In what can only be deemed highly unusual, it was recently revealed on Motherboard that the FBI had to resort to actually hosting a website containing child pornography in order to locate and prosecute its perpetrators.
It started in 2014 with an advertisement on a bulletin board site for a website to which users could sign up and upload any images they wanted. According to documents submitted in court during the subsequent prosecutions, the website’s primary purpose was “the advertisement and distribution of child pornography,” and the website was called “Playpen.”
Barely a month into the site’s launch, it clocked nearly 60,000 member accounts, with the number rising to almost 215,000 registrations by 2015, including 117,000 posts and an average of 11,000 unique visitors each week. The website was found to contain some of the most graphic child pornogrphy imagery imaginable, even including instructions of how sexual abusers could avoid online detection. As the FBI subsequently described it, the site was known to be “the largest remaining known child pornography hidden service in the world.”
In February 2015, as the website was touching its peak in activity, the hosting server running Playpen was seized by law enforcement officials from a hosting provider in North Carolina.
But interestingly, after Playpen was seized, it wasn’t immediately shuttered as is generally the case when such websites are discovered. With the aim of locating the site’s users, the FBI decided to continue running the site from its own servers in Virginia between 20 February and 4 March, during with time the bureau utilized what is called a network investigative technique (NIT); basically a hacking tool.
This tool served to infect the computers of the website’s users, revealing key information such as their computer’s true IP addresses. This was especially challenging, given that Playpen was a website hosted on the Dark Web–a lesser-known though frequently used network of servers within the Internet that was built to mask a user’s Web identity and location. Owing to this characteristic, the Dark Web is rampantly used to host and provide access to illegal content.
But given the efficacy of the NIT tool and the information it garnered, the FBI expects to make about 1,500 prosecutions of people they have found to use the website.
The NIT tool also has much wider applications, from identifying users of the Tor Browser by exploiting a known bug in the Firefox browser, to delivering malware to bomb threat suspects via phishing emails.