At age 15, Corey Ewels used the darknet to download almost 4,500 pictures of child abuse, prosecutor Jeremy Evans told Grimsby Crown Court. Police raided Ewels’ Abbey Road, Grimsby home on January 20, 2015. One year passed before investigators analyzed the computer seized from house of the so-called “wizz kid.” Ewels, one of the youngest the court had ever seen for child abuse crimes involving the darknet, told the court that he had downloaded the pictures before her had turned 15.
Jeremy Evans tried to explain onion routing and the Tor Browser to the court. His explanation likely made little difference as Ewels had already admitted he had searched for and downloaded the illegal pictures. Evans said that Ewels used a “computer within a computer” to access the darknet where he had found the “indecent images of children.” Evans called the darknet a set of hidden layers inaccessible by regular search engines. Ewels made “use of the dark web to uncover this material,” Evans said. He said the “computer within a computer” served as a “trapdoor” for darknet access.
Police investigators may not have simply waited a year to access the computers, as information revealed by the prosecutor indicated. They found themselves unable to recover any data when they conducted what should have been a simple forensic data recovery. The investigators needed to access the “trapdoor” to find out what Ewels had stored within it. And they could not. So according to the prosecutor, the police reached out to the The National Technical Assistance Centre (NTAC). NTAC specializes in assisting government agencies with data interception and data recovery.
A discussion on a popular image board focuses on what Ewels did that landed him in court for downloading child abuse content. He used Tor through a virtual machine. All of the PlayPen users—unless they managed to use a clearnet proxy—used Tor as well. Ewels could have been identified by using an outdated version of the Tor browser and leaving NoScript in the “off” position. His arrest occurred in 2015. Since Tor shipped with NoScript off, he may have forgotten to turn it back on. He could have downloaded anything that “phoned home,” so to speak. Even something as simple as the locktime file that law enforcement uploaded to Hansa marketplace that automatically pinged a law enforcement server when opened. (There is no reason any locktime file should be a .xlsx file. It should not even be a downloadable file for that matter.)
Why did the police need a year to break into the virtual machine? Why did they require help from the UK’s data recovery specialists? The encryption is either awful and effectively worthless or great and next to impenetrable.
Ewels pleaded guilty to a combined total of six counts of possessing indecent images of children and possessing extreme pornography. Judge Graham Robinson allowed the now 18-year-old to avoid prison by sentencing him two years of supervision without access to computers.