Tag Archives: FBI

Google technology catches out man accused of uploading over 3,000 child porn images and he is arrested by the FBI

Google technology catches out man accused of uploading over 3,000 child porn images and he is arrested by the FBI

 

Daily Mail / UK
November 24, 2013

 

Caught: A California man was arrested on child porn charges after he was reported by Google for uploading pictures to their photo sharing site Picasa (pictured in this file photo)
Caught: A California man was arrested on child porn charges after he was reported by Google for uploading pictures to their photo sharing site Picasa (pictured in this file photo)

 

Google’s efforts to block child pornography snared a victim earlier in November when a California man was arrested, accused of uploading over 3,000 pornographic images online.

Raul Gonzales, 40, identified in criminal complaint on November 6, was recently arrested by the FBI in Woodland, as reported by CBS.

Yet the investigation against him started in March, when Google’s ‘hashing’ technology detected images that Gonzales had added to their photo sharing site Picasa.

The web giant then alerted the National Center for Missing and Exploited Children, which discovered more images uploaded by Gonzalez to Tumblr.

The FBI then took over the investigation. Disturbingly, CBS also reported that the agency found pictures of a 9-year-old child who is close to the family.

The station also said that Gonzales had admitted to sexually assaulting this child.

Google’s servers are able to search through images uploaded online. Algorithm technology can detect possible examples of child pornography.

Once such images are found it is examined by a human employee to check that the photo depicts abuse and not something more innocent, like a child at bathtime.

Every offending picture can then be tagged with a particular digital fingerprint, which shows up if the image is reloaded online elsewhere.

 

Scene: Raul Gonzales, 40, was arrested in this street in Woodland, California, accused of uploading over 3,000 images online.
Scene: Raul Gonzales, 40, was arrested in this street in Woodland, California, accused of uploading over 3,000 images online.

 

Following UK Prime Minister David Cameron’s recent efforts to tackle child pornography, Google Chief Executive Eric Schmidt wrote an op-ed in the Daily Mail on the issue.

In that article, Schmidt explained the ways in which his company was using technology to take on the disturbing problem:

Cleaning up search:

We’ve fine tuned Google Search to prevent links to child sexual abuse material from appearing in our results.

While no algorithm is perfect – and Google cannot prevent paedophiles adding new images to the web – these changes have cleaned up the results for over 100,000 queries that might be related to the sexual abuse of kids.

As important, we will soon roll out these changes in more than 150 languages, so the impact will be truly global.

Deterrence:

We’re now showing warnings – from both Google and charities – at the top of our search results for more than 13,000 queries.

These alerts make clear that child sexual abuse is illegal and offer advice on where to get help.

Detection and removal:

There’s no quick technical fix when it comes to detecting child sexual abuse imagery.

This is because computers can’t reliably distinguish between innocent pictures of kids at bathtime and genuine abuse. So we always need to have a person review the images.

 

Technology: Google's servers are able to search through images uploaded online. Algorithm technology can detect possible pornographic images.
Technology: Google’s servers are able to search through images uploaded online. Algorithm technology can detect possible pornographic images.

 

Once that is done – and we know the pictures are illegal – each image is given a unique digital fingerprint.

This enables our computers to identify those pictures whenever they appear on our systems. And Microsoft deserves a lot of credit for developing and sharing its picture detection technology.

But paedophiles are increasingly filming their crimes. So our engineers at YouTube have created a new technology to identify these videos.

We’re already testing it at Google, and in the new year we hope to make it available to other internet companies and child safety organisations.

Technical expertise:

There are many organisations working to fight the sexual exploitation of kids online – and we want to ensure they have the best technical support.

So Google plans to second computer engineers to both the Internet Watch Foundation (IWF) here in Britain and the US National Center for Missing and Exploited Children (NCMEC). We also plan to fund internships for other engineers at these organisations.

Direct Link:  http://www.dailymail.co.uk/news/article-2512752/Google-technology-catches-man-accused-uploading-3-000-child-porn-images-arrested-FBI.html

BREAKING NEWS: Former F.B.I. Agent Pleads Guilty in Leak to A.P., and already plead guilty in a separate F.B.I. investigation for distributing child pornography!

Former F.B.I. Agent Pleads Guilty in Leak to A.P.

 

The New York Times
by Charlie Savage
September 23, 2013

WASHINGTON —

A former Federal Bureau of Investigation agent has agreed to plead guilty to leaking classified information to The Associated Press about a foiled bomb plot in Yemen last year, the Justice Department announced on Monday. Federal investigators said they identified him after obtaining phone logs of Associated Press reporters.

The retired agent, a former bomb technician named Donald Sachtleben, has agreed to serve 43 months in prison, the Justice Department said. The case brings to eight the number of leak-related prosecutions brought under President Obama’s administration; under all previous presidents, there were three such cases.

Read the full article at… Direct Link:  http://www.nytimes.com/2013/09/24/us/fbi-ex-agent-pleads-guilty-in-leak-to-ap.html?hp&_r=0

 

Satan-obsessed former Los Angeles airport screener busted for making threats on eve of 9/11 anniversary

Satan-obsessed former Los Angeles airport screener busted for making threats on eve of 9/11 anniversary

Nna Alpha Onuoha, 29, was collared late Tuesday and is being held on suspicion of making threats that cited the anniversary of the Sept. 11 attacks. Onuoha is reportedly the TSA screener who made creepy comments to a teen about her clothing as she passed through LAX security in June.

 

New York Daily News
by  Nancy Dillon
September 11, 2013

 

 

Nna Alpha Onuoha, 29, was nabbed on Tuesday after making calling in threats to LAX and puting a menacing note inside his closet that referenced the Sept. 11 anniversary, sources say. On Onuoha's personal website, satanhasfallen.org, he rambles about evil spirits and posts photos expressing his beliefs. (satanhasfallen.org)
Nna Alpha Onuoha, 29, was nabbed on Tuesday after making calling in threats to LAX and puting a menacing note inside his closet that referenced the Sept. 11 anniversary, sources say. On Onuoha’s personal website, satanhasfallen.org, he rambles about evil spirits and posts photos expressing his beliefs. (satanhasfallen.org)

 

A Satan-obsessed airport security screener who allegedly made creepy comments to a teen traveler in June is behind bars on suspicion of calling in threats to LAX and taping a menacing note inside his closet invoking the Sept. 11 anniversary, FBI officials said.

Nna Alpha Onuoha, 29, worked for the TSA for seven years but was recently suspended after Los Angeles high school student Sarina Frauenfelder accused him of making inappropriate comments about her apparel as she passed through security June 16, a well-placed source told the Daily News.

“You’re only 15, cover yourself,” Onuoha allegedly said, according to a blog post by Frauenfelder’s dad, the founder of the popular blog Boing Boing.

Onuoha, a Nigerian national who’s now a naturalized U.S. citizen, was disgruntled over the resulting disciplinary action and flipped out Tuesday with a series of threats against LAX, officials said.

 

Investigators that went to Onuoha's home found a note taped inside a closet that read '09/11/2013 THERE WILL BE FIRE! FEAR! FEAR! FEAR!'  (satanhasfallen.org)
Investigators that went to Onuoha’s home found a note taped inside a closet that read ’09/11/2013 THERE WILL BE FIRE! FEAR! FEAR! FEAR!’ (satanhasfallen.org)

 

He abruptly quit his job and left a package at his former office that was treated as suspicious and inspected by a police bomb squad.

Investigators found no explosives or harmful substances, but the parcel contained an 8-page letter in which Onuoha “expressed his thoughts about the incident that led to his suspension and disdain for the United States,” an FBI spokeswoman said in a statement.

A man believed to be Onuoha also called an LAX checkpoint and told a screener that he had visited certain terminals that day and that TSA officials should evacuate the airport starting with Terminal 2, an FBI agent wrote in an affidavit filed Wednesday with a criminal complaint.

 

Onuoha worked for the TSA for seven years, but was recently suspended after after Los Angeles high school student Sarina Frauenfelder accused him of making inappropriate comments about her apparel as she passed through the LAX security line on June 16, sources say. Here, another photo from Onuoha's site.  (satanhasfallen.org)
Onuoha worked for the TSA for seven years, but was recently suspended after after Los Angeles high school student Sarina Frauenfelder accused him of making inappropriate comments about her apparel as she passed through the LAX security line on June 16, sources say. Here, another photo from Onuoha’s site. (satanhasfallen.org)

 

According to the affidavit, the caller said he would be “watching” to see if the TSA did as he directed.

 

RELATED: THE TOWERING SYMBOL OF SEPT. 11

A man believed to be Onuoha later called the TSA manager listed on the package and said the terminals should be evacuated immediately because the TSA was running out of time.

Onuoha also called LAX police and said they should evacuate the airport because he was “going to deliver a message to America and the whole world,” the FBI agent wrote in the affidavit.

 

A note from Onuoha's website dated on the 12th anniversary of the 9/11 attacks: 'I hope to see you all at the real Alpha and Omega checkpoint.'  (satanhasfallen.org)
A note from Onuoha’s website dated on the 12th anniversary of the 9/11 attacks: ‘I hope to see you all at the real Alpha and Omega checkpoint.’ (satanhasfallen.org)

 

The terminals in question were cleared without disrupting flights, and no threat to the airport was found.

Investigators with the FBI’s Joint Terrorism Task Force scrambled to Onuoha’s residence in nearby Inglewood and found it empty other than a note taped inside a closet that read “09/11/2013 THERE WILL BE FIRE! FEAR! FEAR! FEAR!” the FBI agent wrote.

 

RELATED: FATHER OF 9/11 HERO DISCOVERS COMFORT AT THE BALLPARK

Acting on a tip, investigators later found Onuoha in a van in the parking lot of Harvest Christian Fellowship Church in Riverside, a source told the News.

 

Onuoha's website includes ramblings about evil spirits, Satan and the antichrist, such as the letter pictured.  (satanhasfallen.org )
Onuoha’s website includes ramblings about evil spirits, Satan and the antichrist, such as the letter pictured. (satanhasfallen.org)

 

“There was no evidence of any explosives or weapons found in the investigation,” the source said.

Onuoha was cooperative and said in a post-arrest interview that the taped note meant he intended to start preaching in the streets on Sept. 11, 2013, the FBI said.

He claimed he did not intend his telephone statements to be threats and he had no plans to become violent, the FBI said.

 

RELATED: EXPLOSION DAMAGES LIBYA’S FOREIGN MINISTRY

 

Investigators with the Joint Terrorism Task Force found a note taped up in Onuoha's residence containing an 'unspecified' threat citing the 9/11/13 anniversary, an FBI spokeswoman said. Here, another note from Onuoha's personal website.
Investigators with the Joint Terrorism Task Force found a note taped up in Onuoha’s residence containing an ‘unspecified’ threat citing the 9/11/13 anniversary, an FBI spokeswoman said. Here, another note from Onuoha’s personal website.

 

Onuoha, a former National Guardsman who had been living in home for U.S. Veterans, has since been linked to a personal website, www.satanhasfallen.org, that includes rambling writing about evil spirits, Satan and the antichrist.

In one passage, Onuoha talks about his past struggles with pornography and prostitutes and his quest for “righteousness.”

He also called America a “great harlot” that corrupts “the innocent.”

Onuoha remained in custody Wednesday and had his initial detention hearing postponed to Monday.

He was charged with making the false threats against LAX and had his arraignment set for Oct. 1, officials said.

 

 
Direct Link:  http://www.nydailynews.com/news/national/los-angeles-airport-screener-busted-making-threats-eve-9-11-anniversary-feds-article-1.1451921

Feds Are Suspects in New Malware That Attacks Tor Anonymity

Feds Are Suspects in New Malware That Attacks Tor Anonymity

 

WIRED / Threat Level
by Kevin Poulsen
August 5, 2013

Feds Are Suspects in New Malware That Attacks Tor Anonymity
Feds Are Suspects in New Malware That Attacks Tor Anonymity (Photo: Andrewfhart / Flickr)

 

Security researchers tonight are poring over a piece of malicious software that takes advantage of a Firefox security vulnerability to identify some users of the privacy-protecting Tor anonymity network.

The malware showed up Sunday morning on multiple websites hosted by the anonymous hosting company Freedom Hosting. That would normally be considered a blatantly criminal “drive-by” hack attack, but nobody’s calling in the FBI this time. The FBI is the prime suspect.

“It just sends identifying information to some IP in Reston, Virginia,” says reverse-engineer Vlad Tsyrklevich. “It’s pretty clear that it’s FBI or it’s some other law enforcement agency that’s U.S.-based.”

If Tsrklevich and other researchers are right, the code is likely the first sample captured in the wild of the FBI’s “computer and internet protocol address verifier,” or CIPAV, the law enforcement spyware first reported by WIRED in 2007.

Court documents and FBI files released under the FOIA have described the CIPAV as software the FBI can deliver through a browser exploit to gather information from the target’s machine and send it to an FBI server in Virginia. The FBI has been using the CIPAV since 2002 against hackers, online sexual predators, extortionists, and others, primarily to identify suspects who are disguising their location using proxy servers or anonymity services, like Tor.

The code has been used sparingly in the past, which kept it from leaking out and being analyzed or added to anti-virus databases.

The broad Freedom Hosting deployment of the malware coincides with the arrest of Eric Eoin Marques in Ireland on Thursday on an U.S. extradition request. The Irish Independent reports that Marques is wanted for distributing child pornography in a federal case filed in Maryland, and quotes an FBI special agent describing Marques as “the largest facilitator of child porn on the planet.”

Freedom Hosting has long been notorious for allowing child porn to live on its servers. In 2011, the hactivist collective Anonymous singled out Freedom Hosting for denial-of-service attacks after allegedly finding the firm hosted 95 percent of the child porn hidden services on the Tor network.

Freedom Hosting is a provider of turnkey “Tor hidden service” sites — special sites, with addresses ending in .onion — that hide their geographic location behind layers of routing, and can be reached only over the Tor anonymity network.

Tor hidden services are ideal for websites that need to evade surveillance or protect users’ privacy to an extraordinary degree – which can include human rights groups and journalists. But it also naturally appeals to serious criminal elements.

Shortly after Marques’ arrest last week, all of the hidden service sites hosted by Freedom Hosting began displaying a “Down for Maintenance” message. That included websites that had nothing to do with child pornography, such as the secure email provider TorMail.

Some visitors looking at the source code of the maintenance page realized that it included a hidden iframe tag that loaded a mysterious clump of Javascript code from a Verizon Business internet address located in Virginia.

By midday Sunday, the code was being circulated and dissected all over the net. Mozilla confirmed the code exploits a critical memory management vulnerability in Firefox that was publicly reported on June 25, and is fixed in the latest version of the browser.

Though many older revisions of Firefox are vulnerable to that bug, the malware only targets Firefox 17 ESR, the version of Firefox that forms the basis of the Tor Browser Bundle – the easiest, most user-friendly package for using the Tor anonymity network.

“The malware payload could be trying to exploit potential bugs in Firefox 17 ESR, on which our Tor Browser is based,” the non-profit Tor Project wrote in a blog post Sunday. “We’re investigating these bugs and will fix them if we can.”

The inevitable conclusion is that the malware is designed specifically to attack the Tor browser. The strongest clue that the culprit is the FBI, beyond the circumstantial timing of Marques’ arrest, is that the malware does nothing but identify the target.

 

The payload for the Tor Browser Bundle malware is hidden in a variable called “magneto”.
The payload for the Tor Browser Bundle malware is hidden in a variable called “magneto”.

The heart of the malicious Javascript is a tiny Windows executable hidden in a variable named “Magneto.” A traditional virus would use that executable to download and install a full-featured backdoor, so the hacker could come in later and steal passwords, enlist the computer in a DDoS botnet, and generally do all the other nasty things that happen to a hacked Windows box.

But the Magneto code doesn’t download anything. It looks up the victim’s MAC address — a unique hardware identifier for the computer’s network or Wi-Fi card — and the victim’s Windows hostname. Then it sends it to the Virginia server, outside of Tor, to expose the user’s real IP address, and coded as a standard HTTP web request.

“The attackers spent a reasonable amount of time writing a reliable exploit, and a fairly customized payload, and it doesn’t allow them to download a backdoor or conduct any secondary activity,” says Tsyrklevich, who reverse-engineered the Magneto code.

The malware also sends, at the same time, a serial number that likely ties the target to his or her visit to the hacked Freedom Hosting-hosted website.

In short, Magneto reads like the x86 machine code embodiment of a carefully crafted court order authorizing an agency to blindly trespass into the personal computers of a large number of people, but for the limited purpose of identifying them.

But plenty of questions remain. For one, now that there’s a sample of the code, will anti-virus companies start detecting it?

Update 8.5.13 12:50:  According to Domaintools, the malware’s command-and-control IP address in Virginia is allocated to Science Applications International Corporation. Based in McLean, Virginia, SAIC is a major technology contractor for defense and intelligence agencies, including the FBI. I have a call in to the firm.

13:50  Tor Browser Bundle users who installed or manually updated after June 26 are safe from the exploit, according to the Tor Project’s new security advisory on the hack.

14:30:  SAIC has no comment.

15:10:  There are incorrect press reports circulating that the command-and-control IP address belongs to the NSA. Those reports are based on a misreading of domain name resolution records. The NSA’s public website, NSA.gov, is served by the same upstream Verizon network as the Tor malware command-and-control server, but that network handles tons of government agencies and contractors in the Washington DC area.

8.6.13 17:10:  SAIC’s link to the IP addresses may be an error in Domaintools’ records. The official IP allocation records maintained by the American Registry for Internet Numbers show the two Magneto-related addresses are not part of SAIC’s publicly-listed allocation. They’re part of a ghost block of eight IP addresses that have no organization listed. Those addresses trace no further than the Verizon Business data center in Ashburn, Virginia, 20 miles northwest of the Capital Beltway. (Hat tip: Michael Tigas)
Direct Link:  http://www.wired.com/threatlevel/2013/08/freedom-hosting/