«

»

Feb 18

Print this Post

Feds Falsely Accuse 84,000 Sites of Being Child Pornographers

We’ve all seen an occasional cop show on TV.  There is often this character who is absolutely certain of how they ‘got the guy’.  the would-be hero cuts corners and kicks in the door — on some absolutely innocent old lady.  The scene ends with the cowboy acting sheepish and their more sensible partner having to apologize profusely but ineffectively.  We’ve all seen that scene on TV, right?  And we all know that the more absolutely certain the gung-ho cop is of their moral imperative, the more likely the partner is going to wind up apologizing before the commercial break.

Well, it seems we now have seen a real-life high-tech version of just the same thing.  With much fanfare, Immigration and Customs Enforcement (ICE), the part of the Department of Homeland Security (DHS) charged with federal action on child pornography, announced that it had seized ten domain names of sites accused of containing child pornography.  The domains were ‘siezed’ by using a court order to force the domain registrar to change the record of the owner to the federal government.  Once having the ownership, ICE instructed the Domain Name Service (DNS) to direct the domains elsewhere. 

However, in this case it backfired.  What happened was that roughly 84,000 owners of small web sites and blogs saw that their sites now pointed to a single page with a stern announcement that the site had been seized by the federal government for hosting child pornography, plus a warning to the visitor of the severe criminal punishment possible for people who visited sites like these.  None of these sites were very big, but the smaller the site the more likely that the visitors are friends, family, co-workers, and close business associates: exactly the people anyone would be most horrified to get an accusation that they were a child pornographer.

What apparently went wrong was that the plan to seize the domain at the registry level did not think about sub-domains.  What are sub-domains?  It is a way of organizing a large web site.  Any time you see a name and a dot before the main domain name then it is some form of a sub-domain.

To see how this can cause problems, it is best to use an example.  The commercial side of the wordpress.org open source blogging software is called wordpress.com.  At wordpress.com (and other low cost hosting sites like blogger.com) they will offer anybody free hosting of their blog in the hope of later selling them  premium extra services.  The free blogs all are in the form of (subdomain).wordpress.com.  For example thegreenhorns.wordpress.com is a start-up micro-farmer organization.  But there is no registration for thegreenhorns.wordpress.com – only one for wordpress.com.  It is the servers at wordpress.com that route the the request for thegreenhorns.wordpress.com to the right site on their servers.

Among the sites of concern to ICE was a sub-domain at mooo.com.  Apparently, among the 84000 or so mooo.com users was one that ICE believed needed to be shut down.  I will trust that belief was sincere, just like our overeager cop-show hero is sincere.  But there is no registry for sub-domains, only domains.  ICE couldn’t seize (childporn).mooo.com, it could only force the registrar to change the entry for mooo.com.  So that meant that ALL of the subdomains were sent to the federal page with the child pornography shutdown notice. 

The mistake was discovered and corrected.  However, because of the time it takes for a DNS change to get passed around everywhere, some places would still be seeing the child porn notice a full day later.

The idea of going after a domain at the registrar level is attractive to law enforcement because it prevents the site owner from simply switching from one server to another faster than the servers can be shut down.  But in a case like mooo.com where thousands of innocent sites share the domain the individuals involved have to be specifically target for shutdown.

However the presence of subdomains does not automatically mean separate entities. Many sites use sub-domains for internal organization.  For example, mail.google.com and maps.google.com and news.google.com are all part of google.com.  This means that it takes researching the details before action.  Remember, they weren’t trying to shut down thousands of web sites.  They were trying to shut down ten.  The extra effort to really understand those ten sites before figuratively kicking in the door would have avoided embarrassment. 

But the real corner-cutting may be in making a big deal about shutting down ten sites.  There are a lot more than ten people who will continue to make other sites until caught.  Discovering, capturing, and convicting the people behind the conduct is more worthy of an ICE press announcement.

About the author

Daniel Nolte

Architect, Network Administrator, Computer Forensics Administrator, Voiceovers. website,

Permanent link to this article: http://betweenthenumbers.net/2011/02/feds-falsely-accuses-84000-sites-of-being-child-pornographers/

6 comments

Skip to comment form

  1. Ruthann Masterton

    Pretty good post. I just stumbled upon your blog and wanted to say that I have really enjoyed reading your blog posts. Anyway I’ll be subscribing to your feed and I hope you post again soon.

  2. Michaele Uihlein

    I’d be inclined to accede with you here. Which is not something I usually do! I love reading a post that will make people think. Also, thanks for allowing me to comment!

  3. order Strattera

    The new Zune browser is surprisingly good, but not as good as the iPod’s. It works well, but isn’t as fast as Safari, and has a clunkier interface. If you occasionally plan on using the web browser that’s not an issue, but if you’re planning to browse the web alot from your PMP then the iPod’s larger screen and better browser may be important.

  4. Keflex

    I found your site from wikipedia and read a few of your other blog posts.They are cool. Pls continue this great work.

  5. Clear skin

    To me, it seems a bit odd that while the The net was around for many years, and all of a sudden it just exploded over the course of a couple years and presto, we have everything. I think the government decided in the later part of the last century to institute Email/Internet to the public in order to keep track of everything that people do. So while you may think the Internet is free and open, everything that is typed, or sent can be examined by the government.

  6. zithromax without prescription

    Good luck getting people behind this one. Though you make some VERY fascinating points, youre going to have to do more than bring up a few things that may be different than what weve already heard. What are trying to say here? What do you want us to think? It seems like you cant really get behind a unique thought. Anyway, thats just my opinion.

Leave a Reply

Your email address will not be published. Required fields are marked *


*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>