Yes, you read the title correctly. Using the same types of techniques taught in this thread, you can and should remain anonymous no matter what you are doing.
Pedophiles and child pornographers are some of the most wanted people on the planet. They are up there with terrorists and serial killers. They are hunted by federal law enforcement agencies, and punished very seriously, as they should. So the reason for this post is to demonstrate, that if somebody who is as wanted as much as pedophiles and child pornographers can remain free by using proper OpSec, then you can too.
If your secure communications platform isn’t being used by terrorists and pedophiles, you’re probably doing it wrong.
I want to talk to you about a group of child pornographers that operated for several years online, called YardBird. During a period of 15 months, there were around 400,000 images and 11,000 videos uploaded to a central server run by the group and shared by the members. The reason we know that, is because during that 15 months, the FBI performed an undercover operation to infiltrate the group in hopes of apprehending the members. They successfully apprehended 1 in 3 members of the group. One of those who remain free to date, was the leader of the group, who also went by the online name YardBird.
How is it possible that after so much effort was put in by the American Federal Bureau of Investigation (FBI), the Australian Federal Police (AFP) and the Australian Queensland Police Service, that people high up on the wanted lists were able to evade capture. They used strong cryptography, and proper OpSec rules. Let us now talk about the history of the attempted apprehension of this group.
According to the FBI.
There were approximately 60 members that were loosely identified, and from the 60, approximately 20 were positively identified in this group.
There were numerous challenges presented during Operation Achilles. The group utilized an unprecedented level of organization and sophistication. They had a timed test for prospective new members. They had to use encryption technology and Internet-based anonymizers, re-mailing services. They also intentionally corrupted their own child pornography files and only the new members knew how to reconfigure those files to be able to read the pictures or the video. They also had the uncanny ability to monitor worldwide news pertaining to law enforcement efforts in child pornography matters in order to better educate themselves to avoid law enforcement detection.
As I said earlier, the alleged leader of this ring used the online name “Yardbird”. Yardbird made a re-appearance on Usenet in both 2009 and 2010 on the date corresponding to the first and second anniversaries of the busts in 2008. His intent was to show that he was still free, and to answer people’s questions.
One of the most important things Yardbird stated were that everyone in the group who used Tor and remailers remained free, while those who relied on services such as Privacy.LI were arrested and convicted. Privacy.li is an offshore VPN service that promises anonymity. They claim from their website the following.
If you need corporate and/or military strength encrypted networks, then a Virtual Private Network is the way to go. All and any traffic from and to your desktop are within an encrypted tunnel, and your originating IP-address is well concealed.
Yes, we 101% honor your privacy, no logs, no snooping, no profiling. No legal mumbo-jumbo to disguise any hidden efforts. We believe in individualism and privacy, even anonymity.
Yardbird further commented that several members of the group, including his second-in-command Christopher Stubbings (Helen) and Gary Lakey (Eggplant) were Privacy.LI users — in fact he stated that they used it for everything. (Helen is currently serving a 25-year sentence in the UK, while Eggplant is serving life in an Arizona prison.)
Eggplant literally became notorious because of his constant promotion of Privacy.LI — he continually boasted that he could not be caught because Privacy.LI did not keep logs, and they were located outside of U.S. jurisdiction.
I pointed out to anyone who would listen that services such as Privacy.LI
were for /privacy/ — not for anonymity. In an ideal situation, one needs
both to be private as well as anonymous. Essentially, what Privacy.LI
supplied was a type of VPN service, providing an encrypted tunnel for data
to travel between two endpoints–the customer’s computer being one endpoint, while the Privacy.LI servers provided the other. While there was a degree of privacy, there was NO anonymity at all–so it really didn’t come as a surprise that Privacy.LI’s customers were among those arrested.
At the end of the day, no service provider is going to go to jail for you. A simple court order can get even the toughest VPN providers to roll over on their users, because they would rather betray a $20 per month user than be fined, shut down and possibly thrown in jail for interfering with a federal investigation.
What other mistakes were made to lead to the arrest of some members of this group? The Australian police arrested a man on totally unrelated child pornography charges, and presumably as part of a plea deal, he revealed the existence of ‘the group’ and handed over a PGP public/private keypair and password. Having acquired from the informer the current group PGP public/private keypair, and its passphrase meant that the police could assume this group member’s identity, and furthermore, read all the encrypted traffic posted by members of the group.
Once the group was penetrated, the police were able to take advantage of a
1) They had the informant’s computer, with all its email, PGP keys and the
like. This provided a history, which made it easier to continue the
2) By the time it was penetrated, the group had been operating for about 5
years. By this time, the group had jelled into a community — people were
familiar with each other, they often let their guards down, and would
sometimes reveal tidbits of personal information. This is especially the
case when they thought their messages were secure, and beyond the ability
of the police to intercept–they would say things that they would *never*
say in the open.
So it is important to note at this time, that you no matter how comfortable you become with somebody, there is always a chance that they can become compromised. In fact, the group has a set of rules, that all members were told to abide by, and if any member was found to be breaking the following rules, they would be expelled.
Never reveal true identity to another member of the group
Never communicate with another member of the group outside the usenet channel
Group membership remains strictly within the confines of the Internet
No member can positively identify another
Members do not reveal personally identifying information
Primary communications newsgroup is migrated regularly
If a member violates a security rule, e.g. fails to encrypt a message
Periodically to reduce chance of law enforcement discovery
On each newsgroup migration
Create new PGP key pair, unlinking from previous messages
Each member creates a new nickname
Nickname theme selected by Yardbird
The ones who got caught, were the ones who did not follow the rules by putting too much trust in their online “friends”. We saw this in the arrest of Sabu when he helped the FBI bust his “friends” in LulzSec. If someone is given a deal to cut the amount of time spent in prison in half, they likely will take the deal at your expense. Below is an example of a plea versus trying to fight the charges in this exact case.
…seven of the U.S. subjects pleaded guilty pre-trial to a 40-count indictment and received federal sentences ranging from 13-30 years in prison. The remaining seven defendants opted for a joint, simultaneous trial. All seven were convicted by a jury and subsequently sentenced to life in prison.
13-30 years versus life in prison, may entice even some of the hardest criminals, and if you think your online “friend” who you have never met in person is going to keep their mouth shut to keep you out of jail, you are in for a big surprise.
So, as you can see, the group was pretty much an open book to the police. They were completely and thoroughly penetrated. Despite that, however, the majority of the group were still able to remain at large, and were neither positively identified nor arrested. This is due to the privacy tools (pgp, tor, nymservers, remailers) that were employed. Even with everything else being an open book, those using these tools still managed to evade capture. But you may be saying, Ok, I understand PGP, I understand tor, but what the heck is a nymserver and a remailer?
In a nutshell, an anonymous remailer is a server that receives messages (in this case an email) with embedded instructions on where to send them next, and that forwards them without revealing where they originally came from. A nymserver also referred to as a pseudonymous remailer assigns its users a user name, and it keeps a database of instructions on how to return messages to the real user. These instructions usually involve the anonymous remailer network itself, thus protecting the true identity of the user.
Some of the advantages of using these services are to protect the intended recipient from an adversary, and also protect the sender of the message. Some of these services use what is called a common mailbox, in which all messages are stored in a central mail box with no “To and From” headers. It is up to the users who use the service to attempt to use their PGP keys to try and decrypt all of the messages stored in the central message box and see if they can decrypt any of them. If they can, this message is intended for them. This way it rules out again, the sender and receiver. This system of remailers, can also form a chain, in which the message is bounced off of multiple remailers before making it to its intended reicipient to widen the gap between the sender and receiver.
Another effective option some services offer is the ability to delay when the message gets sent on to the next server in the chain, or the recipient itself. If you are found to be sending out PGP encrypted traffic through some type of analysis at 5:00PM, and another person being monitored receives it at 5:01PM, it is easier to correlate that this message may be from you to the other person being monitored. At this time I have no recommendations for service to use, but I am likely to post about them in the future. In the meantime, let us get back to the ring of pedophiles shall we?
Leaving aside my personal feelings about pedophiles, I brought up this case
as an example for several reasons:
1) Child pornography is a serious crime in virtually every jurisdiction.
As this example demonstrates, police will work together, even across
national boundaries, to investigate these crimes. They are willing
to invest considerable time, manpower and money in pursuit of these
suspects. The only other crimes which usually merit this type of
approach are drug/gun-running or terrorism. The level of effort
expended in pursuing this group can be seen in that even FBI
executive assistant director J. Stephen Tidwell was involved.
Normally one would not expect FBI personnel that highly placed
to be involved — this shows the level of importance placed on
this particular investigation. (A year or so after the busts,
Yardbird himself expressed astonishment that the FBI would
consider his group such a priority.)
2) This case is the only one that I’m aware of, where suspects were
using sophisticated tools like PGP, Tor, anonymous remailers and
3) This case underscores the effectiveness of these tools even against
well-funded, powerful opponents like the FBI, Europol, and Interpol.
(N.B.: FWIW, those who were caught used either inappropriate and/or
ineffective tools and techniques to protect themselves.
4) I fully understand most people’s disgust at the types of crimes/
criminals being discussed here. That said, it is important to
remember that one simply cannot design a system that provides
protection for one class of people, but denies it for another.
You can’t, for example, deploy a system that provides privacy/
anonymity for political dissidents, or whistle blowers, and yet
denies it to pedophiles — either *everyone* is safe, or NO ONE
is safe. This may not be palatable, but these are the facts.
To summarize. We have seen that even the most hunted criminals, can evade capture when using strong cryptography and proper OpSec. The ring leader of one of the most investigated child pornography rings still remains at large today because those who followed the rules.