WARNING: Explicit Imagery and Colloquial Language

Tim Barrus. 

Ever since Cinematheque was hacked via an online order of art supplies at a hardware store, we have struggled with this serious issue. It is especially troubling when you consider the fact that, at least for us, the issue is the physical security of children. People wonder we we are not on the Internet the way we used to be.

Newsflash: Many of the haters who stalk us on the Internet have agendas they are hardly going to articulate in the typical attack on Tim Barrus. You do not know what we know. Internet hacking has become very popular among pedophiles who seek as much information as they can get on particular children such as where they live and where they go to school. They can get grades, teachers’ names, and class schedules. It’s entirely possible for them to plot routes to and from school. Even school bus routes. With Google satellite , they can see every detail of a playground.

Schools are not supposed to maintain the private medical information such as HIV status in school records. And yet many do.

We have been somewhat surprised to learn that medical information on such digital databases as hospitals can contain facts like pediatric drug trials children can be involved in. This information should not be accessible to hackers or pedophiles.

We go way out of our way to make it difficult to hack the private information of children. For children who are legal witness to alleged crimes that are in the process of being prosecuted, the physical safety of those children is at stake.

We have dramatically curtailed the manner of our traveling. Airport wi-fi is an open door to people whose intentions are anything but positive. We do not so much as play computer games or even turn computers on.

We are glad to be off Facebook. Facebook is already a security problem, but with the ability to hack into Facebook, even information you think is not even on Facebook is available to advertisers and hackers alike.

When gmail recently became encrypted on both ends, it was extremely helpful. Nevertheless, we will go into encrypted mode real fast on a private encryption site.

For the past five years, it’s been a battle with pedophile hackers who disguise themselves as simply scornful Internet haters whose real purpose is to garner as much information (and history) from a child as they can. The intimidation is designed to facilitate disclosure.

You do not know the half of it because we do not always openly discuss it. Suffice it to say that the hacking (in many ways the hatred not only has an ulterior agenda, but it really is a form of hatred) is relentless. We do not put much of it out there in a public way. One reason is because we note that there is an element of pride among the hackers who compete for the who can hack the best prize of the day. We try not to give them such red meat.

What many published articles do not tell you is that much hacking is done by organized crime. It is very difficult to go after hackers based in such places as Belgrade, Minsk, or Vitebsk. Google Analytics has been very helpful to us, and now allows us to track these people.

We, too, use multiple forwarding all over the planet which is hardly a secret. While that information can be ubiquitous for anyone who deals with the privacy and security of at-risk children, the actual methods and usernames employed in forwarding have, at least for us, so far, remained secure. This is due to the heavy use of encryption. Some companies are just very good at it, and we do employ them.

I will leave this to a recent NYTimes’ piece on issues we have been dealing with on a daily basis for years. The NYTimes does not use the terms hacker and pedophile in the same sentence.

But we do.

Because we know what the hacker says for public consumption in scorn on a comments section, and what messages he attempts to relay to specific boys he thinks he knows everything about.

Just the fact that these people understand that there are other people — the ones they attempt to victimize — who are on to them makes their next move and their next move and their next move anything but secure.  

NYT: You may think the only people capable of snooping on your Internet activity are government intelligence agents or possibly a talented teenage hacker holed up in his parents’ basement. But some simple software lets just about anyone sitting next to you at your local coffee shop watch you browse the Web and even assume your identity online.

“Like it or not, we are now living in a cyberpunk novel,” said Darren Kitchen, a systems administrator for an aerospace company in Richmond, Calif., and the host of Hak5, a video podcast about computer hacking and security. “When people find out how trivial and easy it is to see and even modify what you do online, they are shocked.”

Until recently, only determined and knowledgeable hackers with fancy tools and lots of time on their hands could spy while you used your laptop or smartphone at Wi-Fi hot spots. But a free program called Firesheep, released in October, has made it simple to see what other users of an unsecured Wi-Fi network are doing and then log on as them at the sites they visited.

Without issuing any warnings of the possible threat, Web site administrators have since been scrambling to provide added protections.

“I released Firesheep to show that a core and widespread issue in Web site security is being ignored,” said Eric Butler, a freelance software developer in Seattle who created the program. “It points out the lack of end-to-end encryption.”

What he means is that while the password you initially enter on Web sites like Facebook,Twitter, Flickr, Amazon, eBay and The New York Times is encrypted, the Web browser’s cookie, a bit of code that that identifies your computer, your settings on the site or other private information, is often not encrypted. Firesheep grabs that cookie, allowing nosy or malicious users to, in essence, be you on the site and have full access to your account.

More than a million people have downloaded the program in the last three months (including this reporter, who is not exactly a computer genius). And it is easy to use.

The only sites that are safe from snoopers are those that employ the cryptographic protocol Transport Layer Security or its predecessor, Secure Sockets Layer, throughout your session. PayPal and many banks do this, but a startling number of sites that people trust to safeguard their privacy do not. You know you are shielded from prying eyes if a little lock appears in the corner of your browser or the Web address starts with “https” rather than “http.”

“The usual reason Web sites give for not encrypting all communication is that it will slow down the site and would be a huge engineering expense,” said Chris Palmer, technology director at the Electronic Frontier Foundation, an electronic rights advocacy group based in San Francisco. “Yes, there are operational hurdles, but they are solvable.”

Indeed, Gmail made end-to-end encryption its default mode in January 2010. Facebook began to offer the same protection as an opt-in security feature last month, though it is so far available only to a small percentage of users and has limitations. For example, it doesn’t work with many third-party applications.

“It’s worth noting that Facebook took this step, but it’s too early to congratulate them,” said Mr. Butler, who is frustrated that “https” is not the site’s default setting. “Most people aren’t going to know about it or won’t think it’s important or won’t want to use it when they find out that it disables major applications.”

Joe Sullivan, chief security officer at Facebook, said the company was engaged in a “deliberative rollout process,” to access and address any unforeseen difficulties. “We hope to have it available for all users in the next several weeks,” he said, adding that the company was also working to address problems with third-party applications and to make “https” the default setting.

Many Web sites offer some support for encryption via “https,” but they make it difficult to use. To address these problems, the Electronic Frontier Foundation in collaboration with the Tor Project, another group concerned with Internet privacy, released in June an add-on to the browser Firefox, called Https Everywhere. The extension, which can be downloaded at eff.org/https-everywhere, makes “https” the stubbornly unchangeable default on all sites that support it.

Since not all Web sites have “https” capability, Bill Pennington, chief strategy officer with the Web site risk management firm WhiteHat Security in Santa Clara, Calif., said: “I tell people that if you’re doing things with sensitive data, don’t do it at a Wi-Fi hot spot. Do it at home.”

But home wireless networks may not be all that safe either, because of free and widely available Wi-Fi cracking programs like Gerix WiFi Cracker, Aircrack-ng and Wifite. The programs work by faking legitimate user activity to collect a series of so-called weak keys or clues to the password. The process is wholly automated, said Mr. Kitchen at Hak5, allowing even techno-ignoramuses to recover a wireless router’s password in a matter of seconds. “I’ve yet to find a WEP-protected network not susceptible to this kind of attack,” Mr. Kitchen said.

A WEP-encrypted password (for wired equivalent privacy) is not as strong as a WPA (or Wi-Fi protected access) password, so it’s best to use a WPA password instead. Even so, hackers can use the same free software programs to get on WPA password-protected networks as well. It just takes much longer (think weeks) and more computer expertise.

Using such programs along with high-powered Wi-Fi antennas that cost less than $90, hackers can pull in signals from home networks two to three miles away. There are also some computerized cracking devices with built-in antennas on the market, like WifiRobin ($156). But experts said they were not as fast or effective as the latest free cracking programs, because the devices worked only on WEP-protected networks.

To protect yourself, changing the Service Set Identifier or SSID of your wireless network from the default name of your router (like Linksys or Netgear) to something less predictable helps, as does choosing a lengthy and complicated alphanumeric password.

Setting up a virtual private network, or V.P.N., which encrypts all communications you transmit wirelessly whether on your home network or at a hot spot, is even more secure. The data looks like gibberish to a snooper as it travels from your computer to a secure server before it is blasted onto the Internet.

Popular V.P.N. providers include VyperVPN, HotSpotVPN and LogMeIn Hamachi. Some are free; others are as much as $18 a month, depending on how much data is encrypted. Free versions tend to encrypt only Web activity and not e-mail exchanges.

However, Mr. Palmer at the Electronic Frontier Foundation blames poorly designed Web sites, not vulnerable Wi-Fi connections, for security lapses. “Many popular sites were not designed for security from the beginning, and now we are suffering the consequences,” he said. “People need to demand ‘https’ so Web sites will do the painful integration work that needs to be done.”

"This one is hard to watch " by Tim Barrus

Yes, I am going to speak for him. Someone has to since he rarely speaks for himself. “I’m just trying to survive,” is what he will tell you. He will then want your credit card number which he will then run through his computer you cannot see.

What I see is a kid who has to make choices. What he does NOT see, what is beyond his ability to imagine, are the bodies of the boys I have seen found in public parks hung by the neck tied to ropes in trees with their pants pulled down and their throats slit. They are close to being decapitated.

And their cocks cut off and stuffed into their mouth.

I have seen this.

The cops take me to the park and they want to know of any street people crazy enough to do this. Yes, I know a few deranged enough to do this. The world is full of madmen. Take your pick.

The boy will tell you that the Internet protects him. He is only masturbating on the Internet.

Until the stalker comes around who can entice him to the park. With money.

“I don’t think this was a street-person,” I tell the cops. “If you look at how carefully the throat is slit, you have to imagine that whoever did this was exactly that — careful. I doubt that they will leave any tracks.”

The credit card will be stolen.

Boys who are masturbating for pay on the Internet are vulnerable. Sometimes they can be convinced of that vulnerability. Sometimes they cannot be convinced. They need to pay the rent and buy the drugs that drive the great machine.

I did not post this here to titillate you. It’s not titillating. I posted this to show you the thing in the le flesh.

I stood there and watched the coroner cut the body of the kid down from the rope he was swaying from.

To date, they have not caught whoever committed this crime.

The kid is a criminal, too, and the police know it. Kids who are engaging in criminal behavior do not always rank high on the list of crimes to solve. He was only asking for it. Right.

I’ve never met a kid who was asking for this.

There are still people who believe I overreact when confronted with men who stalk these boys. I take the stalkers very seriously. I do believe that the Internet stalkers graduate to physical stalking. I will go after either one. I will remove the boy to a safer location. FAR away. I have done it any number of time. Often, the boys themselves are convinced of their own invulnerability and they will boldly threaten the stalker themselves. I discourage this very strenuously. If you are stalking my boys on the Internet, we will find you because things like ISP numbers and demographics are only becoming more and more available. We can track you now. And we will.

And, of course, there are the people who believe that it never happened.

Both these people are dangerous.

There is ONE hope for these kids. And it’s not government. Government and incarceration is only a recycle machine.

It’s simple information. It almost has to arrive from the underground as a whispered secret.

Why a secret. Because to reach this boy and his computer, he has to believe that the people who haunt him will not be able to find him.

Your world is not my world.

I’m not writing this for you. I am writing this for him.

You can come in from the cold. No one — FROM THE LIFE — will find you. They will not know where you are. We will even help you leave.

Yes. I can guarantee it.

With my blood. And my life.

At first, they are dubious and afraid. And then they find something worth fighting for. Worth being healthy for. One another. It is a soldiership. It has nothing to do with me. It has to do with their peers. They are adolescent. 

You see, they’re involved in sex work and play for pay infected with HIV. Are they telling the tricks: I have HIV.

No, they are not. It would be bad for business.

Even using a condom is up for grabs.

They think they’re going to die one way or the other anyway. Many of them are depressed and play Big Girl suicide games.

One would be meeting a trick you do not know in the park at night down the block.