Prominent, controversial, feminist activist Caroline Farrow has announced on Twitter (archive) that she has been arrested, her electronic devices seized and she has been questioned over posts on Kiwifarms. She denies guilt and so far has not been charged. This follows on from my article a couple of weeks ago in which MHN drew an inference that the British National Crime Agency was behind the hack of Kiwifarms and multiple suspects would be interviewed from a list based on the database. Given police have not denied it and multiple people are complaining on Twitter about being arrested and / or questioned, I am pretty confident in the story. Now might be a good time for MHN to remind readers about the UK British concept of joint enterprise. 

Caroline Farrow credibly claims to have been arrested over alleged Kiwifarms posts. Whilst denying posting is a defence, responding to police questions about malicious online communicationa with, “women don’t have a penis” may not be the wisest response.

Your author is not going to belabour the, “MHN told you so”, point. Instead, it is worth directing readers to British law on joint enterprise. Joint enterprise is a UK law where people engaging in a common enterprise are liable in criminal law for all actions of the entire group. The doctrine originated from the English case of R v Swindall and Osborne (1846) in which two cart drivers had a race. A bystander was killed and both blamed the other. The court held it did not matter who killed the bystander, they were both criminally liable for deciding on the joint enterprise of a cart race.

In the case of Gnango, R. v [2011] UKSC 59 a young gang member named Armel Gnango became involved in a shootout. His opponent accidentally shot and killed a woman called, Magda Pniewska. Gnango was convicted of the murder even though he did not fire the shot. When the appeals over this reached the UK Supreme Court, the court asked the following question –

“1. Permission to appeal was granted in this case in order to enable this Court to consider the following point of law, certified by the Court of Appeal as being of general public importance: “If (1) D1 and D2 voluntarily engage in fighting each other, each intending to kill or cause grievous bodily harm to the other and each foreseeing that the other has the reciprocal intention, and if (2) D1 mistakenly kills V in the course of the fight, in what circumstances, if any, is D2 guilty of the offence of murdering V?”

The court had an answer:

“65. For these reasons we would answer the certified question in the affirmative, allow this appeal and restore the respondent’s conviction for murder.”

In Britain, you can commit murder by being shot at by someone intending to kill you. Some people argue that the law is harsh and a number of NGOs and charities have sought reform. For example, Justice Gap Magazine said this in an article, “Half of women convicted under joint enterprise not even present a scene” (archive).

It is important to remember that Caroline Farrow has not been convicted and denies the posts she is accused of. She is innocent until proven guilty and has not yet been convicted with any crime.

Even so, the reason this should terrify any contributor to Kiwifarms is that, well, Continue reading →

West Yorkshire Police refuse to comment on named individuals. Click for full size.

Two days ago I posted an article about suspicions that Kiwi Farms, the despicable paedophilia, terrorism and hate site run by Joshua Conner Moon, has been hacked by law enforcement. Moon (who has legally changed his name to James Gabriel Potter), was forced to take the site down and notify users of the hack. Subsequently, at least one user complained of being invited to interview by British police. So, I asked the police force concerned. I expected if it is a hoax they would say so. On the other hand, if there is an investigation and they do have the data they would give a vague answer citing privacy and data protection laws. So, MHN received a response and it is door number 2.

The police response bears some parsing. I sent them a letter found on Twitter, with the West Yorkshire Police force logo purportedly inviting a Kiwifarms poster to a formal interview, but which had the suspect’s name blanked out. I asked the following questions –

“(1) Is there any form of investigation into posts on Kiwifarms ongoing, by or in conjunction with, West Yorkshire Police?

(2) What would police say in general to persons proposing to join and / or post on illegal websites?

(3) Is the letter genuine (copy attached)?

(4) Have UK law enforcement come into possession of the user and IP data from the recent hack of Kiwifarms?

(5) Did the National Crime Agency hack Kiwifarms?”

A Kiwifarmer purportedly invited to da cop shop! The police response means it is likely real. Click for full size.

I received in response, “We are unable to comment on named individuals”. However, fairly obviously no individual is named in the letter I sent them. Also, none of my questions refer to a named individual. If the letter was forged, data protection and privacy laws would not be engaged. The police would have no reason not to just say it was a forgery. However, these officers in West Yorkshire are not acting like a police force that has been forged, nor a police force that is triumphantly announcing a win. This comes across as a force that is working with partner agencies on a list of offenders and is likely to be concerned about undermining an ongoing, wider investigation. It is similar to how police act when they have obtained the members list from a drugs market darknet site, for example.

What does it mean for Kiwifarmers? Well, it basically means they are in trouble. Joshua Conner Moon / James Gabriel Potter advises users to user TOR or a no-log VPN when accessing his site (whilst simultaneously insisting it is totally legal). The problem is, that is not enough when dealing with the FBI or worse, the British equivalent being the Continue reading →

A Kiwifarmer purportedly invited to da cop shop! Click for full size.

Not so long ago I saw a very odd post on Twitter about the currently down, terrorism, paedophilia and stalking site Kiwifarms. An image had been shared in a Kiwi Farms Telegram chatroom, and then re-posted to Twitter where I saw it. It was a purportedly a letter from West Yorkshire Police to a suspect inviting them to a PACE interview (a police interview under caution) about posts on Kiwi Farms. The letter appeared real. The difficulty is, how could a police force obtain the IP address of a poster? After some thought, I realised that all but one of the mechanisms I could think of involved hacking or at least joining Kiwi Farms. Under recent laws, British police can hack websites – which got me thinking about the timing of the recent hack in which the site’s data was deleted.

If the letter inset is real, police must not only know that the user visited Kiwifarms, but have specific evidence that they posted there. After considering the ways to do it, I thought of three mechanisms police could obtain this. Each of these has variations. Firstly, they could intercept traffic from a suspect’s address with a warrant. However, the site is protected by SSL so a simple network interception could only show that the user viewed Kiwifarms, not which part of the site and not what (if anything) they posted. It could not tell if they were logged on nor to which user.

To intercept the content of SSL traffic without detection would require a man-in-the-middle attack performed with a certificate generated with a root key trusted by Windows / Linux / MacOS / Android. It is well known that products exist for the security services for precisely that purpose (archive), so this is possible. With the right key, the security services could just run off their own trusted certificates on the fly. However, that would imply an ongoing warrant.

An alternative way to do it would be to sign up on Kiwifarms then DM a user suspected to be a British person a link which trapped their IP address. This might require authorisation under the Regulation of Investigatory Powers Act 2000 (RIPA).

Finally, it occurred to me that the police could simply hack Kiwifarms. Under UK law, this could be legal. Last year, the UK passed the Covert Human Intelligence Sources (Criminal Conduct) Act 2021. This amended RIPA to literally let the police and security services commit crimes, with no limitations on the type of crime whatsoever, including murder, torture and rape. Hacking is small beer – theoretically the police could blow up the data centre. However, the crimes must be authorised under s29B and must be proportionate. The Human Rights Act 1998 also still applies. Therefore, it is doubtful a murder could be authorised unless, for example, many other lives would be saved.

Hacking Kiwifarms, intercepting all their traffic, stealing all the users’ IP addresses and installing Remote Administration Tools (RATs) on their devices as well as Network Investigation Tools (NITs) then deleting all the content would be a far easier sell. Kiwifarms has organised terrorist activity with near impunity for years. Multiple hosts have banned it for hosting child pornography. Its owner is in a foreign state and the main country involved, the United States, is not helpful. Kiwifarms generates lots of crimes in the jurisdiction, including harassment and terrorism. The criminality was escalating at the time the hack began.

If I was a judge, or senior police officer, I simply cannot see much in the way of objection to granting a Criminal Conduct Authorisation to take it down. It is a stalking and terrorism site, clearly organised crime, it has negligible legitimate purposes. Hacking it and deleting all the data, combined with psyops, would create negligible collateral damage to non-perpetrators. I would see an authorisation for hacking as superior to an authorisation for a DDOS attack for that reason.

Which raises questions about the nature of the Twitter account claiming responsibility, @OpSyndicate42, as well as its mockery of the FBI – good natured ribbing from their rivals and partners from across the pond? If the NCA was sharing Kiwifarms user IP addresses with local UK police forces, it would explain their comments about the site users, “dropping like flies”. MHN has put in an inquiry to West Yorkshire Police about the issue to try to verify if the letter is genuine. This article will be updated if a reply is received.