Fuck this human
Tldr; Asshole used encrypted everything and Tor to create and spread csam. Government isn’t disclosing how they caught him
If you distribute encrypted materials you also need to distribute a means of decryption. I’m willing to bet a honeypot was used to trick him into distributing his csam right to the government hinself.
True. Or it could have been a backdoor in his phone, or the full running browser in his sim card, or the backdoor into his CPU chips… Maybe they do old fashioned police work for these cases and only use the pegasus spyware for others?
Pretty silly to do anything illegal on a computer when we know how flawed they are, imo
Neither Tor nor end-to-end encrypted messengers will cover the endpoints. It’s possible that they caught him using good old fashioned detective work. You don’t need a software back door for that.
Tor was created by NSA, half of Tor servers are run by NSA, not that secure
Tor was created by the NRL, which is a part of the US Navy and Marine Corps.
Tor was created by the Naval Research Labs, and was released to the public because it is secure.
The problem is that if it’s only the CIA or DIA using it, it’s easy figure out who is using it and where. Make it global and now there is a lot of noise to separate out.
Please don’t talk about child predators, and use the term “back door” in the same sentence. It ain’t right…
He didn’t use encrypted everything. He had a public telegram group chat in which he stored a lot of his material. Which, as many people in the comments on the article pointed out, is not encrypted, but is presented by telegram as if it is. That’s likely how they caught him.
Recent events have taught me that only individual chats are encrypted*. Group chats don’t have that feature.
Telegram groups are not E2E.
Chats are encrypted, but the servers hold the encryption keys (I believe).
There are one-to-one chats that are full e2e, but you have to enable it. And it has all sorts of compromises.
Qualifier: this is as dicumented by telegram. Since it’s not open source, we can’t really verify it
There is no point in encrypting a public group chat since anyone can join and decrypt it anyway.
my guess is that a large number of tor exit nodes is run by government agencies.
This whole thing is horrifying, but the last paragraph is especially disturbing:
Since Herrera himself has a young daughter, and since there are “six children living within his fourplex alone” on Joint Base Elmendorf-Richardson, the government has asked a judge not to release Herrera on bail before his trial.
Even more disturbing is it said he was also producing content.
Does this go to show that authorities needing backdoors to everything in order to do their jobs is actually kind of nonsense?
The article is exaggerating the guy’s setup way too much. Opsec doesn’t end at the application level… The OS (the most popular being in bed with US), ISP, tor nodes, Honeypot VPNs, so on and so on could leave a trail.
Using telegram public groups and obfuscating a calculator as a password protection layer is hillbilly level of security.
And i’m glad these fuckos don’t have the knowledge to go beyond App developers marketing.
Goes beyond the OSI model, too. Someone has to pay for that VPN, and there has to be an entry point to getting BTC, using a 2nd hand laptop where they can prove you bought it off of someone off of Craigslist, etc.
Mullvad let’s you write down an account number on a piece of paper and mail it in with cash and they’ll activate it.
Heard about a guy doing insane opsec when selling on the dark web (darknet diaries podcast).
In the end he got busted because a trusted member if his operation got lazy and ignored his rules
Edit: This guy was essentially
Leeching internet via a directional antenna from a neighbour that was significantly away
Not allowing any visitor in with a cell. You had to keep it outside
All drug related actions are done in a cleaned down room.
Tripple sealing dark marketplace orders, wiping everything down with corrosive fluids to destroy any sort of dna material
Not going to the same post office in (I believe 6 months) and only sending of 3-6 shipments at once
I hope I got it correctly. Please go listen to the episode: https://darknetdiaries.com/episode/132/
Reminds me of the lulzsec leader dude who exposed himself by logging into IRC once without tor on.
Then he folded instantly and became an informant for the FBI to stay out of jail lol.
In the end its really about tradeoffs. You can’t be an expert in everything so you need a team if you want to do anything big, but Cyber criminals are still criminals. They don’t trust each other which is what ultimately leads to their downfall even if they do all the implementation and tech part right.
That’s sounds mostly correct.
His relative also admitted their involvement and flipped on him which destroyed the narrow avenue he had to throw out the original evidence for the warrant.
Of course we only ever hear the cases of people who get caught. If he relative hadn’t gotten lazy he may never have been caught.
The lesson there is not to involve other people.
The Ars article seems to suggest that they were able to crack his phones pretty easily, which is a bit scary. I don’t see anything about a computer.
Although it doesn’t appear he was actually using any encryption apps to store material; rather, he used a fake calculator app as password protection. Obviously not the brightest bulb in the drawer.
The material was allegedly stored behind password protection on his phone(s) but also on Mega and on Telegram, where Herrera is said to have “created his own public Telegram group to store his CSAM.” He also joined “multiple CSAM-related Enigma groups” and frequented dark websites with taglines like “The Only Child Porn Site you need!”
My guess would honestly be Telegram. For starters, they aren’t end-to-end encrypted by default, you have to turn it on. The only end-to-end encryption that Telegram offers is their “secret chats” which are only available between two users. Groups are not encrypted.
The Ars article seems to suggest that they were able to crack his phones pretty easily
Android uses data at rest encryption, which isn’t really useful without a lockscreen PIN/password since data gets decrypted after you unlock your screen the first time after each boot
Although it doesn’t appear he was actually using any encryption apps to store material; rather, he used a fake calculator app as password protection. Obviously not the brightest bulb in the drawer.
Agreed, he probably felt safe enough “hiding” the files. Definitely not the sharpest tool in the shed, which is great because fuck this guy
I honestly don’t think he really had any opsec apart from those few applications, look at what tools he was using, what a joke. Fake calculator app to store files are great to protect from your parents, not the FBI.
He was clearly using Android and I bet he was using the stock rom, kyc sim card, and not even a vpn behind tor.
Don’t get me wrong, I’m very happy and relieved he was caught, but if he had done serious research and did a better opsec, it wouldn’t have been so easy for the authorities to get him
actually using a vpn with tor is not a good idea: https://support.torproject.org/faq/faq-5/
true but only if you do : tor > vpn
if you do : vpn > tor in this order, it’s way more resistant, because if the onion node is compromised, it’s the vpn’s ip address that is exposed, not yours
It seems irrelevant whether this person is using encrypted channels if they failed to maintain anonymity. If they distributed material and leaked any identifying info (e.g. IP address), then it would be trivial for investigators or CIs to track them down.
Likely, data may have been encrypted but he may have leaked compromising metadata. Even more likely it was bad operation security linking a personal identity to his anonymous persona.
I’m always thankful for incompetent criminals.
In the list of apps he was using I don’t see any mention of a VPN. How much you want to bet he raw dogged it with encrypted apps over the clearnet so it was trivial to leak his real IP address
It sounds like he created material, not only AI but actual children then distributed it. The tools to track down the creators of CASM is only getting better.
A single legal image of any of those children posted to social media is going to allow algorithms to make the match and its routine detective work from there.
It only takes one child to talk. No amount of encryption is going to stop that.
i watched some documatnary about hackers, and usually, they catch them because they talk way to mouch about themselves.
