Police Could Charge a Data Center in the Largest Child Porn Bust Ever
Image: Mando Gomez/Flickr

FYI.

This story is over 5 years old.

Tech

Police Could Charge a Data Center in the Largest Child Porn Bust Ever

It’s an “innovative” way to fight file sharers, says one investigator, but will depend on whether employees knew the activity was taking place.

It could be the largest child porn investigation ever conducted.

Canadian police say they've uncovered a massive online file sharing network for exploitative material that could involve up to 7,500 users in nearly 100 countries worldwide.

But unlike past investigations into the distribution of child porn, which typically involve targeting suspects individually, police have instead seized over 1.2 petabytes of data—more than four times the amount of data in the US Library of Congress—from a data center responsible for storing the material, and may even attempt to lay criminal charges against its operators, too.

Advertisement

"What we are alleging is occurring is that there are individuals and organizations that are profiting from the storage and the exchange of child sexual exploitation material," Scott Tod, Deputy Commissioner of the Ontario Provincial Police (OPP), told Motherboard at a conference late last month, after speaking to a crowd of defence specialists. "They store it and they provide a secure website that you can log into, much like people do with illegal online gaming sites."

According to Tod, targeting data centers and their corporate directors is an "innovative" method that police are considering in the fight to end the sharing of child porn—but charges will likely hinge on the degree to which employees knew such activity was taking place.

"This is the first investigation of this scale, to my knowledge—in North America, if not worldwide"

"There's no proactive obligation to investigate what happens on your service," said Tamir Israel, a staff lawyer at the Canadian Internet Policy & Public Interest Clinic (CIPPIC). "If you do become aware that something is there, there's a reporting obligation. But usually data centers aren't actively looking through their stuff, so it's reasonable to say that they wouldn't have come across that."

Unsurprisingly, many specifics of the ongoing investigation—including names of the companies involved—remain unclear.

What we do know is that police traced users trading child sexual exploitative material online to a file sharing service, which was hosted by an Ontario company with millions of dollars in profits. Police then proceeded to seize over 1.2 petabytes of data—about 1,200 terabytes, or just under one million gigabytes. The volume of information is so expansive that in order to store and analyze the data safely and securely, police had to purchase storage hardware similar to what was used by Canadian military forces in Afghanistan. To access the files, many of which are password protected, the cops developed password-cracking software in-house that is slowly sifting through the mountain of information.

Advertisement

The case is still in its early stages, and it's too soon for police to know how many people, or even who, will be charged. But if Tod's operation is ultimately a success, it could set a new precedent for how police go after those who share child pornography, and the companies that enable its distribution.

"This is the first investigation of this scale, to my knowledge—in North America, if not worldwide," Tod said.

A NEW APPROACH

Experts say that targeting the infrastructure used to distribute child pornography, rather than going after the individuals who download it, is a recent change in tactics for police.

"What I've traditionally seen is very targeted investigations," said Hanni Fakhoury, senior staff attorney at the Electronic Frontier Foundation, and a former US federal public defender who has represented people in similar cases. "Agents will go undercover on some peer to peer site and see files that are available for sharing, and they'll engage a person and trade photos with them. Or they'll see that the person is sharing child pornography files and take investigative steps to uncover that specific individual and arrest them. That's very common, that's bread and butter how these sorts of cases are done."

"What is new is this approach that says, you know what, there's a web hosting server out there that hosts a lot of child porn. It also hosts other stuff that we're not interested in, but it hosts a lot of child porn, so we're going to take down that whole host," Fakhoury said.

Advertisement

"I don't think that our technology is any more significant … or different from what our security partners use"

It's unclear, at this point, which data center police targeted—except that, according to Tod, it netted $18 million dollars in revenue over a three-month period during which police had been keeping track. While Tod said that the company's profits aren't all from illicit material, their servers contained 1.25 petabytes of data that interested police, much of which they believe is child pornography.

For the sake of comparison, data hosting giant Rapidshare claimed to host 10 petabytes of data as of 2009. When it closed in 2012, Megaupload was said to have 28 petabytes in data in storage. In 2013, the entirety of Facebook consisted of 250 petabytes.

Meanwhile, Project Spade, a previous child pornography investigation that spanned Canada, Australia, Germany and the US, included 350 arrests and 45 terabytes of data seized. Operation Delego, arrested 52 people internationally for distributing 142 terabytes of child pornography.

This case appears set to blow previous investigations out of the water.

"It could be that there are [petabytes] of child pornography images, but that is a lot. But more likely it's some of that and a bunch of other stuff mixed in. But it's hard to know," said Israel.

Tod said that the data they've seized contains roughly 1.5 million compressed folders, or RAR files. Some of those files contain child pornography, but police don't yet know how much. The information was copied from hard drives seized by the police—and many, if not all, of those RAR files were password protected.

Advertisement

The OPP has even developed custom password-cracking software in-house to assist in gaining access to the files, which Tod said can cycle through 500,000 possibilities per second. "I don't know if that's good or bad," he confessed to the military crowd. "[But] I don't think that our technology is any more significant … or different from what our security partners use."

"VOLUMES THAT WE'VE NEVER SEEN BEFORE"

In recent years, child pornographers have gone to great lengths to evade capture. Some have taken to the anonymized confines of the darknet to shield themselves. Motherboard reported in January on the increasingly complex means through which the pornographers hide their craft behind encryptions guaranteed by the Tor network.

Nevertheless, Ontario police managed to identify 7,500 unique IP addresses from nearly 100 countries from the data seized. To date, they've identified 2,200 American users, 843 from Germany, 534 in Japan, 457 within Russia, 394 in Canada, 380 in the United Kingdom, and 374 inside France.

"That's huge," Fakhoury said. "I'm used to seeing cases where they go after one person, or 40, 50, 100 people, but 7,500 people is staggering. So they better have really compelling proof that those 7,500 people were visiting the hosting site to access child porn."

Tod says he's unsure of how many could actually face charges.

"Is this overkill? And what percentage of the data they seized is actually contraband child porn? And what percentage of it contains totally legitimate stuff?"

Advertisement

"We're not making any assumptions of how many are actually criminally guilty at this time, or criminally responsible. But we're certainly a size of information that's being traded that we know is illegal material of volumes that we've never seen before," Tod said.

Ontario police are working alongside the US Department of Homeland Security, and expect to involve other police forces worldwide. US law enforcement officials declined to comment for this story.

Tod said that while the investigation began in Ontario, there are now components in five other locations worldwide.

David Fraser, a lawyer and digital privacy expert at the Halifax, Nova Scotia firm McInnes Cooper, said he's never heard of an investigation of this magnitude and scope, but that it doesn't necessarily imply a privacy concern. "As long as they follow the proper procedures, I would hope that they would be able to take it down and prosecute anybody involved in this significant crime," he said.

That means that the OPP will need specific warrants to analyze and use most of the information contained within the hard drives seized. Under Canadian law, police do not have carte blanche to search and use every piece of data on a hard drive merely because it is in their physical possession, and will need to tread carefully to avoid charges of running an unlawful search.

"Is this overkill? And what percentage of the data they seized is actually contraband child porn? And what percentage of it contains totally legitimate stuff?" asked Fakhoury. "If you're receiving so much stuff that you need military grade equipment to sift through it and sort through it maybe you're receiving too much stuff."

And prosecuting those who were in possession of the hard drives—likely, the owner of the data centre—may well spark debate over whether or not is reasonable to hold those who house data liable for what their customers put on those servers, too.

"Legitimate businesses operating in Canada have the right to assume that their customers are acting lawfully unless they have strong reason to believe otherwise," said Fraser. "Even then that does not make them complicit in their customers' activities."