A Dark Web Hacker Is Hunting Potential Pedophiles to Extort Them for Money

"People will pay a lot to keep that kind of thing covered up."

|
Nov 12 2015, 1:45pm

Image: glo/Shutterstock

As the saying goes, no one on the internet knows you're a dog. Or no one knows you're a hacker pretending to be a teenage girl in order to blackmail pedophiles.

One such digital "vigilante" is a hacker who, after posing as a 14-year-old girl, waits for possible pedophiles to approach in a chat room. From here, the hacker attempts to unravel the person's motives, identify them, and then publish their personal details on a site on the dark web.

"I put the site together a couple of weeks ago and have been adding content slowly," the hacker, who went by the handle Loveandmercy, told Motherboard in an encrypted chat. Loveandmercy had been doxing other potential pedophiles for a few months before that.

The site, called "Exposed," currently lists five people Loveandmercy suspects of being pedophiles. Some of the listings include the people's Skype usernames, email addresses, social media accounts, cell phone numbers, and addresses, and one comes with a social security number.

"I always make sure that the first thing I say is that I'm 14, but it rarely deters them."

"I go into chat rooms meant for teenagers (typically on ICQ's IRC network, but sometimes other chat sites) with a username that implies that I'm underage," Loveandmercy said. ICQ is a chat service typically used on the surface web.

"Within minutes of joining I've usually got 5-10 of them messaging me," Loveandmercy added. "I always make sure that the first thing I say is that I'm 14, but it rarely deters them."

Loveandmercy includes logs of these chats on the site, which suggest that the recipients want to meet or sexually converse with young girls. Once they're chatting, Loveandmercy tries to get the person's email address, perhaps by asking where to send some pictures.

"You'd be amazed at how often their email addresses are connected to their Facebook or other social media accounts," the hacker added. If that doesn't work, Loveandmercy will get the suspect to click a link to a server that he owns, and get their IP address from the logs.

If the suspected pedophile is using a VPN or Tor, Loveandmercy usually gives up. "I'm mostly aiming for the low-hanging fruits here."

The hacker does not, however, send the information collected to law enforcement. "The badge-wearing sissies that are in charge of arresting pedophiles don't do anything anyway, so I don't bother sending it to the cops anymore," he or she said. "Instead of contacting the police, I'll contact their friends and family and give them links to the site so they can see for themselves."

Loveandmercy acknowledged the people he targets could use stolen identities. "Someone could be impersonating the pedophile and trying to get him in trouble, or I could be lying about the information. But usually you can go see for yourself, like by emailing them, calling them, or checking out their Facebook page."

Publishing personal information about someone, or doxing, is often legal, but not when that information is used to threaten or steal that things start to break the law.

The UK's National Crime Agency said they did not encourage vigilante action as it could compromise ongoing investigations.

But Loveandmercy's project has a twist: the hacker demands payment from the suspected pedophile, in exchange for not publishing their identifying details.

"What could be worse than having your darkest secret exposed for the world to see? People will pay a lot to keep that kind of thing covered up."

According to logs hosted on the site, Loveandmercy wrote to one target "you're in a bit of trouble here. You're going to send me 5 bitcoins (worth $1,957 at the current market value) or I'm going to tell everyone about your dirty little secret. All 3 of the women you married, your kids, [name] and [name], your family members... Everyone. I will ruin you if you don't pay up."

"I've had a few people pay in the past, before I ran the site," Loveandmercy said. "Usually though, they just disconnect in hopes that it'll all go away and they can go back to life as usual." The hacker claims to have made a "couple thousand dollars" in all, including from other extortion campaigns before this site launched.

"That's just for me to get money, it's not a punishment or anything. I mean, what could be worse than having your darkest secret exposed for the world to see? People will pay a lot to keep that kind of thing covered up," the hacker wrote.

This isn't the first time digital vigilantes have tried to target suspected pedophiles. Hackers acting under the umbrella of Anonymous have launched various similar operations, including "PedoChat," which took aim at some 100 child abuse websites.

"I encourage everyone to go on to a teen chat room and pose as someone underage at least once," Loveandmercy said. "There is an absolutely sickening number of people who want to prey on young, clueless girls and boys, and most people out there don't realize how bad this problem is or how little the government is doing about it."