FYI.

This story is over 5 years old.

Tech

Child Porn Sting Goes Global: FBI Hacked Computers in Denmark, Greece, Chile

"Operation Pacifier" is larger in scope than most anyone believed.
Image: Shutterstock

In early 2015, the FBI carried out an unprecedented hacking campaign, deploying malware on at least one thousand computers that had been used to visit a certain child pornography site. That move, Motherboard has learned, is part of Operation Pacifier, a large multi-agency investigation into child pornography on the so-called dark web.

The truly global nature of the operation is now coming to light. Media reports as far afield as Greece and Chile covered related arrests, and a Europol presentation discovered by Motherboard indicates that Danish authorities have arrested dozens of people as part of the investigation.

Advertisement

In August of last year, Greece's Cyber Crime Unit arrested a 21-year-old man on charges of possession and distribution of child pornography. The man, who wasn't named in reports, was picked up in a hotel in Ilia, Peloponnese, as part of an investigation "international authorities code-named Pacifier," according to Greek outlet Ekathimerini.com.

That investigation, the article continues, was based on information obtained by the FBI and Europol, which was then provided to countries where suspects resided. The site in question was a Tor hidden service, according to another Greek report, the server of which was seized by US authorities.

Reports from Chile name that site as Playpen, where a man was arrested last week for child pornography crimes as part of Operation Pacifier.

Meanwhile, a presentation authored by Rob Wainwright, Director of Europol, and found via a Google search by Motherboard, describes Operation Pacifier as a "successful infiltration and technical investigation" of a Tor hidden service. According to the presentation, 3,229 cases have been generated by Europol through Operation Pacifier, and Denmark has seen 34 cases.

A Europol spokesperson confirmed the legitimacy of the presentation, but would not answer further questions related to Operation Pacifier. (Europol also declined Motherboard's request for documents related to Operation Pacifier, requested under similar legislation to the Freedom of Information Act). The Danish police declined to answer any questions.

Advertisement

These cases spring from the FBI takeover of Playpen in February 2015, which US court documents described as "the largest remaining known child pornography hidden service in the world." After seizing the site, the FBI used a network investigative technique (NIT)—the agency's term for a hacking tool—in an attempt to identify users of the site. The tool would obtain a target's IP and MAC address, as well as some other technical information, although the exact workings of the tool are not public.

For 13 days, the FBI ran Playpen from their own servers in Virginia in order to deploy the NIT to potential pedophiles. Defense lawyers in one of the affected US cases have argued that by running the site themselves, the FBI in effect distributed child pornography.

One document in a related US case says that the FBI obtained approximately 1,300 true IP addresses during this time. In another instance, the government disclosed that 137 cases have been brought forward in the country.

There are indications that Operation Pacifier may have led to cases in Turkey and Colombia as well. Another presentation found by Motherboard, this time from the national police of Colombia, contains several references to Pacifier, although the agency did not respond to a request for clarification on whether it is part of the investigation. A December 2015 child pornography arrest in Turkey relied on an IP address provided by the FBI to the local authorities. The Turkish police force in Edirne province declined to answer questions, saying they were forbidden by Turkish law to do so.

The FBI declined to comment.

At the time of Motherboard's original report into the FBI's hacking campaign, Colin Fieman, a defense lawyer in one of the affected US cases, said that the warrant used for the NIT "effectively authorizes an unlimited number of searches, against unidentified targets, anywhere in the world."

In light of these newly revealed international cases, that appears to ring true.

Emiko Jozuka provided additional reporting.