like Sub7 or other scripts to easily access a computer, it really takes no talent. You can do a mass scan of a vulnerability and own half a Class C block on the internet, to actually target something well protected is a challenge. Glad this guy got those sick fucks thrown in jail though, serves them right.

www.ehap.org - Ethical Hackers Against Pedophilia

A lot of hackers love hacking racists, pedophiles, scammers, and dirtbags. Back in my days of computer…er…we’ll leave it at that

[quote]grew7 wrote:
This guy probably saves the porn he likes and then reports the guy he got it from.[/quote]

I am shocked they would ever get a conviction off of this. If your computer has been compromised, there is no way that you can prove that the person knew the material was on their computer. 1069 in this case could have gone around framing people and using their computers to store images. I’m not familiar with computer forensics, but it seems like it would be very difficult to prove beyond a reasonable doubt.