Playpen (website)

Last updated
Playpen
Type of site
Child pornography sharing
Available in English
LaunchedAugust 2009
Current statusOffline (as of May 2015)

Playpen was a darknet child pornography website that operated from August 2014 to March 2015. [1] [2] The website operated through the Tor network which allowed users to use the website anonymously. After running the website for 6 months, the website owner Steven W. Chase was arrested by the FBI. After his arrest, the FBI continued to run the website for another 13 days as part of Operation Pacifier.

Contents

When it was shut down in March 2015, the site had over 215,000 users and hosted 23,000 sexually explicit images and videos of children as young as toddlers. [2]

Website shutdown

The shutdown operation, called Operation Pacifier, involved the Federal Bureau of Investigation (FBI) hijacking the site and continuing to serve content for two weeks (from February 19, 2015 until March 4, 2015). During this time, the FBI used a malware-based "Network Investigative Technique" (NIT) to hack into the web browsers of users accessing the site in what is known as a watering hole attack, thereby revealing their identities. The operation led to the arrest of 956 site users and five prison sentences.

While the FBI claimed to have knowledge about the existence of the website from its inception, it was unable to track down the server locations or the site owner. This was because the website was hosted anonymously through Tor. Only a mishap of the site owner that revealed his IP address finally allowed law enforcement to track down both the servers and personnel. [1]

Convictions

The investigation led to the conviction of Steven W. Chase, a 58-year-old man from Florida who created the website, of charges of engaging in a child exploitation enterprise and advertising, transportation and possession of child pornography. He was sentenced to 30 years in prison in May 2017. His two co-defendants pleaded guilty and were sentenced to 20 years each earlier in 2017 for their involvement in Playpen. [1]

In 2017, the FBI dropped charges against one defendant after the court for that case requested details on the NIT malware. The FBI preferred to keep the NIT malware a secret for future investigations. [3] [4] [5]

Shutdown criticisms

The investigation was criticized by the Electronic Frontier Foundation because of the generality of the warrant, and because after having taken control of the website, the FBI continued to operate the website for nearly two weeks and thus distribute child pornography, i.e. exactly the same crime the bureau sought to stop. [6] The lawyer of a defendant in the case stated that the FBI not only operated the website, but improved it so its number of visitors rose sharply while it was under their control. [7]

Challenges were raised about the FBI's possible misuse of the initial search warrant, leading to the likely dismissal of much of the gathered evidence against one defendant. [8] [9] The warrant stated it was to be used to gather information on people in the Eastern District of Virginia only, but because the NIT malware indiscriminately infected people using the site, it was in fact used to gather information from many other areas. [10] Before the change to Rule 41 in 2016 to allow it, this was illegal. [11] On August 28, 2019, the Eleventh Circuit Court of Appeals ruled that the warrant was invalid but that the evidence obtained was not required to be excluded due to the good-faith exception doctrine. [12]

Related Research Articles

Operation Ore was a British police operation that commenced in 1999 following information received from US law enforcement, which was intended to prosecute thousands of users of a website reportedly featuring child pornography. It was the United Kingdom's biggest ever computer crime investigation, leading to 7,250 suspects identified, 4,283 homes searched, 3,744 arrests, 1,848 charged, 1,451 convictions, 493 cautioned and 140 children removed from suspected dangerous situations and an estimated 33 suicides. Operation Ore identified and prosecuted some sex offenders, but the validity of the police procedures was later questioned, as errors in the investigations resulted in many false arrests.

Operation Avalanche was a major United States investigation of child pornography on the Internet launched in 1999 after the arrest and conviction of Thomas and Janice Reedy, who operated an Internet pornography business called Landslide Productions in Fort Worth, Texas. It was made public in early August 2001, at the end of Operation Avalanche, that 100 arrests were made out of 144 suspects. It was followed by Operation Ore in the United Kingdom, Operation Snowball in Canada, Operation Pecunia in Germany, Operation Amethyst in Ireland, and Operation Genesis in Switzerland.

Watering hole is a computer attack strategy in which an attacker guesses or observes which websites an organization often uses and infects one or more of them with malware. Eventually, some member of the targeted group will become infected. Hacks looking for specific information may only attack users coming from a specific IP address. This also makes the hacks harder to detect and research. The name is derived from predators in the natural world, who wait for an opportunity to attack their prey near watering holes.

Child erotica is non-pornographic material relating to children that is used by any individuals for sexual purposes. It is a broader term than child pornography, incorporating material that may cause sexual arousal such as nonsexual images, books or magazines on children or pedophilia, toys, diaries, or clothes. Law enforcement investigators have found that child erotica is often collected by pedophiles and child sexual abuse offenders. It may be collected as a form of compulsive behavior and as a substitute for illegal underage pornography and is often a form of evidence for criminal behavior.

<span class="mw-page-title-main">Tor (network)</span> Free and open-source anonymity network based on onion routing

Tor is a free overlay network for enabling anonymous communication. Built on free and open-source software and more than seven thousand volunteer-operated relays worldwide, users can have their Internet traffic routed via a random path through the network.

Hunter Edward Moore is an American convicted criminal from Sacramento, California. Rolling Stone called him "the most hated man on the Internet." In 2010, he created the revenge porn website Is Anyone Up? which allowed users to post sexually explicit photos of people online without their consent, often accompanied by personal information such as their names and addresses. He refused to take down pictures on request. Moore called himself "a professional life ruiner" and compared himself to Charles Manson. The website was up for 16 months, during which Moore stated several times he was protected by the same laws that protect Facebook. Moore also paid a hacker to break into email accounts of victims and steal private photos to post.

<span class="mw-page-title-main">Tor Mail</span> Defunct Tor email service

Tor Mail was a Tor hidden service that went offline in August 2013 after an FBI raid on Freedom Hosting. The service allowed users to send and receive email anonymously to email addresses inside and outside the Tor network.

<span class="mw-page-title-main">Freedom Hosting</span> Defunct Tor web hosting service

Freedom Hosting was a Tor specialist web hosting service that was established in 2008. At its height in August 2013, it was the largest Tor web host.

The dark web is the World Wide Web content that exists on darknets that use the Internet but require specific software, configurations, or authorization to access. Through the dark web, private computer networks can communicate and conduct business anonymously without divulging identifying information, such as a user's location. The dark web forms a small part of the deep web, the part of the web not indexed by web search engines, although sometimes the term deep web is mistakenly used to refer specifically to the dark web.

<span class="mw-page-title-main">Tor Ekeland</span> American lawyer

Tor Bernhard Ekeland is a New York City based computer, trial and appellate lawyer. He is best known for representing hackers prosecuted under the Computer Fraud and Abuse Act ("CFAA"), as well as white-collar defendants, in federal criminal court and on appeal across the United States.

<span class="mw-page-title-main">Matt DeHart</span> Former U.S. intelligence analyst and sex offender

Matt Paul DeHart is an American citizen and former U.S. Air National Guard intelligence analyst and a registered sex offender. He has made several unconfirmed claims, including that he received classified documents alleging the CIA was involved in the 2001 anthrax attacks in the United States and that the government used child pornography charges to frame him for possession of state secrets.

<span class="mw-page-title-main">Operation Onymous</span> International police operation targeting darknet markets

Operation Onymous was an international law enforcement operation targeting darknet markets and other hidden services operating on the Tor network.

HackBB was a Tor service Internet forum specializing in buying stolen credit cards, skimming ATMs, and hacking computers, servers and accounts. The site was often a destination for hacked and stolen data dumps. At some point the site was hosted by Tor hosting company Freedom Hosting.

Network Investigative Technique (NIT) is a form of malware employed by the FBI since at least 2002. It is a drive-by download computer program designed to provide access to a computer.

Operation Torpedo was a 2011 operation in which the Federal Bureau of Investigation (FBI) compromised three different hidden services hosting child pornography, which would then target anyone who happened to access them using a network investigative technique (NIT).

Government hacking permits the exploitation of vulnerabilities in electronic products, especially software, to gain remote access to information of interest. This information allows government investigators to monitor user activity and interfere with device operation. Government attacks on security may include malware and encryption backdoors. The National Security Agency's PRISM program and Ethiopia's use of FinSpy are notable examples.

<span class="mw-page-title-main">FBI MoneyPak Ransomware</span> Ransomware

The FBI MoneyPak Ransomware, also known as Reveton Ransomware, is a ransomware that starts by purporting to be from a national police agency and that they have locked the computer or smartphone due to "illegal activities" and demands a ransom payment via GreenDot MoneyPak cards in order to release the device.

<span class="mw-page-title-main">Joshua Schulte</span> Former CIA employee and criminal (born 1988)

Joshua Adam Schulte is a former Central Intelligence Agency (CIA) employee who was convicted of leaking classified documents to WikiLeaks. WikiLeaks published the documents as Vault 7, which The New York Times called "the largest loss of classified documents in the agency's history and a huge embarrassment for C.I.A. officials." After his conviction, the Department of Justice called it "one of the most brazen and damaging acts of espionage in American history."

Boystown was a child pornography website run through the Tor network as an onion service. It launched in June 2019 and was shut down by authorities in April 2021. Four German administrators of the site confessed and were sentenced to long prison sentences in December 2022.

<span class="mw-page-title-main">Welcome to Video case</span> Investigation and prosecution of child sexual exploitation ring

The Welcome to Video case involved the investigation and prosecution of a child pornography ring which traded videos through the South Korean website Welcome to Video, owned and operated by Son Jung-woo. Authorities estimated about 360,000 downloads had been made through the website, which had roughly 1.2 million members, 4,000 of which were paid members, from 38 countries. Through international cooperation and investigations, 337 people were arrested on charges of possessing child pornography.

References

  1. 1 2 3 Farivar, Cyrus (2017-05-05). "Creator of infamous Playpen website sentenced to 30 years in prison". Ars Technica . Archived from the original on 2017-05-08. Retrieved 2017-05-08.
  2. 1 2 Cimpanu, Catalin (2016-09-17). "Admin of Dark Web Child Pornography Website "Playpen" Found Guilty". news.softpedia.com . Archived from the original on 2017-05-06. Retrieved 2017-05-07.
  3. Pulkkinen, Levi (July 14, 2015). "FBI: Special ed teacher caught with infant rape photos". Seattle Post-Intelligencer . Archived from the original on June 11, 2021. Retrieved June 11, 2021.
  4. Newman, Lily Hay (March 7, 2017). "The Feds Would Rather Drop a Child Porn Case Than Give Up a Tor Exploit". Wired . Archived from the original on July 29, 2024. Retrieved August 25, 2017.
  5. Farivar, Cyrus (March 5, 2017). "To keep Tor hack source code secret, DOJ dismisses child porn case". Ars Technica . Archived from the original on August 25, 2017. Retrieved August 25, 2017.
  6. Rumold, Mark (2016-09-15). "Playpen: The Story of the FBI's Unprecedented and Illegal Hacking Operation". eff.org . Archived from the original on 2017-05-29. Retrieved 2017-05-08.
  7. Conditt, Jessica (2016-08-23). "FBI improved a Dark Web child pornography site, lawyer argues". engadget.com . Archived from the original on 2017-02-15. Retrieved 2017-05-08.
  8. "A massive FBI child porn probe has lawyers asking: Does the end justify the means?". Star Tribune. 20 May 2017. Archived from the original on 2021-05-15. Retrieved 2021-06-11.
  9. "It is not OK to break the law to catch criminals, judge rules". June 8, 2017. Archived from the original on June 8, 2017. Retrieved August 25, 2017.
  10. Rumold, Mark (2016-09-26). "The Playpen Story: Rule 41 and Global Hacking Warrants". Electronic Frontier Foundation. Archived from the original on 2023-03-17. Retrieved 2023-03-17.
  11. "How an obscure rule lets law enforcement search any computer". Engadget. December 2016. Archived from the original on 2023-03-17. Retrieved 2023-03-17.
  12. "No. 17-14915 and No. 18-11852" (PDF). Archived (PDF) from the original on 2020-08-06. Retrieved 2020-03-10.