Sorry Guys, The FBI Did Not Run 23 Child Porn Websites
This week, the FBI was caught red-handed running not one, but a staggering 23 dark web child pornography sites, according to a myriad of reports.
Ars Technica broke the news, quickly followed by RT, Gizmodo, The Next Web, and a host of other high profile tech blogs and news sites.
This would be a great story, if it wasn’t entirely false.
TL;DR — the FBI was authorized to seize and subsequently run 23 dark web child pornography sites, but did no such thing. Instead, they took over the sites for approximately two days, effectively stopped them from being child pornography sites by blocking visitors to their content, and then quickly shut the sites down.
Bothered to read it version — First off, it’s important to know that this investigation centered around Freedom Hosting: a sort of turn-key hosting provider for dark web sites. The 23 sites all used this provider, meaning that when the FBI arrested Freedom Hosting’s administrator, they gained access to the back-end of all of these sites at the same time. Quite the goldmine.
Shortly after, the FBI applied for a warrant to deploy a piece of malware — known as a network investigative technique — from these 23 sites. The malware was designed to grab a visitor’s real IP address, so investigators could then subpoena the relevant internet service provider, and eventually put a real name to a site user.
In order to deploy the malware, the FBI moved the 23 websites to a government server. The relevant affidavit says:
“In the normal course of the operation of a web site, a user sends “request data” to the web site in order to access that site. While Websites 1–23 operate at a government facility, such request data associated with a user’s actions on Websites 1–23 will be collected.” [emphasis added]
Well, that’s bloody interesting. Fast forward to this week, and outlets picked up on the affidavit passage. Ars’ headline read, “FBI operated 23 Tor-hidden child porn sites, deployed malware from them.”
The latter half of that sentence is correct, as already pointed out and widely covered: the FBI did launch malware from Freedom Hosting sites.
The first bit of the headline, however, and the part that a wealth of publications have focused on, is not true. Although authorized to do so, the FBI never actually ran the child pornography sites.
Instead, when the FBI deployed its malware on Freedom Hosting sites, it presented users with an “error page.” Hidden within this page was the code supposed to de-anonymize users. Importantly, the actual content of the site itself was inaccessible, including that of the child pornography sites. In effect, when they were controlled by the FBI, these sites ceased to be child pornography sites; instead they just displayed an innocuous, albeit malware-laden message. How can you say the FBI ran 23 child porn sites, when they didn’t even allow people to view any child porn on them?
This account of the error message is according to multiple sources (my own here; an academic here; and WIRED’s previous reporting at the time of the Freedom Hosting takeover here).
(The executed warrant relating to hacking users of the 23 sites also says that data was only collected between 8/3/2013 and 8/5/2013; according to WIRED, all sites on Freedom Hosting started delivering the error message on 8/4/2013).
But no mention of the error message, nor the consequence it would have had on the distribution of child pornography, made its way into any of the reports I read.
“FBI ran 23 Dark Web child porn sites to gather visitor info.”
“FBI Ran 23 Child-Porn Websites to Ensnare Users.”
“FBI ran 23 child porn sites in sting operation.”
All of those headlines are wrong.
Arguably, the reason so many people paid attention to this is because the FBI has run at least one child pornography site in the past. In 2015, the FBI seized what was the largest dark web child porn site at the time, called Playpen, and kept it running for 13 days, all the while its users continued to upload and view child pornography. After we learned of that, it doesn’t seem that far-fetched that the FBI would run nearly two dozen of the things.
Did the FBI fuck up on this operation? It certainly looks like it: the agency put its error message on every Freedom Hosting site, including a perfectly legitimate email provider, raising serious questions about whether or not the FBI hacked dark web users who weren’t suspected of a crime.
But the FBI did not run 23 dark web child pornography sites. Sorry!
