This morning, the Justice Division introduced that it had introduced fees towards the administrator and a whole bunch of customers of the “world’s largest” youngster sexual exploitation market on the darkish internet.
For me, it marked the top of a narrative I’ve needed to put in writing for 2 years.
In November 2017, I used to be working for CBS because the safety editor at ZDNet. A hacker group reached out to me over an encrypted chat claiming to have damaged right into a darkish site working a large youngster sexual exploitation operation. I used to be shocked. I had earlier interactions with the hacker group, however nothing like this.
The group claimed it broke into the darkish site, which it mentioned was titled “Welcome to Video,” and recognized 4 real-world IP addresses of the location, mentioned to be totally different servers working this supposedly behemoth youngster abuse website. Additionally they supplied me with a textual content file containing a pattern of a thousand IP addresses of people who they mentioned had logged in to the location. The hackers boasted about how they siphoned off the record as customers logged in, with out the customers’ data, and had over 100 thousand extra — however they might not share them.
If confirmed true, the hackers would have made a serious breakthrough in not solely discovering a serious darkish internet youngster abuse website, however may probably establish the house owners — and the guests to the location.
However on the time, we couldn’t show it.
My then editor-in-chief and I mentioned how we may strategy the story. A major concern was that the darkish site was already underneath federal investigation, and writing about it may jeopardize that effort.
However we additionally confronted one other headache: there was no authorized manner we may entry the location to confirm it was what the hackers claimed.
“Children around the world are safer because of the actions taken by U.S. and foreign law enforcement to prosecute this case and recover funds for victims.”
Jessie Ok. Liu, U.S. Legal professional for the District of Columbia
The hackers gave me a username and password for the location, which they mentioned that they had created only for me to confirm their claims. However we couldn’t entry the location for any motive — even for journalistic causes and in a managed surroundings — for concern that the location might show youngster abuse imagery. Solely federal brokers working an investigation are allowed to entry websites that include unlawful content material. Whereas journalists have a variety of flexibility and freedoms, this was not one in every of them.
After a name with a number of CBS attorneys, we determined that there was no authorized method to write the story with out verifying the location’s contents, one thing we legally weren’t capable of do.
The story was useless, however the website wasn’t.
One factor the attorneys couldn’t inform me is that if I ought to report the findings to the federal government. It’s a weird state of affairs to be in. As a cybersecurity and nationwide safety reporter, the federal government all too typically is “the nemesis,” typically a goal of journalistic inquisitions and investigations. However whereas journalists are advised to report and observe and never get entangled, there are exceptions. Threat to life and youngster exploitation are high of the record. A journalist can not idly stand by realizing that there could possibly be a automobile bomb sitting exterior a constructing, able to detonate. Nor can one dismiss the thought of a kid abuse website persevering with to function on the darkish internet.
I spoke with a widely known journalist to ask for moral recommendation. We agreed to talk on background, from reporter to reporter. Having by no means confronted a state of affairs like this, my major concern was to make sure I used to be on the fitting ethical, moral and authorized aspect of issues. Was it proper to report this to the feds?
The reply was easy and anticipated: Sure, it was proper to report the knowledge to the authorities, as long as I protected my supply. Defending your sources is likely one of the cardinal guidelines of journalism, however my supply was a hacker group — it was not the darkish site itself. In any case, I used to be working underneath the belief that the authorities wouldn’t care a lot for the supply info anyway.
I reached out to a contact on the FBI, who handed me onto a particular agent at a subject workplace. After a quick telephone name, I emailed the 4 IP addresses slated to be the darkish site’s real-world location, and the record of the thousand alleged customers of the location.
After which silence. I heard nothing again. I adopted up and requested, however the agent warned that if the location turned — or was already — topic to investigation, there was little, if something, they may say.
I recall the hackers had been pissed off. After I advised them I wouldn’t be writing the story, we’re now not speaking.
Weeks glided by. I felt simply as pissed off on the lack of perception into what I had solely guessed or hoped was progress by the federal brokers.
I recall working the record of IP addresses that the hackers gave me by way of a resolver, which supplied some restricted perception into who is perhaps visiting the darkish site. We discovered people entry the darkish site from the networks of the U.S. Military Intelligence, the U.S. Senate, the U.S. Air Power, and the Division of Veterans Affairs, in addition to Apple, Microsoft, Google, Samsung, and several other universities world wide. We couldn’t establish, nevertheless, particular people who accessed the location. And since the darkish internet is anonymized, it’s probably that not even corporations knew their employees had been accessing this website.
How may they presumably let this go, I believed to myself, questioning whether or not the FBI agent had acted on the knowledge I handed over. If there was an investigation it could take effort and time, and the wheels of presidency seldom transfer rapidly. Would I ever know whether or not the perpetrators would ever be caught?
At the moment, two years later, I acquired my reply.
U.S. prosecutors mentioned within the indictment, filed in August 2018 however unsealed Wednesday, that the darkish site — confirmed as “Welcome to Video” — had some 250,000 user-uploaded graphic pictures and movies of kids who had been being sexually abused. The federal government known as it the “largest darknet child pornography website” in a press launch.
This morning, after information of the location’s elimination had been reported, I rifled by way of the paperwork posted on the Justice Division’s web site and located a screenshot of the location, with the total internet tackle within the tackle bar. It was a match. For the primary time for the reason that hackers advised me of the darkish site, I went to the Tor browser and pasted within the tackle. It loaded — with the federal government’s “website seized” discover staring again at me.
In keeping with the indictment, federal brokers started investigating the location in September 2017, two months earlier than the hackers breached the location. The positioning’s administrator, Jong Woo Son, had been working the operation from his residence in South Korea since 2015. The indictment mentioned the principle touchdown web page to the location contained a safety flaw that allow investigators uncover a number of the IP addresses of the darkish site — just by right-clicking the web page and viewing the supply of the web site.
It was a serious error, one that will set off a sequence of occasions that will ensnare the complete website and its customers.
Prosecutors mentioned within the indictment that they discovered a number of IP addresses: 18.104.22.168 and 22.214.171.124. One of many IP addresses the hackers gave me was 126.96.36.199 — an tackle on the identical community subnet because the darkish site.
It was long-awaited affirmation that the hackers had been telling the reality. They did in reality breach the location. However whether or not or not the federal government knew concerning the breach stays a thriller.
Some 5 months after I contacted the FBI, the federal government had obtained a warrant to grab and dismantle the darkish site. It’s believed the indictment was stored underneath seal till as we speak with a view to arrest, cost and prosecute people suspected of being concerned within the website.
In whole, there have been 337 arrests, together with a former Homeland Safety particular agent and a Border Patrol officer.
Authorities had been capable of rescue 23 kids who had been being actively abused.
I reached out to the federal agent this morning, and was advised the FBI was not concerned within the investigation. The Inner Income Service’s Legal Investigation division, which investigates and prosecutes monetary crimes, and the Homeland Safety Investigations unit, which largely offers with human smuggling, youngster trafficking and associated pc crimes, had been credited with the work.
Whereas authorities from the U.Ok. and South Korea contributed to the investigation, sources say the IRS acquired an nameless tip that kickstarted it.
From there, the IRS used expertise to hint bitcoin transactions, which the darkish site used to revenue from the kid exploitation movies. Customers must pay in bitcoin to obtain content material or add their very own youngster exploitation movies. The federal government additionally launched a civil forfeiture case to grab the bitcoins allegedly utilized by 24 people in 5 nations who’re accused of funding the location.
The hacker group has not been in contact since we broke off communications. Publishing a narrative concerning the hack two years in the past might have brought on irreparable hurt to the federal government’s investigation, probably sinking it totally. It was a irritating time, not least being at midnight and never realizing if anybody was doing something.
I’ve by no means been so glad to stroll away from a narrative.