The FBI has used hacking methods never seen before in the history of law enforcement to bring down the owners and clients of the largest child pornography website found on the dark web to date.
A bulletin board website named Playpen that enabled users to sign up and then upload any images they liked was launched in August 2014 on the dark web, and according to court documents, the website's primary purpose was to advertise and distribute child pornography.
The dark web is a section of the internet not discoverable by conventional means, such as through a Google or search or by directly entering a website URL.
As the websites are hidden, they are perfect for cyber criminals, who list thousands of goods and services for sale on secret underground marketplaces, including narcotics, chemicals, firearms and counterfeit goods, as well as adverts for services such as hacking, gambling and sports betting. Many users of the dark web use the Tor anonymity network to disguise their web traffic and ensure anonymity.
The hacking tool that identifies IP and MAC addresses
At its peak, Playpen had almost 215,000 members. It had more than 117,000 posts and received an average of 11,000 unique visitors a week. The FBI discovered numerous posts featuring extreme child abuse imagery, as well as providing advice on how potential child sex abusers could avoid detection online.
After seizing the computer server running Playpen from a web host in Lenoir, North Carolina, in February 2015, the FBI decided to run the child pornography web site from its own servers in Newington, Virginia, for an additional two weeks between 20 February and 4 March of that year.
When visitors accessed the website, the FBI deployed a network investigative technique (NIT) – a hacking tool – and used a single warrant to uncover 1,300 IP addresses, tracing these addresses back to actual individuals.
The FBI has used NITs before, but this is the first time that it has been reported that the NIT was able to get around the protections of Tor. When visitors accessed the website, although their traffic might have been encrypted, a Flash application was secretly installed on the user's computer that quietly sent important data about the user straight to the FBI so that it did not pass through the Tor network at all, according to Motherboard Vice.
The NIT was able to capture the actual IP address of the computer, the type of operating system the user's computer was using, the computer's architecture, the computer's MAC address, the computer's host name, the computer's active operating system username and was even able to issue a unique identifier to the user in order to distinguish all data collected from another user's IP address.
Even though the method has undoubtedly helped to bring down child pornographers, the American Civil Liberties Union is concerned that the FBI was able to hack into over 1,000 computers with just a single warrant, and believes that Congress and the public should play a role in evaluating whether law enforcement should be allowed to use NITs at all.
Over 1,500 cases have resulted from the investigation
Two men were indicted in New York in July 2015 on child pornography charges, the first of many who were arrested throughout 2015. Many of the arrested will see their cases heard throughout the first half of 2016, and the court documents showed that charges were filed against defendants in Connecticut, Massachusetts, Illinois, New York, New Jersey, Florida, Utah and Wisconsin.
"Fifteen-hundred or so of these cases are going to end up getting filed out of the same, underlying investigation," Colin Fieman, a federal public defender for the Western District of Washington who is handling several of the related cases, told Motherboard Vice.
"There will probably be an escalating stream of these [cases] in the next six months or so," he added. "There is going to be a lot in the pipeline."
UPDATED: Article was updated to reflect exactly how the FBI got around the protections of Tor, as explained by Motherboard Vice.