US Prosecutor's Office abandoned the claim on child pornography, so as not to declassify the exploit for the browser Tor

The US Attorney General’s Department of Justice asked the court to end the hearing on a child pornography case against a user who was deanonymized in the anonymous Tor network. Although the evidence was convincing, the Ministry of Justice chose to give up the case, just not to comply with the requirements of the court - not to issue the source code of the exploit for the Tor browser. Lawyers said that the source code is classified.

Such a request from the prosecutor’s office hints that the 0day vulnerability in the Tor browser (and, most likely, Firefox) is still not closed. If you declassify the code, then it will be closed. Here you can see some duplicity of the FBI and the Ministry of Justice - they agree that the offender will go unpunished. Just to leave an open vulnerability on the computers of millions of users is too important.

We have yet another testimony that the government uses 0day vulnerabilities in popular programs like Firefox, while keeping these vulnerabilities secret.

The US Department of Justice led a lawsuit against high school teacher Jay Michaud, a Playpen porn site visitor on the Tor network. This is one of nearly 200 similar cases against child porn sites that worked on the FBI servers. Here is only the second case when the prosecutor’s office abandoned the claim.
')
In a statement to the court on behalf of the federal prosecutor, Annette Hayes (Annette Hayes), it says literally the following: “The government is now forced to choose between disclosing classified information and refusing to file charges. Disclosure is not an option at this time . The court’s rejection of the lawsuit, while retaining the right of the claimant to continue the lawsuit on the same basis, leaves open the possibility for the government to bring new charges before the expiration of the limitation period when the government will be able to provide the requested information.



The phrase that disclosing information "is not currently an option" and a further explanation suggest that the 0day vulnerability for Tor / Firefox is still at the disposal of the FBI. Although one cannot exclude the possibility that the source code of the exploit "at the moment" is kept secret for some other reason, but the option of continuing to use the bug seems the most logical. The prosecutor's office is talking about the possibility of opening an exploit in the future (read: when the developers of Firefox still get to the bug on their own and close 0day).

At the moment, 137 US citizens are being judged, who were found thanks to the Playpen child pornography site, the world's largest resource of its kind. In early 2015, this site captured the FBI and distributed child pornography for 13 days . The FBI supported the Playpen porn site on the hidden Tor network from February 20 to March 4, 2015. At that time there were more than 215,000 registered users and links to more than 23,000 photos and videos with child pornography, including 9,000 files that were placed directly on the FBI server.

During the operation, the site was visited by over 100,000 registered users. According to the Ministry of Justice, the FBI was able to calculate the IP addresses of 1,300 of them, and criminal cases were filed against 137 citizens.

In previous years, the FBI conducted operations with the seizure of servers with child pornography twice: in 2012 it moved three sites with child porn to itself, and in 2013 it captured and supported the work of hosting Freedom Hosting on the hidden Tor network. In 2013, experts analyzed the malicious Javascript code installed on the server - and found that it exploits a vulnerability in the Firefox 17 ESR browser under Windows, on the basis of which the Tor Browser Bundle was then compiled.

Obviously, a new exploit was created for the new operation, which used a different 0day vulnerability in newer versions of Firefox and Tor.

Tor Browser is the official portable build from The Tor Project, combining Tor with Firefox ESR, including add-ons NoScript, Torbutton and HTTPS Everywhere. This is the most popular Tor browser.

In court documents, the American prosecutor's office calls this exploit “network investigative technique” (network investigative technique, NIT), although in the field of information security such programs are usually called “malware”.

Lawyers have several times tried to access the source code NIT or parts of it in other proceedings in the Playpen case. The fact is that all the evidence in any case should be obtained only by legal means. Accordingly, the plaintiff must convincingly explain how he obtained each piece of evidence. For this reason, in one of the cases the prosecutor's office was forced to give a brief description of the NIT functionality , and in the case against Michaud in May 2016, the judge already decided to provide the source code. To avoid the fulfillment of court requirements, the government had to classify the source code itself (parts of the code) later in 2016, that is, officially transfer it to the category of classified information.

Consideration of many other cases against users of the government site with child pornography Playpen has already been completed. About acquittals are not known. Apparently, all or almost all sentences are indictments. Several cases on the Playpen still linger, where defendants and their attorneys are especially persistent.

Security specialist Christopher Sogoyan at the CCC hacker congress said that these cases against Misho and others are also important because if the government wins on all counts, then using trojans and hacking techniques on a global (federal) scale will be the cheapest way for law enforcement agencies. investigate and collect evidence. This practice will become familiar - and then we are threatened by the prospect of a society of total surveillance and hacks. Spying on people will be extremely cheap and convenient for the authorities.

On the other hand, without such exploits, the authorities can lose the fight against the ubiquitous transition of people to encrypt traffic and use cryptographically protected tools. In this case, the search for criminals will become much more expensive and time consuming.