FBI, Playpen, and Child porn

The FBI in its attempt to catch more child porn users, created a website called playpen.

FBI knowingly distributed child porn. “We ran the site, but didn’t post, so it’s ok.”

fbi playpen.png

The Justice Department acknowledged in court filings that the FBI operated the site, known as Playpen, from Feb. 20 to March 4, 2015. At the time, the site had more than 215,000 registered users and included links to more than 23,000 sexually explicit images and videos of children, including more than 9,000 files that users could download directly from the FBI. Some of the images described in court filings involved children barely old enough for kindergarten.

That approach is a significant departure from the government’s past tactics for battling online child porn, in which agents were instructed that they should not allow images of children being sexually assaulted to become public. The Justice Department has said that children depicted in such images are harmed each time they are viewed, and once those images leave the government’s control, agents have no way to prevent them from being copied and re-copied to other parts of the internet.

Officials acknowledged those risks, but said they had no other way to identify the people accessing the sites.

“We had a window of opportunity to get into one of the darkest places on Earth, and not a lot of other options except to not do it,” said Ron Hosko, a former senior FBI official who was involved in planning one of the agency’s first efforts to take over a child porn site. “There was no other way we could identify as many players.”

When the FBI took over the site, there were 215,000 registered users and links to more than 23,000 sexually explicit images and videos on the site. Users could also download more than 9,000 files directly from the FBI, according to the report.

In the summer of 2015, two men from New York were charged with online child pornography crimes. The site the men allegedly visited was a Tor hidden service, which supposedly would protect the identity of its users and server location. What made the case stand out was that the Federal Bureau of Investigation (FBI) had used a hacking tool to identify the IP addresses of the individuals.

The child porn website’s systems were seized in Lenoir, North Carolina, after agents got a court order in February. The Feds continued to keep it in operation for two weeks afterwards to catch perverts using it. The site had nearly 215,000 users.

Because users had to use Tor to access the warped website, the web server’s logs were of little use to investigators – they simply listed the nodes of the anonymizing network. Instead, the FBI deployed a NIT – a “network investigative technique,” or what in the hands of criminals would be termed spyware.

The FBI has been using NITs for over a decade. While the Escobosa indictment doesn’t give details, other court documents have stated that the software was developed by adapting a tool written by white hat hacker HD Moore called the Metasploit Decloaking Engine.

A NIT works like this: a file, typically a Flash file, is hosted by a seized child porn website, and sent to web browsers when perverts visit the hidden service via Tor. This Flash file is run in Adobe’s plugin, and establishes a direct connection to an FBI-controlled server on the public internet without going through Tor.

The Feds can then, in most cases, read off the user’s real public IP address from this connection, unmasking the scumbag.

In Escobosa’s case, the software reported back he was using a computer in Staten Island via Verizon’s fiber service. After determining his home address from the ISP using a subpoena, FBI agents got a search warrant, and snatched the man’s computers in late June.

The investigators said Escobosa thought he kept no copies of illegal imagery on his PC, but agents found 115 child sex abuse images stored in the thumbnail cache of his Tor browser – plus logs of IRC chats with other pedophiles. After he was cuffed, Escobosa kept his mouth shut and demanded a lawyer, then admitted to the Feds he had cruised websites looking for unspeakable images.

Escobosa was then given a polygraph test to determine if he had physically abused children, which showed he had not. He has appeared before magistrates in an eastern district court of New York, and is free on a $150,000 bond awaiting trial.

According to the FBI, Escobosa joined the notorious Playpen website on February 4 using the handle Fraud92787, and on one day alone in March, found 70 indecent pictures of three girls aged between five and eight.

This isn’t the first time a NIT has been used to find someone using the dark web for nefarious purposes, and it won’t be the last.

 

 

Advertisements
This entry was posted in Uncategorized and tagged , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s