The Global Intelligence Files

On Monday February 27th, 2012, WikiLeaks began publishing The Global Intelligence Files, over five million e-mails from the Texas headquartered "global intelligence" company Stratfor. The e-mails date between July 2004 and late December 2011. They reveal the inner workings of a company that fronts as an intelligence publisher, but provides confidential intelligence services to large corporations, such as Bhopal's Dow Chemical Co., Lockheed Martin, Northrop Grumman, Raytheon and government agencies, including the US Department of Homeland Security, the US Marines and the US Defence Intelligence Agency. The emails show Stratfor's web of informers, pay-off structure, payment laundering techniques and psychological methods.

Re: [CT] Elaborate Anonymous Sting Snags 190 Kiddie Porn Fans

Released on 2013-11-15 00:00 GMT

Email-ID 750968 Date 2011-11-03 21:52:56 From ben.west@stratfor.com To ct@stratfor.com

Re: [CT] Elaborate Anonymous Sting Snags 190 Kiddie Porn Fans





Is Bayless' name on there?



Interesting that even they are picking up on this "99%" rhetoric...



----- Original Message -----

From: "Sidney Brown" <sidney.brown@stratfor.com>

To: "CT AOR" <ct@stratfor.com>

Sent: Thursday, November 3, 2011 2:16:07 PM

Subject: Re: [CT] Elaborate Anonymous Sting Snags 190 Kiddie Porn Fans



Ya found the site http://pastebin.com/hquN9kg5 where the vigilante anonymou=

s hackers released there last official release on this Operation DarkNet ev=

en explaining how they executed the operation and how they secretly contact=

ed their 'friends' at The Mozilla Foundation.



And here http://pastebin.com/88Lzs1XR is the entire 1589 users and their us=

ernames and passwords currently active on Lolita City, a darknet trading po=

st for pedos. Scroll to the bottom and they even explain how they obtained =

the IP addresses.



The purpose of #OpDarknet according to anonymous group was to collect evide=

nce and prove that %1 of Tor users who use Tor for CP are the ones causing =

the problems for the rest of the Tor community, the 99%. In celebration of =

November 5th 2011, #OpDarknet is officially sailing away for another Lulz. =

Bye bye pedo bear. We are Anonymous, a leaderless collective, fueled only b=

y our ideas.



On 11/3/11 10:37 AM, scott stewart wrote:





It was not really a weakness in TOR it was more like using social engineeri=

ng to convince the pedos to download your malware.





Still with these guys going after pedos and the Zetas, I'm starting to like=

them.

















From: Sidney Brown < sidney.brown@stratfor.com >

Reply-To: CT AOR < ct@stratfor.com >

Date: Thu, 03 Nov 2011 10:25:45 -0500

To: CT AOR < ct@stratfor.com >

Subject: Re: [CT] Elaborate Anonymous Sting Snags 190 Kiddie Porn Fans









It's pretty interesting. Many users of Tor believe their identities and IP =

addresses to be anonymous; however, I think once they downloaded this 'upda=

te' which diverted the traffic to the channel controlled by OpDarkNet this =

allowed the vigilante anonymous hackers to use traffic analysis to deanonym=

ize the 190 users; a weakness of the Tor network. Allowing the service's ps=

eudonymous IP address to be linked, exposing them.



On 11/3/11 10:02 AM, scott stewart wrote:





Pretty clever way to catch some stupid pedos, unfortunately many of them ar=

e more clever than that.





From: Sidney Brown < sidney.brown@stratfor.com >

Reply-To: CT AOR < ct@stratfor.com >

Date: Thu, 03 Nov 2011 09:49:30 -0500

To: CT AOR < ct@stratfor.com >

Subject: [CT] Elaborate Anonymous Sting Snags 190 Kiddie Porn Fans











Elaborate Anonymous Sting Snags 190 Kiddie Porn Fans

Nov 2, 2011 11:47 A

http://gawker.com/5855604/elaborate-anonymous-sting-snags-190-kiddie-porn-f=

ans









Some of the internet's sleaziest users must be freaking out today, having b=

een outed by Anonymous as visitors to child porn forums. Vigilante Anonymou=

s hackers are taking their war on underground kiddie porn to a new level by=

posting the IP addresses of people they claim are pedophiles .



Anonymous has been waging a month-long campaign to rid the digital undergro=

und of child porn called OpDarkNet . So far, their attacks have been limite=

d to taking down forums and websites where pedophiles trade child porn on a=

shadow internet known informally as the "dark net."



But now the hackers say they're sick of waiting around for law enforcement =

to act against the users of those sites . "They'll take forever=E2=80=A6 du=

e process for some of these guys are so weak," one hacker told us in a chat=

room. "The best way for Law Enforcement to react is for us to release it. =

They can chose to follow or not."



The list of 190 IP addresses posted by Anonymous today is the product of an=

elaborate sting=E2=80=94nicknamed "Paw Printing" =E2=80=94that wouldn't lo=

ok out of place in an FBI investigation. Thanks to some quick coding and st=

rategic planning, Anonymous hackers were able to trick visitors to a popula=

r kiddie porn forum into downloading bugged software which tracked their ev=

ery move for 24 hours.



Here's how it went down: The pedophiles on the dark net use the anonymizing=

network Tor to hide their tracks. Earlier this month, OpDarkNet learned of=

an upcoming update to Tor about a week before its release by hanging out i=

n the chat room used by Tor developers. They realized the update would be a=

perfect opportunity to set a trap.



Tor users "are very scared about Tor being hacked," one OpDarkNet hacker to=

ld us, so they'd rush to install any software update if they thought it wou=

ld patch a critical security hole. Their confidence must have been shaken w=

ith the recent attacks against the dark net by Anonymous, as well.





In a 24-hour coding frenzy, OpDarkNet created a booby-trapped version of a =

popular browser plugin used to connect to Tor. With the normal version, a u=

ser's traffic is sent to many different Tor "nodes" in a way that obscures =

their internet activity. But the booby-trapped version was programmed to se=

nd all the traffic to a node controlled by OpDarkNet=E2=80=94a honey pot. O=

pDarknet could then log all the traffic to their server and pinpoint the IP=

addresses of Tor users who thought they were hidden.



On the day of the legitimate Tor update, October 27th, OpDarkNet hackers ad=

vertised their bogus update on a popular undeground child porn directory ca=

lled Hard Candy. "DUE TO RECENT SECURITY ISSUES CAUSED BY ANONYMOUS AND FRE=

NCH RESEARCHERS, PLEASE INSTALL A UPDATED TOR CLIENT LOCATED HERE, " they w=

rote. According to the OpDarkNet hacker, 190 people downloaded their bugged=

plugin. OpDarkNet then logged the users' internet traffic for 24 hours wit=

h a program nicknamed "Whiny da Pedo," revealing their IP addresses, and tr=

acking their visits to underground child porn forums.



The logs we've seen are incredibly detailed, tracking users' visits not jus=

t to the Lolita City child porn forum we wrote about earlier , but to Faceb=

ook and Twitter as well. According to a map of the addresses released by Op=

DarkNet, users all over the world were snagged by the sting=E2=80=94but the=

majority were in the U.S.



Nick Mathewson, a Tor developer, said such a sting would be possible. "We s=

eriously recommend that users who want our actual software get it from our =

website... not from some random third party," he said.



The OpDarkNet hackers say they've tried to contact Interpol and the FBI wit=

h the IP addresses, but their hope that law enforcement might follow up on =

the tip seems misplaced. A European Commission official told the political =

site NewEurope that authorities take "note of the role played by Anonymous,=

" but "removal of child pornography sites should be organised through prope=

rly co-ordinated law enforcement." It's no surprise that Interpol and FBI w=

ould be wary of any evidence offered up by a group that usually is on the o=

ther side of their investigations.



As for the people whose IP addresses are now publicly linked with child por=

n=E2=80=94we imagine they're busy finding the nearest swamp to bury their h=

ard drives in . After rumor of the sting hit the dark net, an administrator=

added this note to the top of the Hard Candy forum that had been targeted:



"If you were stupid enough to install the recently linked Tor button 'updat=

e'... then your anonymity has no doubt been compromised. As a result you sh=

ould consider running anti-virus/malware programs and/or fully wiping your =

hard drives." --

Sidney Brown

Tactical Intern sidney.brown@stratfor.com

--

Sidney Brown

Tactical Intern sidney.brown@stratfor.com

--

Sidney Brown

Tactical Intern sidney.brown@stratfor.com









