- I i ALL 4CHAN USERS READ ALL 4CHAN USERS READ 07124/10(Sat)06:45:59 No.256740667
- Who I am is unimportant. All that matters is that I can no longer be silent. I believe legitimately innocent 4chan users are in serious danger right now, and despite my loyalties to my employer. I have chosen to make certain previously undisclosed information about 4chan public. I will not post again following this. Dismiss this information at your own discretion (and peril). Having provided you all fair warning about what is really going on within the administrative ranks of 4chan, my conscience will now be clear.
- Here goes: • In early 2008, the owner/administrator of 4chan was approached by representatives of the Arizona ICAC in cooperation with the U.S. Department ofJustice and federal Immigration and Customs Enforcement. • The agents approached 4chan's administrator following a year-long investigation into the site which, in turn, was initially brought to the DoJ's attention by the Jake Brehm incident. Of concern to the DoJ. ICE, and AZ-ICAC representatives was the routine trafficking of Child Sexual Abuse (CSA) images and links on 4chan.org's Ibl board, among others. • Conventional procedure in CSA trafficking investigations calls for the unannounced seizure of the offending web site's server(s) and forensic examination of its HTTP daemon's and forum software's log files. After (or while) suspect IP addresses and corresponding time stamps are isolated, subpoenas are sent to the appropriate ISPs, compelling them to divulge account holder identification information.
- It was explained to 4chan's administrator that law enforcement was initially prepared to move against him with the seizure of his servers, but that its rapid content purging system and enormous user population (14,000 unique visitors per hour, 10000000+ per month) would have rendered conventional CSA investigation techniques difficult. CSA postings were "drive-by" in nature and quick to expire. If seized, 4chan's servers would yield only trivial criminal evidence: those particular CSA postings which were active (or forensically recoverable) at the time of the seizure itself.
- "4chan's administrator was presented an ultimatum: seizure of his servers anyway (and the possibility of charges being brought against him for his having never reported the CSA posters on his site to NCMEC), or cooperation (The way the information came to me, two agents were actively standing by in the data center, ready to haul 4chan's servers away the moment he refused, if he refused.)
- • Needless to say, 4chan's administrator decided that cooperation was in his best interest. With me so far? The result of this cooperation bloomed into the following changes quietly made to 4chan's servers, which have now been in place for some time:
- *4chan threads no longer truly "expire." Instead, they are "archived" by virtue of becoming web browser-accessible only through alternate Apache+Futaba daemons listening at isolated TCP/IP interfaces on the boards.4chan.org and ".irnages.4chan.org servers. These interfaces have non-public IP addresses and law enforcement in turn has a secure VPN to those interfaces. This allows them to review, with their web browsers, archived threads just as they appeared to users (and suspects) on the public version of 4chan, With backend content even drawn from the same SQL database entries that were created by those users/suspects while creating the threads. In effect, for 2 years, law enforcement has had a private version of 4chan, one where each "new" thread is a thread that just expired from the public 4chan. And wherein all threads are sorted by date in a static fashion, so they do not "bump" around in their order of presentation.
- *As "expired" (archived) threads are reviewed via the law enforcement version of 4chan, those without CSA content are deleted by agents manually. For threads that do exhibit CSA content, the law enforcement version of 4chan's Futaba daemon offers a "[CP)" hyperlink at the top-right of the page. Clicking it causes special law enforcement software (which resides on the server with the administrator's permission) to tarball the entire thread for download by investigators in a forensically-sound fashion (in a way that will hold up to defense attorneys in court). Information captured by this "tarballing" process includes the dates and times of all posts to the thread in question, the complete contents of all posts to the thread in question (including image attachments), and the IP addresses plus complete browser headers of all persons who posted in that thread, who downloaded any of its attachments, or who viewed the thread itself, When this tarballing software finishes its work, its final action is to overwrite (as opposed to "deleting") all thread attachments from the servers' RAID arrays, and null-fill all corresponding SQL database entries. This assures that no contraband remains on the servers. (At their ends, agents additionally use a browser plug-in that makes "full page screenshots." This is mainly for cursory presentation in court, however.)
- *The janitor's/moderator's Futaba interface to the public version of 4chan was similarly modified to include (next to the customary moderator/janitor control hyperlinks beside each post) a "[CP]" hyperlink beside all posts in every thread. (See the image attached to this post.) When this "[CP]" link is clicked by a moderator/janitor, the poster is banned and the post is deleted. But before that happens -- and unlike with the other moderator/janitor ban/delete hyperlinks -- the "[CPI" hyperlink also first triggers the aforementioned law enforcement tarballing software to fire up and capture all aspects of the entire thread, just as described above, for later retrieval by law enforcement. (VVhen the thread eventually expires from simple inactivity, it appears in the private, law enforcement version of 4chan as usual, but with a "red flag" indicating that moderator/janitor action was previously taken against one or more of its posters for CSA trafficking activities.)
- • 4chan's administrator is the only one who knows (well, now, who knew) these details. The moderators/janitors were simply told to click the "(CPI" hyperlinks upon encountering CSA material as a "convenience" because it "automatically inserted 'CP as the ban reason". Of course, clicking the "[CP)" hyperlinks, as everybody now knows, does much more.
- *Beginning shortly after the cooperation between 4chan's administrator and law enforcement began (again, about 2 years ago), the administrator of 4chan was advised by the law enforcement agencies working the case to stay off /b/ completely. Later -- early this year, he was "ordered" (that's my source's terminology, anyway) to remove all "ciwy" moderators/janitors from /b/ and to hand the /b/ moderation accounts exclusively to the law enforcement agents working 4chan -- so they could "more quickly" trap and take down CSA materials. Allegedly 4chan's administrator is very angry with this arrangement, as it has brought bans and thread/post deletions on /b/ for anything except CSA trafficking to a screeching halt, effectively "letting /b/ overflow with shit I can keep control over now."
- " Finally, and also earlier this year, 4chan's servers WERE effectively "seized." They were moved out of the old data center in Los Angeles and placed into a nearby facility directly controlled by an unnamed federal law enforcement agency. There's now just plain gigabit Ethernet fiber between the web site's current tier 1 transit provider and the 4chan servers inside that facility, with no commercial hosting provider involved to speak of This I have no further information on or what the implications are.
- So there you have it. Because conventional approaches to combating CSA trafficking were thought fruitless against 4chan, the administrator was "convinced" to cooperate with a sting operation that has now been ongoing for 2 years. Law enforcement knows 4chan's reputation for CSA trafficking, and knew that by having convinced its administrator cooperation was superior to losing his servers, it would win an unprecedented opportunity to shoot fish in a barrel. And it has. As of late last year (the last time I heard official statistics of the arrest count), the number of 4chan users arrested for CSA involvement was just past 1,100 individuals.
- The reason I'm breaking my silence? The Jessica "Slaughter" girl. When I knew only guilty people used 4chan (and primarily /b/), knowledge of the ongoing sting operation wasn't terribly concerning to me. But now, 4chan is going completely mainstream. Thanks to the Slaughter fiasco, I can honestly see droves of ordinary innocents clicking through to /b/ without any forewarning of what transpires here. And law enforcement being what it is -- indiscriminately predatory toward anyone in possession of CSA contraband ("fuck circumstances, all must burn"), my heart sank at the thought of how many innocent lives would be ruined by criminal charges lodged against those guilty of nothing other than unwitting exploration of a forum whose nature they had no forewarning of In my opinion, the "sting" operation that has been ongoing here was justified only under this web site's former circumstances. Now, it goes too far, and so I am speaking out.
- That is all. It shall be interesting to observe what happens now. Probably, this thread will be deleted quickly, so I advise people to "copy pasta" and re-post my words as frequently as possible: especially on other web sites like this one (I know you people are a community spread across similar boards). And again, I do not care about people who are unwilling to believe this and who will continue to inhabit this web site despite my warning. This post is directed toward those WITH common sense: those who're capable of asking themselves "has there ever been any OTHER web site this large, with constant 'CP' postings, WITHOUT it ever being busted?" The answer to that question is now before you: the busts have been ongoing the entire time. And now that innocent people are going to get mixed up in this, it has become too much for me to remain silent about.
- Good bye
a guest Jul 31st, 2010 122 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
RAW Paste Data