Digg this story   Add to del.icio.us   (page 1 of 4 ) next 
Click Crime
Mark Rasch, 2008-05-09

It has long been a crime not only to commit an illegal act, but also to attempt -- or conspire with others -- to commit one.

Recently, the FBI used this point of law to open up investigations into people who click on a Web site falsely advertising unlawful content but never actually receive it. In reality, the Web site is actually maintained and operated by the FBI itself -- a fact hidden behind a spoofed address.

It is the ultimate honeypot which poses a trap for the unwary. Merely clicking on the hyperlink -- and receiving no actual content -- is sufficient to warrant not only an armed raid on your home and seizure of your computers, but a lengthy term in prison as well. While this "click-crime" technique has been used by police to catch people downloading child pornography, it's likely that the next step will be to use it as a tool in other investigations, such as music and movie piracy.

To Catch a Porn Collector

In a recent case, the FBI posted hyperlinks to a forum which purportedly allowed those who clicked through to obtain sexually explicit materials related to minors. In reality, clicking on the link led the person to an FBI undercover Web site and delivered no actual content.

The FBI recorded the IP addresses of all those who clicked the link and used the information to obtain a search warrant for the person's system. In each case, the FBI successfully prosecuted the owners of the computers for attempting to obtain child pornography by "clicking on an illegal hyperlink." These prosecutions raise significant questions both about evidentiary requirements for convictions, the law of "attempt," and the extent to which the government may actively entice or encourage the commission of criminal activity.

Moreover, now that this technique has proven successful, we can anticipate that the government will use it in a host of other online arenas.

The technique the FBI reportedly employed was to infiltrate a "known" child pornography site, called the Ranchi forum (now defunct). The agents posted a hyperlink on that forum advertising various illicit images (e.g., toddler sex with father). If the hyperlink was clicked, an FBI Web site would record the IP address, but deliver no content. Once the IP address was resolved to an individual, the FBI would obtain a search warrant, seize the computer, and an arrest or prosecution would follow.

Overall, the technique itself and its use under the circumstances are under sound legal footing. In many ways, it is not dissimilar to undercover agents posing as drug dealers in "high narcotics areas" offering for sale "cocaine" but delivering instead lactose powder. The "purchaser" may still be prosecuted for conspiracy or attempt to purchase a controlled substance.

By posting the hyperlink on a site frequently used by child pornographers, the FBI may have overcome one of the hurdles to the so-called "entrapment" defense -- that is, establishing a likelihood of predisposition to commit a criminal offense. It's reasonable to ask why the defendant was in a forum dedicate to the distribution of child pornography.

However, it is unlikely that this technique, successful in the area of child pornography, will remain limited. The government, and potentially private parties, will use this technique to post all kinds of potentially "interesting" information online -– from copyrighted materials (music and video) to personal information, to trade secrets, and even links to hacker tools or techniques. These enticing links resolve not into useful information, but rather into potential civil or criminal liability.

Who Clicked Where?

Of course there are evidentiary problems with any online prosecution, and these honeypot prosecutions are no different.

At best, through the hyperlink you obtain an IP address, but you still have to demonstrate to a jury that the individual defendant was attempting to download the illicit content. If the IP address leads to an open WiFi network, for example, there is the possibility that neighbors or others have piggybacked on the network.

Story continued on Page 2 

Mark D. Rasch is an attorney and technology expert in the areas of intellectual property protection, computer security, privacy and regulatory compliance. He formerly worked at the Department of Justice, where he was responsible for the prosecution of Robert Morris, the Cornell University graduate student responsible for the so-called Morris Worm and the investigations of the Hannover hackers featured in Clifford Stoll’s book, "The Cuckoo’s Egg."
    Digg this story   Add to del.icio.us   (page 1 of 4 ) next 
Comments Mode:
Click Crime 2008-05-15
Anonymous (1 replies)
Re: Click Crime 2008-05-19
Click Crime 2008-05-21
Click Crime 2009-05-13
SeismicMike (1 replies)
Re: Click Crime 2009-05-16
Click Crime 2009-05-19


Privacy Statement
Copyright 2010, SecurityFocus