US: Alaska man busted with 10,000+ child sex abuse images despite his many encrypted apps

Eggyhead , 54 minutes ago

Does this go to show that authorities needing backdoors to everything in order to do their jobs is actually kind of nonsense?

Saledovil , 50 minutes ago

Yeah, it does. Perfect opsec is impossible even with encryption.

Appoxo , 30 minutes ago

Heard about a guy doing insane opsec when selling on the dark web (darknet diaries podcast).
In the end he got busted because a trusted member if his operation got lazy and ignored his rules

mlg , 15 minutes ago

Reminds me of the lulzsec leader dude who exposed himself by logging into IRC once without tor on.

Then he folded instantly and became an informant for the FBI to stay out of jail lol.

In the end its really about tradeoffs. You can’t be an expert in everything so you need a team if you want to do anything big, but Cyber criminals are still criminals. They don’t trust each other which is what ultimately leads to their downfall even if they do all the implementation and tech part right.

YurkshireLad , 6 hours ago

Prison is too good for anyone who keeps child sex abuse images.

Lost_My_Mind , 1 hour ago

WHO is downvoting you???

superkret , 1 hour ago

People like me, who are against the death penalty on principle. (or even more “creative” forms of punishment people like to come up with in these cases).
No, prison is where this guy belongs. For as long as necessary.

Lost_My_Mind , 49 minutes ago

Oh, I was thinking something far worst than death. I was thinking something like a torture rack.

superkret , 43 minutes ago

That’s what I meant by more creative forms of punishment.

Saledovil , 36 minutes ago

So you’re a sadist, but you try to convince yourself it’s okay because you only want to torture people you think deserve it. Of course, no one deserves to be tortured.

Matriks404 , 22 minutes ago

So what do you recommend, Siberia?

shamrockpreacher5 , 7 hours ago

Fuck this human

Tldr; Asshole used encrypted everything and Tor to create and spread csam. Government isn’t disclosing how they caught him

Wilzax , 6 hours ago

If you distribute encrypted materials you also need to distribute a means of decryption. I’m willing to bet a honeypot was used to trick him into distributing his csam right to the government hinself.

shamrockpreacher5 , 6 hours ago

True. Or it could have been a backdoor in his phone, or the full running browser in his sim card, or the backdoor into his CPU chips… Maybe they do old fashioned police work for these cases and only use the pegasus spyware for others?

Pretty silly to do anything illegal on a computer when we know how flawed they are, imo

mox , 5 hours ago

Neither Tor nor end-to-end encrypted messengers will cover the endpoints. It’s possible that they caught him using good old fashioned detective work. You don’t need a software back door for that.

mkwt , 5 hours ago

Well it probably wasn’t a Vic Mackey-style rubber hose attack, because it sounds like this chump is getting hauled into court.

Vilian , 2 hours ago

Tor was created by NSA, half of Tor servers are run by NSA, not that secure

Lost_My_Mind , 2 hours ago

Please don’t talk about child predators, and use the term “back door” in the same sentence. It ain’t right…

yoshisaur , 1 hour ago

we’re talking about encryption here, not…that. please get your mind out of the gutter

Sneptaur , 4 hours ago

They got it by running a honeypot exit node like they always do

CrazyLikeGollum , 2 hours ago

He didn’t use encrypted everything. He had a public telegram group chat in which he stored a lot of his material. Which, as many people in the comments on the article pointed out, is not encrypted, but is presented by telegram as if it is. That’s likely how they caught him.

KairuByte , 58 minutes ago

To be clear, it’s encrypted*.

• If you enable it

uzay , 46 minutes ago

There is no point in encrypting a public group chat since anyone can join and decrypt it anyway.

KairuByte , 43 minutes ago

The secret chats feature isn’t between anyone I believe, it’s between two people. But I don’t actually know for certain because I’ve not looked into it beyond a cursory googling.

That said, you’d be correct in that just like any service out there, the moment you let random people join there’s no level of encryption that can keep your secrets secret.

catloaf , 7 hours ago

The Ars article seems to suggest that they were able to crack his phones pretty easily, which is a bit scary. I don’t see anything about a computer.

Although it doesn’t appear he was actually using any encryption apps to store material; rather, he used a fake calculator app as password protection. Obviously not the brightest bulb in the drawer.

SnotFlickerman , 7 hours ago

The material was allegedly stored behind password protection on his phone(s) but also on Mega and on Telegram, where Herrera is said to have “created his own public Telegram group to store his CSAM.” He also joined “multiple CSAM-related Enigma groups” and frequented dark websites with taglines like “The Only Child Porn Site you need!”

My guess would honestly be Telegram. For starters, they aren’t end-to-end encrypted by default, you have to turn it on. The only end-to-end encryption that Telegram offers is their “secret chats” which are only available between two users. Groups are not encrypted.

theterrasque , 3 hours ago

So telegram’s delusional propaganda did something good for once?

AceSLS , 7 hours ago

The Ars article seems to suggest that they were able to crack his phones pretty easily

Android uses data at rest encryption, which isn’t really useful without a lockscreen PIN/password since data gets decrypted after you unlock your screen the first time after each boot

Although it doesn’t appear he was actually using any encryption apps to store material; rather, he used a fake calculator app as password protection. Obviously not the brightest bulb in the drawer.

Agreed, he probably felt safe enough “hiding” the files. Definitely not the sharpest tool in the shed, which is great because fuck this guy

chimera , 1 hour ago

I honestly don’t think he really had any opsec apart from those few applications, look at what tools he was using, what a joke. Fake calculator app to store files are great to protect from your parents, not the FBI.

He was clearly using Android and I bet he was using the stock rom, kyc sim card, and not even a vpn behind tor.

Don’t get me wrong, I’m very happy and relieved he was caught, but if he had done serious research and did a better opsec, it wouldn’t have been so easy for the authorities to get him

chimera , 1 hour ago

It is also because of people like him that laws like Going Dark become plausible to the eyes of the politicians and the masses

tilefan , 7 hours ago

saw a headline the other day about the gov’t tracking people on tor using Google ads

linearchaos , 5 hours ago

I’m still not entirely convinced that tor is as protected as people think it is.

There’s only something like 6,000 exit nodes. It really wouldn’t be that much money for the government to run thousands of them. If you monitor enough exit nodes and enough relays, you can start to statistically tie connections back together with timing analysis.

I don’t know this to be the case for sure but I can’t imagine the government hasn’t pushed towards breaking the security and identifiability of the tor network

Snowclone , 4 hours ago

If you read a lot of news, it’s really clear Tor isn’t protecting anyone from the FBI. It’s about as effective as using limewire at this point. Which also, the reporting makes it pretty clear it’s not effective to hide criminal acts in the least. But it’s pretty great abusers think it’s effective so they get caught.

cyberpunk007 , 2 hours ago

It’s not as protected as people think it is. This has popped up on headlines for years. It helps, but if someone really wants to find you on there, they can. It’s just not as easy.

floofloof , 2 hours ago

I2P has more protection against this kind of analysis.

Chozo , 2 hours ago

I've suspected Tor of being heavily compromised for a while now. It's already known that many onion sites are government honeypots, with sites being taken over rather frequently, sometimes without triggering the canary. While it's better than nothing in some situations, I don't think it can be relied upon for true anonymity anymore.

moepoi , 6 hours ago

Lol, I still don’t know why people like CSAM :v

PenisDuckCuck9001 , 4 hours ago

Milf porn is where it’s at. Speaking of which, I think I’m going to go find a cory chase video

Lenny , 3 hours ago

Hi, Ted!

BigDotNet , 6 hours ago

Dumb people deserve to be in jail.

Kit , 5 hours ago

Counterpoint: Those who produce and collect CP deserve to be in jail

PopOfAfrica , 4 hours ago

I mean, you are right, but I don’t buy that the solution is mass government surveillance.

jqubed , 5 hours ago

This whole thing is horrifying, but the last paragraph is especially disturbing:

Since Herrera himself has a young daughter, and since there are “six children living within his fourplex alone” on Joint Base Elmendorf-Richardson, the government has asked a judge not to release Herrera on bail before his trial.

Even more disturbing is it said he was also producing content.