Meget spændende læsning fra en insider, om hvordan børnepornografi spredes på internettet i dag, og om hvordan forretningsmodellen er bygget op. Her er et par uddrag, men har man tid anbefaler jeg at man læser hele artiklen.
Om at diverse filtre ikke virker, og at politikerne prøver at skrabe stemmer til sig, ved at lade som om de gør noget ved problemet:
During the years this combination of skills has resulted in the most ingenious schemes I have ever seen in my life. It is beyond the skills of BKA, FBI, and certainly politicians who don’t even know of such systems, let alone understand them. It is outrageous naiveté with which politicians speak of things of which they do not have the slightest clue. All the more frightening, however, is how much they use child pornography as a tool to write headlines and create populist slogans and as a means to justify more monitoring even though it is clear that the system established will very quickly be used for very different purposes than (unsuccessful) child porn filtering. Among the operators, there are two types: those mostly from Western Europe and North America are catched relatively quickly because they don’t have the slightest clue. These are the people who appear in big headlines when they are caught. But there are, however, other varieties comprising the best-trained server administrators, programmers and hackers. There is a direct collaboration between programmers who write the special Trojans and rootkits, hackers who command the Bot Nets and infected computers (zombies) as well as spammers who send their mail via the Bot Nets of the hacker.
Om teknikken bag distributionen:
Today’s schemes are technologically very demanding and extremely complex. It starts with the renting of computer servers in several countries. First the Carders are active to obtain the credit cards and client identities wrongfully. These data are then passed to the falsifiers who manufacture wonderful official documents so that they can be used to identify oneself. These identities and credit card infos are then sold as credit card kits to operators. There is still an alternative where no credit card is needed: in the U.S. one can buy so-called Visa or MasterCard gift cards. However, these with a certain amount of money charged Visa or MasterCard cards usually only usable in the U.S.. Since this anonymous gift cards to buy, these are used to over the Internet with fake identities to pay. Using a false identity and well-functioning credit card servers are then rented and domains purchased as an existing, unsuspecting person. Most of the time an ID is required and in that case they will simply send a forged document. There is yet another alternative: a payment system called WebMoney (webmoney.ru) that is in Eastern Europe as widespread as PayPal in Western Europe. Again, accounts are opened with false identities. Then the business is very simple in Eastern Europe: one buys domains and rents servers via WebMoney and uses it to pay.
As soon as the server is available, a qualified server admin connects to it via a chain of servers in various countries with the help of SSH on the new server. Today complete partitions are encrypted with TrueCrypt and all of the operating system logs are turned off. Because people consider the servers in Germany very reliable, fast and inexpensive, these are usually configured as HIDDEN CONTENT SERVERS. In other words, all the illegal files such as pictures, videos, etc. are uploaded on these servers -- naturally via various proxies (and since you are still wondering what these proxies can be -- I’ll explain that later). These servers are using firewalls, completely sealed and made inaccessible except by a few servers all over the world -- so-called PROXY SERVERs or FORWARD SERVERs. If the server is shut down or Someone logs in from the console, the TrueCrypt partition is unmounted. Just as was done on the content servers, logs are turned off and TrueCrypt is installed on the so-called proxy servers or forward servers. The Russians have developed very clever software that can be used as a proxy server (in addition to the possibilities of SSL tunneling and IP Forwarding). These proxy servers accept incoming connections from the retail customers and route them to the content Servers in Germany -- COMPLETELY ANONYMOUSLY AND UNIDENTIFIABLY. The communication link can even be configured to be encrypted. Result: the server in Germany ATTRACTS NO ATTENTION AND STAYS COMPLETELY ANONYMOUS because its IP is not used by anyone except for the proxy server that uses it to route the traffic back and forth through a tunnel -- using similar technology as is used with large enterprise VPNs. I stress that these proxy servers are everywhere in the world and only consume a lot of traffic, have no special demands, and above all are completely empty.
Om et af problemerne med sådanne filtre: Informationerne checkes ikke, og forkerte sider ryger ofte i filteret til skade for legitime operatører:
Based on my descriptions so far it should be clear to anyone sensible reading this that filtering and censorship make absolutely no sense. The Russians are well-informed about countries such as Denmark and Sweden and know which sites are on the blacklists and how the filtering systems work. A few weeks ago, a strictly secret blocking list appeared on the Internet at: http://scusiblog.org/wp-content/uploads/2009/01/dkfichse_15012009txt.sorted
It is the blacklist of 15 January 2009 from Denmark. As you can see, these lists are very confidential … If you are looking for child pornography is, you should send the Danish police a thank-you letter for the hot tips. But what is immediately obvious is that this list does not contain only illegal child pornography sites. I have not, of course, checked all domains. Most of these have been defunct since times immemorial (but they are still listed -- this will surely make next owner of the domain happy if the domain is ever purchased again). It is worth noting that some sites with flat-chested adult models are blocked. Even some gay sites are listed, or sites that have adult models that look young (even sites participating in a proof-of-age program and operating within the EU). I wonder, therefore, on what legal basis these adult sites with verifiably adult (but young-looking) models are put on the blocklist and even more how the discrimination of these models as adults is justified.
