The VICE Channels

    An NCA technical officer triages a seized computer during an unrelated case. Image: NCA

    New Case Suggests the FBI Shared Data from Its Mass Hacking Campaign with the UK

    Written by

    Joseph Cox


    The largest law enforcement hacking operation to date hit computers as far afield as the US, Greece and Chile. Now, it looks like a case in the UK might have been part of the same FBI-led operation too.

    On Friday, a West London man who accessed the child abuse site “Playpen,” which the FBI briefly controlled during early 2015 in order to deliver malware to its visitors, was sentenced to 12 months in prison.

    Vithusan Puvaneswaran, 21, from Hayes, pleaded guilty to three counts: making an indecent photograph of a child, possessing prohibited images of children, and being in possession of extreme pornographic images, a Blackfriars Crown Court clerk told Motherboard.

    Over 100GB of data was found on the “sophisticated” pedophile’s computer, including around 48,000 photographs and videos, many of which were downloaded from the so-called dark web, a National Crime Agency (NCA) spokesperson confirmed to Motherboard. Among those images were screenshots of the Playpen website.

    After pleading guilty, Puvaneswaran was sentenced to one year imprisonment in total, and was given a sexual harm prevention order, which typically block individuals from working with children.

    According to a brief report from CourtNewsUK, the NCA “detected” Puvaneswaran's IP address, and raided his home on 15 March 2015.

    It's unclear how the NCA obtained Puvaneswaran's IP address if he had been routing his traffic through Tor, which is typically used to access hidden services such as Playpen. Properly connecting to dark web sites masks the visitor’s IP address.

    But the FBI, which regularly shares intelligence with the NCA, had, by the time of Puvaneswaran's arrest, used malware to gather around 1300 real IP addresses of Playpen users.

    In February 2015, the FBI seized the server of Playpen from a web host in Lenoir, North Carolina. Instead of shutting the site down, the FBI instead ran Playpen from its own servers in Virginia. During this time, the FBI deployed a network investigative technique (NIT)—the agency's term for a hacking tool.

    That NIT, if it successfully infected a target's computer, would return the suspect's real IP address, along with their MAC address and some other technical information. The NIT was triggered when Playpen users visited specific sections of the site which contained illegal imagery, according to one of the FBI agents who worked on the case. One court document in a related US case read that 137 people have been charged, out of 100,000 unique user accounts that accessed the site over the 13 day period.

    Sarah Selby, the prosecutor in this latest UK case, declined to comment when reached by phone, but was quoted in the CourtNewsUK report as saying “Playpen is notorious because it is only available through Tor and allows users to upload original material.”

    Matt Sutton, from the NCA's CEOP Command, told Motherboard in a statement, “Every time an indecent image of a child is shared it adds to the abuse that child has suffered. The NCA works closely with international partners to share intelligence on people accessing indecent images of children online. They may think they are anonymous and can act with impunity if they operate on the hidden internet. But many have found in recent months that this is not the case.”

    It seems likely that, as more cases involving Playpen become public, that the truly global nature of this operation will come into focus.