A Texas judge rejected the plea deal of a federal agent who had been using a dark web child abuse forum to download and access illegal pictures and videos. The agent was caught during a federal investigation into members of the forum.
Richard Gratkowski, a 40-year-old Homeland Security Investigations agent living in Texas, had used a child abuse forum accessible only on the dark web for months before destroying his hard drives and wiping his cell phones, the Federal Bureau of Investigation reported. Homeland Security Investigations (HSI) had been investigating a number of dark web child abuse sites in 2017 and 2018. Over the course of the investigation, HSI discovered that at least two federal agents employed by the Department of Homeland Security (DHS) had accessed a specific child abuse forum. To avoid potential conflicts of interest or tipping off the federal agents, HSI moved the cases from law enforcement agencies under the DHS to the primary law enforcement agency under the Department of Justice—the Federal Bureau of Investigation (FBI).
HSI, aided by the Internal Revenue Service’s Criminal Investigation (IRS-CI) division, had already collected ample digital evidence of Gratkowski’s suspected illegal activity before passing the information over to the FBI. Although many investigations of this scale use as many methods as possible to identify suspects and link them to the illegal hidden service or surface web site, a single difference between the child abuse forum in question and many others allowed the IRS-CI to identify many suspects through a single method. Unlike most dark web forums, the one Gratkowski had admitted to using had required users to “pay-to-play,” so to speak. To join and access a collection of almost 120,000 illegal pictures and videos, members had to pay the forum administration a certain amount in bitcoin.
The IRS-CI and HSI Special Agents had somehow identified the addresses of the cryptocurrency wallets used by the forum admins, allowing them to trace payments back to their sources. In Gratkowski’s case and likely in many others, such as the case of the Saudi national who recently admitted using the same forum, the cryptocurrency payments had been sent from a wallet linked to a cryptocurrency exchange. To purchase cryptocurrency, users of these exchanges often have to prove their identity. Even if they never verified their identity, they often used bank accounts or credit/debit cards under their name. The individual purchases an amount of cryptocurrency with a funding method linked to their identity and then sends the cryptocurrency to the destination wallet. Since both the source address and destination address of a bitcoin transaction is public knowledge, linking payments to exchanges is often a simple task. Some of the risk involved is likely circumvented when using tumblers or by converting the bitcoin to a privacy coin and then back to bitcoin before sending it to the final destination. However, mixing bitcoins is far from being a completely safe practice.
Companies, such as Chainalysis, sell services to cryptocurrency exchanges and government agencies that allow the tracing of payments on the blockchain. In many cases, this includes payments that have been intentionally mixed or masked. It is unclear how IRS-CI and HSI managed to identify the addresses used by the forum but they could have identified the wallet through one of many methods. But the damning piece of evidence in Gratkowski’s case was a payment to the forum that had originated from a cryptocurrency exchange wallet. When federal agencies subpoenaed the wallet, they learned that a man from Texas had funded the wallet using a USAA bank account. Upon further investigation, they learned that this Texas man had worked for HSI as a gang activity investigator for ten years. They handed the case over to the FBI.
The FBI investigated and then raided the man’s house where they found no evidence that Gratkowski had been viewing child pornography. Everything had been wiped clean. When questioned, however, Gratkowski admitted accessing several forums, including the forum in question. He recently came to an agreement with the prosecution to enter a guilty plea for one count of receiving child pornography and one count of accessing child pornography. However, he had a condition: all rights to challenge evidence would be maintained.
At a recent hearing in San Antonio, Senior U.S. District Judge David Ezra rejected the deal. The judge had a policy not to accept conditional deals. Gratkowski changed his plea from not guilty to guilty and will appear in court next month for a bench trial.