Home » Featured » FBI Ultimate Hack Job, 1300 Computers Take Down
Click Here To Hide Tor

FBI Ultimate Hack Job, 1300 Computers Take Down

According to a report on vice motherboard –  The Federal Bureau of Investigation since the summer of 2015 has been upping the ante in its attempts to shutdown illegal pornography sites, primarily sites sharing child porn. But to what extent is the FBI permitted to go out with hack campaigns against Tor Dark Net websites.

In New York, two men were criminally charged in connection with an FBI investigation of a child pornography website. These two were just a couple of the 200,000+ users this site maintained in its databases. Both men were charged with knowingly possessing such porn.

Justice may be shutting down these websites and arresting pedophiles and other dangerous people but the FBI tactics are unprecedented and raising some questions about their legality, including using a hacking tool that revealed the IP addresses of these two individuals, when the Tor site was hidden from revealing any personal information.

At the time of the arrests in the summer of 2015, some attention was given to the crimes and the tactics the FBI used to bring down these criminals. As a result also, some news attention was given to other arrests made, including one in Vancouver. However, only now is the truth behind the full campaign surfacing.

In order to take down a site like this on the dark web, the FBI needed to hack thousands of computers across the country. According to court documents recently reviewed, this was an operation of wide scale proportion.

Christopher Soghoian, principal technologist at the American Civil Liberties Union (ACLU) said by phone interview that “this kind of operation is simply unprecedented.”

The illegal site in question was “Playpen,” a site that launched in August 2014, with a bulletin board on the dark web requesting users sign up and upload any image. The court described this as the main tactic for “the advertisement and distribution of child pornography.”

With over 60,000 new user accounts in less than a month, the site became a huge success for trafficking illegal material, including child pornography. The site at the time of its closing was bloated with 215,000 users, 117,000 total posts and an average of 11,000 unique visits per week. Unfortunately, the posts made were illicit and extreme abuse of children in the form of pornographic imagery. Additionally to the photography, advice columns were set up on the board to teach sexual abusers tactics to avoid detection while online.

Playpen was described by the FBI as the “largest remaining known child pornography hidden service in the world.” And amidst the hacking campaign approximately 1300 true IP addresses were identified prior to the seizure of the website in February 2015.

After its immediate seizure, it still was not shut down, remaining open on the dark web, unlike other sites the FBI have successfully shut down permanently, like Silk Road. Between February 20 and March 4, the FBI went and distributed their hacking tool, known as a network investigative technique (NIT). Playpen was running from its server in Virginia, and the hacking tool continued to infect targets, close to the 1300 IP addresses stated by the court.

There could very well be many more addresses that the FBI hacked but none of come to the surface at this time.

A federal public defender and counsel for the accused child abuser teacher in Vancouver, suggested there could be hundreds more, that would simply be filed under the same investigation.

“There will probably be an escalating stream of these [cases] in the next six months or so,” Colin Fieman said. “[This is what we can estimate from what] we’ve seen in terms of the discovery.”

Fieman has three cases pending on this investigation, and according to the court, there are charges being made in New York and New Jersey, Connecticut and Massachusetts, Illinois and Wisconsin, Florida, and Utah.

Fieman is arguing that the use of a broader NIT is an “extraordinary expansion of government surveillance and its use of illegal search methods on a massive scale.” He is arguing that regardless of the charges, his clients’ arrests were based on illegal means.

The Magistrate Judge who signed the warrant for the use of NIT, Theresa C. Buchanan of the Eastern District of Virginia, did not respond when questioned if she knew the warrant would grant the FBI the ability to hack any user of Playpen, and did not respond when questioned about her understanding of the technicalities of the NIT’s abilities.

NITs have existed for many years and have been in the form of malware or other exploitable web browsing bugs. It is not uncommon for any judge to sign a warrant for its use therefore, because there is judicial precedent. NIT use has been successful in the FBI bringing down illegal dark web sites.

But the question is the legality and complete understanding of their use, especially by the judges who sign off on the warrants.

Fieman is hoping to prove that such a warrant by a judge “effectively authorizes an unlimited number of searches, against unidentified targets, anywhere in the world,” and use this to defend his clients.

He continued saying that “basically, if you visited the homepage, and started to sign up for a membership, or started to log in, the warrant authorized deployment of the NIT [on these potential users’ computers and IPs].”

The warrant did not detail how the NIT was to be deployed, but rather that it could simply be deployed in order to hack the users on the Playpen site.

Fieman will go to great lengths to defend his clients and if the NIT proves to be done illegally, he may win his cases.

However, questions continue to loom, making it unclear if anything was illegal at all. The exact wording of the warrant and authorization still remain unknown for the NIT itself, and the exact number of hacked computers targeted outside of the United States remains disclosed.

This may be one of the most successful dark web take downs for the FBI in its history. How it was done, however, may remain a mystery, while thousands of individuals will be tried with child pornography charges.


  1. Hahaha, fuck you pedo scum!! I hope they burn them at the fucking stake!

  2. This is a victory against sick, twisted, pedophile scum. Unfortunately, the manner inwhich it was accomplished appears to be a loss for civil liberties / personal freedom.
    Thats a tough one to swallow. Lock these shit bags up or drop the charges based on illegal tactics. Illegal tactics that could just as well be used to bring down dark markets.

  3. Two arrests out of 215,000 users, and at least one of the defendants are out on bail?! Gee, the FBI isn’t even batting 0.001%!! What’s the lesson from all of this? Well, it’s what We have been telling folks for years now:

    **********DO NOT TRUST TOR ALONE!!!***********

    Use a Tor bridge AND, especially, use an anonymous Wi-Fi hotspot!!! Vary the latter as much as you can! Use the highest security settings at ***ALL*** times, which means disabling JavaScript! Run everything from a fully-encrypted drive, such as TrueCrypt or VeraCrypt! And, say NOTHING!!!(except, of course, that you exercise your 5th Amendment rights and want to speak to a lawyer!)

    As for those 1300 IP addresses, many are, hopefully, public Wi-Fi hotspots, which means that they will be “dead ends” for any investigator. But, the goal here, folks, should be ZERO leaked IP addresses! So, “put a condom” on your Tor browser! And, treat EVERY Deep Web site that you visit as being a compromised site!!!!

  4. anonymously disgusted

    Pedo scum deserve their time in jail, what the fuck is this bullshit. I’m all for anonymous browsing and the deep web, but pedophiles must be eliminated. They bring all the heat down, and piss the whole world off. You wan to get people on that ass just fuck with someone’s kids! Once the public at large decides to back 3 letter organization due to baby rapers its fucking over.

  5. An analysis of this.

    Folks, I think many of you are emotional and over-concerned about this hack by law enforcement.

    First, let’s analyse a few numbers:

    (1300 ip addresses / 200000 users) * 100 = 0.65% of all users of that fucking website.

    For all practical purposes, that 0.65% is a drop in the bucked. Probably it was done by use of a weakness in an older browser like they did with freedom hosting, otherwise that 1300 would surely have balooned to a 13000 in the period of two weeks in which the service was monitored.

    Of course there is the danger that the feds subpoena a popular browser maker to introduce a backdoor without us knowing, but clearly it has not been the case yet and that still remains an unlikely possibility because such a request would make US government systems themselves very vulnerable.

    (I wouldn’t be surprised if the exploit used this time belongs to a proprietary system and that’s why cops don’t feel compelled to disclose the method because that would get them sued by the browser maker for abusing said product.)

    Second, police has two priorites:

    1 – Fame

    Taking down pedos gives them fame. Showing that they got the trail for a thousand pedos helps them get attention and job promotions even if that doesn’t lead to any practical results. They are doing their job of finding and persecuting the bad guys. They need to show that to justify the cops existence to society.

    2 – Money

    People can understand easily what a pedophile is, but something that requires an entire phrase like “darknet drug lords” isn’t something joe sixpack can easily grasp. Thus although seizing dark markets may earn a bit of cred with geeks and other law enforcement it is of little use to show the taxpayer that cops are doing their job.

    Because such sweeping hacks like FD’s javascript exploit (and probably this one) are only useful to get to idiots, it would only help law enforcement to reach naive buyers. Sellers have on average quite better OPsec than using non-up-to-date torbrowsers on windows systems. Thus such browser exploits are not really useful to reach the sharks and photograp their piles of drugs to show the media and get piles of money to buy mraps, .50s and other scary military gear that cops should not own.

    Taking down dark markets is only useful for police if that comes with seizing money.

    And they can’t seize much money with browser exploits.

    Final words.

    I want to invite you guys to sit down and analyse such events under the glasses of cops. They will not kill their golden geese by overdoing their jobs against small time drug traders. El Chapo doesn’t use Alphabay, he has his own cellphone network.

    I’m sure someone is devising a device better than torbrowser, but that takes knowing what is used against torbrowser and also inventing new and more secure methods. The second item is very hard to do and takes a long time, but it will surely come.

  6. Fuck pedos, but 1.300 of 210.000? This is a joke, I think FBI do this just to get money from the US budget and to test how far they can get with breaking the law (the intentionally hacked thousands computers that weren’t suspicious). And how those 1300 fall into the trap? My guess JS or clicking urls. So they arrested just few dumb low-lifes and the most dangerous people are still free.

  7. The number is 13.000 not 1.300!!!! The Feds wouldn’t even BOTHER with something that provided only 1.300 prosecutions out of 210.000!!!

  8. It dosn’t matter how they bring down these sites, as long as there down. I am a computer forensic graduate and would love to try and hack, and bring down these sites, but i would be the one who would end up getting in trouble, where is the justice in that?

  9. Slippery Steve

    Don’t leave it just up to the donut munchers to take this evil scum down! We are many to their sick minority and amongst our many are guys like myself with certain skillets! And others with different skillets on the …?….more physical side?

    We trace them, name n shame them. Then the ‘others’ amongst our many do the rest. Beats a stupid FYI takedown screen huh?

  10. Dear lord, what a nightmare! I can’t believe there are over 200,000 sickos trading such horrible images! And I can’t imagine the effort it’s going to take to track down those 1300 people and PROVE that they were in fact the ones that looked at that material. An IP address alone is NOT proof. They would have had to download something, and most people don’t download the stuff. It seems like such a large effort to catch less than 1% of the people involved. Too bad they couldn’t have gotten the IP addresses of all 200,000 of those evil….I’d call them people but I don’t think they deserve to be called people.

Leave a Reply

Your email address will not be published. Required fields are marked *


Captcha: *