FBI Hacked Computers in Australia as Part of Global Child Porn Sting

The list of countries the FBI hacked computers in just keeps growing.

|
Oct 10 2016, 12:47pm

Image: Shutterstock

In early 2015, the FBI hacked thousands of computers across the world, based on a single, arguably illegal, warrant.

Now, Motherboard has learned that as part of the same operation, the FBI also hacked computers in Australia, highlighting how law enforcement agencies are increasingly using malware to remotely search computers outside of their jurisdiction.

The case, codenamed Operation Pacifier, revolves around the FBI's investigation into one of the largest ever dark web child pornography sites, called Playpen. When the FBI seized the site in 2015, instead of shutting it down, the agency briefly ran Playpen from a government server in order to deploy a network investigative technique (NIT)—the agency's term for a piece of malware—in an attempt to identify its visitors.

The agency's malware used a Tor Browser exploit, and then grabbed a suspected Playpen user's IP address, MAC address, and other technical information. As well as obtaining over 1,000 US IP addresses, and distributing much of this information throughout the FBI and to other US-based law enforcement agencies, the FBI also gave details on suspects overseas to foreign agencies.

The Australian Federal Police (AFP) was one of those agencies. During the processing of a Freedom of Information request filed by Motherboard, the AFP said it held a wealth of data on Operation Pacifier, including a large PROMIS case file. PROMIS is the case management tool AFP officers use to catalogue investigations and store intelligence.

During preliminary searches, the AFP found 600MB of file data and "One PROMIS case alone containing over 2000 case note entries," a letter from the AFP to Motherboard reads. The agency confirmed that this file relates to the international referrals the AFP received in relation to Operation Pacifier. A single PROMIS case note entry does not necessarily equate to an IP address provided by the FBI; PROMIS is frequently updated throughout AFP investigations.

A section of the letter from the AFP to Motherboard.

Australia is just the latest country to be revealed as part of Operation Pacifier. A Europol presentation uncovered by Motherboard said that the law enforcement agency had generated over 3,200 related cases, including 39 cases in Denmark. A second presentation showed that police in Colombia had worked on Operation Pacifier as well.

Earlier this year, an Austrian politician wrote in a letter to MPs that 50 IPs from the country had been obtained during the operation. The FBI also hacked computers in Greece and Chile, and there are indications of more related arrests in Turkey and the UK.

During a recent court hearing, Daniel Alfin, an FBI Special Agent who is working on the Playpen investigation, said that some of the suspected Playpen users based overseas have not yet been arrested or apprehended, "because of the amount of time it takes to get work done in some foreign countries."

But, in what shows the increasing use of malware to target suspects overseas, Australian authorities hacked into computers based in the US. Through US court documents, Motherboard found that a small unit of a regional police force led a separate operation to hack suspected visitors of another dark web child pornography site, including over 30 alleged US-based users.

The AFP previously told Motherboard it was not aware of the operation.

This piece has been updated with additional reporting from court documents.