Justice Dept. drops Playpen child porn case to prevent release of Tor hack

A court filing says the government has ‘no choice but to seek dismissal of the indictment’ because it refuses to release details of how it used a Tor browser hack.

 

(Image: file photo)

 

 

 

Justice Dept. lawyers are asking a federal court to drop a case against a dark web child porn site because it says it cannot reveal how it used a browser exploit to target thousands of unsuspecting visitors to the site.

A court filing posted late on Friday in Washington state said that because the government is “unwilling to disclose” how it carried out the hacks, it has “no choice but to seek dismissal” of the case.

“The government must now choose between disclosure of classified information and dismissal of its indictment. Disclosure is not currently an option,” said the filing.

However, the government’s attorneys are asking the case to be reopened once the exploit is no longer classified.

The case, proven to be of the most controversial indictments in recent history, focused on Jay Michaud, a school administrator from Vancouver, WA, who was arrested in July 2015 for viewing child porn images.

Michaud was accused of accessing over a hundred threads on Playpen, a dark web site accessible over the Tor anonymity network, which hosted child abuse imagery for thousands of users.

Feds discovered the server was hosted in the US, and obtained a search warrant that seized the server.

But instead of pulling down the website, the FBI continued to run the website for almost two weeks, as part of efforts to discover the identities of others who accessed the site.

The FBI used a “network investigative technique” — a hacking tool that in any other hands than the feds would be considered malware — to DE anonymize the users of the Tor browser, a widely used app for easy access to the dark web, during its 2015 investigation into the website.

Little is known about the hacking tool, but it was known to be able to gather real-world information on Playpen visitors, such as IP addresses — details of which should have been protected by Tor.

But the government refused to reveal the full source code of the exploit in court, and so the judge tossed out the evidence, rendering a significant set-back to the government’s case.

Given that the Tor browser uses much of the same code as Firefox, it’s long believed that the vulnerability is a zero-day flaw affecting the browser.

In May, Mozilla filed a brief in the Playpen defendant’s case asking the FBI to privately disclose the flaw in order to fix the bug that it says would affect the security of “hundreds of millions of users.”

A judge is expected to rule on the case in the coming weeks.

 

 

No Comments Yet.

Leave a comment