34 people have killed themselves in the U.K. after being accused of
purchasing child pornography using their credit card numbers on the
Web between 1996 and 1999; and thousands have been imprisoned around
the world for allegedly doing the same. Two of the first, and still
ongoing, large-scale investigations of credit card purchases of child
pornography through the Internet are known as Operation Ore (U.K.) and
Operation Site Key (U.S.) -- tens of thousands of suspects' credit
card numbers were found in the databases used by the alleged
e-commerce child porn ring, and law enforcement's careless
misunderstanding of the Internet and infosec (circa 1999) resulted in
every single one of the suspects being investigated and thousands have
so far been prosecuted and convicted.
Was your credit card number in the Operation Ore / Operation Site Key
database? How would you know unless and until you've been arrested?
Over the last few years I have seen numerous cases in which the
computer forensic evidence proves that a third party intruder was in
control of the suspect's computer. More often there is simply no way
to know for sure what might have happened between 1996 and 1999 with
respect to the computer seized by law enforcement at the time of
arrest years later.
If security flaws, porn spyware, or mistakes by an unskilled end user
resulted, over the years, in some child pornography being downloaded
to a suspect's hard drive, even in 'thumbnail' graphic formats and
recovered only using forensic data recovery tools that carve files out
of unallocated clusters, then the suspect is routinely charged, since
the presence of child pornography on a hard drive owned by a person
who is accused of purchasing child pornography is the best evidence
law enforcement has to prove guilt of these so-called 'electronic
crimes against children' -- crimes that are proved by the mere
existence of data, where it matters not that a suspect did not and
could not have known that the data existed on a hard drive that was in
their possession.
I ask you this question: why doesn't law enforcement bother to conduct
an analysis of the computer evidence looking for indications of
third-party intrusion and malware? Some people have indicated to me
that sometimes law enforcement actually does do post-intrusion
forensics; though this decision is entirely up to the prosecutor or
forensic lab director, and if they don't put in the time to do this
they still get their conviction so there is presently no incentive to
spend hundreds of hours analyzing large hard drives searching for
evidence of intrusion just in case one might have occurred.
A substantial factor in the answer to this question is that it is
nearly impossible to know what might have happened to a computer over
the years, and most computers are used by more than end user to begin
with. Not only is there no way to differentiate
Every person convicted of an electronic crime against a child based
only on evidence recovered from a hard drive that happened to be in
their possession should be immediately released from whatever prison
they are now being held.
Law enforcement must be required to obtain Internet wiretaps, use
keyloggers and screen capture techniques, and conduct other
investigations of crimes-in-progress, because the current approach to
computer forensics being taught by vendors such as Guidance Software
(www.encase.com) and others (who just happen to sell products designed
to analyze and search hard drives) makes the outrageous assertion that
a person can be proven guilty of a crime based only on data that is
found on a hard drive in their possession.
There is simply no way for law enforcement to know the difference
between innocent and guilty persons based on hard drive data
circumstantial evidence. Something must be done to correct this misuse
of computer evidence, and whatever that something is, it is clear that
only an information security organization is going to be able to
explain it to law enforcement and legislators.
Regards,
Jason Coombs
jasonc@xxxxxxxxxxx
--
http://news.independent.co.uk/uk/legal/article316391.ece
30 September 2005 21:24
No evidence against man in child porn inquiry who 'killed himself'
By Ian Herbert
Published: 01 October 2005
The credibility of a major investigation into child pornography came
under renewed scrutiny yesterday after an inquest into the death of a
naval officer who was suspended by the Royal Navy despite a lack of
evidence against him.
The Navy suspended Commodore David White, commander of British forces
in Gibraltar, after police placed him under investigation over
allegations that he bought pornographic images from a website in the
US. Within 24 hours he was found dead at the bottom of the swimming
pool at his home in Mount Barbary.
The inquest into his death heard that computer equipment and a camera
memory chip belonging to Commodore White had yielded no evidence that
he downloaded child pornography, and a letter was written by Ministry
of Defence police to Naval Command on 5 January this year indicating
that there were "no substantive criminal offences" to warrant pressing
charges. But the Second Sea Lord, Sir James Burnell-Nugent, feared
that the media would report the case and on 7 January removed him from
his post anyway.
Despite accepting the news in a "steady fashion", the commodore was
dead the next day. His brother Rupert told the inquest that the news
of his removal had caused his "mental collapse", and that he was in "a
state of catatonic shock".
The head of the Royal Navy, the First Sea Lord, Admiral Sir Alan West,
expressed his "deep regret" over Commodore White's death yesterday,
after the inquest recorded an open verdict.
The coroner, Charles Pitto, said there was insufficient evidence to
conclude whether the commodore's death was accidental or suicide. If
it was suicide, it would have taken to 34 the total number of people
who have killed themselves after being identified as suspects by
Operation Ore, Britain's biggest child-sex probe. The nationwide
police investigation was launched three years ago after a list of
7,200 British suspects was handed to British police by US authorities.
The men on the list are accused of using credit cards to pay for child
porn through Landslide, a sex website that operated in Texas from
1996-99.
The results have seemed impressive. Nearly 4,000 people have been
arrested, some 1,600 have been charged and 1,200 convicted. But the
operation has placed some apparently innocent individuals under
suspicion. In one case at Hull Crown Court last year, a distinguished
hospital consultant was acquitted after it emerged that hackers had
used his credit card on Landslide. The judge dismissed some police
evidence as "utter nonsense".
Robert Del Naja, frontman of the group Massive Attack, was also
wrongly accused of downloading child pornography. His arrest in 2003
was leaked to the media, but the case was dropped. The Who guitarist
Pete Townshend, the most high-profile name to emerge so far from the
Ore list, was not charged because he had not downloaded any pictures,
and said he had been doing research for a book about child abuse.
The inquest heard Commodore White had reached the peak of his military
career. During the 1990s he was on the military staff at Nato HQ in
Brussels and was promoted to Captain in 1997, when he became the
assistant director for naval operations during the Kosovo conflict. In
2001, he was appointed captain of the Second Submarine Squadron, and
was in charge of Trafalgar class submarines. He never married, but was
seen as very sociable.
The credibility of a major investigation into child pornography came
under renewed scrutiny yesterday after an inquest into the death of a
naval officer who was suspended by the Royal Navy despite a lack of
evidence against him.
The Navy suspended Commodore David White, commander of British forces
in Gibraltar, after police placed him under investigation over
allegations that he bought pornographic images from a website in the
US. Within 24 hours he was found dead at the bottom of the swimming
pool at his home in Mount Barbary.
The inquest into his death heard that computer equipment and a camera
memory chip belonging to Commodore White had yielded no evidence that
he downloaded child pornography, and a letter was written by Ministry
of Defence police to Naval Command on 5 January this year indicating
that there were "no substantive criminal offences" to warrant pressing
charges. But the Second Sea Lord, Sir James Burnell-Nugent, feared
that the media would report the case and on 7 January removed him from
his post anyway.
Despite accepting the news in a "steady fashion", the commodore was
dead the next day. His brother Rupert told the inquest that the news
of his removal had caused his "mental collapse", and that he was in "a
state of catatonic shock".
The head of the Royal Navy, the First Sea Lord, Admiral Sir Alan West,
expressed his "deep regret" over Commodore White's death yesterday,
after the inquest recorded an open verdict.
The coroner, Charles Pitto, said there was insufficient evidence to
conclude whether the commodore's death was accidental or suicide. If
it was suicide, it would have taken to 34 the total number of people
who have killed themselves after being identified as suspects by
Operation Ore, Britain's biggest child-sex probe. The nationwide
police investigation was launched three years ago after a list of
7,200 British suspects was handed to British police by US authorities.
The men on the list are accused of using credit cards to pay for child
porn through Landslide, a sex website that operated in Texas from
1996-99.
The results have seemed impressive. Nearly 4,000 people have been
arrested, some 1,600 have been charged and 1,200 convicted. But the
operation has placed some apparently innocent individuals under
suspicion. In one case at Hull Crown Court last year, a distinguished
hospital consultant was acquitted after it emerged that hackers had
used his credit card on Landslide. The judge dismissed some police
evidence as "utter nonsense".
Robert Del Naja, frontman of the group Massive Attack, was also
wrongly accused of downloading child pornography. His arrest in 2003
was leaked to the media, but the case was dropped. The Who guitarist
Pete Townshend, the most high-profile name to emerge so far from the
Ore list, was not charged because he had not downloaded any pictures,
and said he had been doing research for a book about child abuse.
The inquest heard Commodore White had reached the peak of his military
career. During the 1990s he was on the military staff at Nato HQ in
Brussels and was promoted to Captain in 1997, when he became the
assistant director for naval operations during the Kosovo conflict. In
2001, he was appointed captain of the Second Submarine Squadron, and
was in charge of Trafalgar class submarines. He never married, but was
seen as very sociable.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/