Last year, Motherboard found Australian authorities had unmasked Tor users in the US as part of a child pornography investigation. Judging by court documents, Australian authorities sent targets a hyperlink to a video that, when clicked, would give their real IP address to investigators.
Now, it has emerged the hacking operation was broader in scope, with authorities placing a booby-trapped video not only in messages to individual targets, but on a more widely accessible forum, allowing investigators to identify hundreds of suspects around the world. The case highlights the growing trend of law enforcement agencies using hacking tools and malware to identify criminals located outside of their immediate jurisdiction.
The operation revolved around The Love Zone, a child pornography site that was hosted on the so-called dark web. That meant users typically connected using the Tor Browser, masking their IP address.
In 2014, Queensland Police Service's Task Force Argos, a unit focused on child exploitation crimes, arrested The Love Zone's Australian administrator, and took over the site. As Motherboard reported, Australian authorities then sent targets a link to a video of child pornography that was configured in such a way as to route the viewer's internet traffic outside of the Tor network, exposing their IP address.
According to newly uncovered court documents, investigators didn't just send a video to individuals, but posted a link to it on the wider forum.
"FLA 1 [foreign law enforcement agency] uploaded a hyperlink to a file within a forum on 'Website 19' that was accessible only to registered members of 'Website 19'," a complaint concerning a suspect in Delaware reads. Although the complaint does not point explicitly to Australian authorities, it says the FLA shut down Website 19 in December 2014; the same month Task Force Argos shuttered The Love Zone.
Another court document says that authorities identified at least 30 US-based IP addresses; Motherboard found another likely related case of a man in Maryland who was recently sentenced to five years in prison.
But Australian authorities did not only hack suspects in the US.
"The FBI and Australian authorities identified hundreds of members who were scattered across the globe," according to a press release related to the same investigation.
Indeed, investigators would have had no way of knowing where the people clicking the video would have been located; that is the very problem authorities face when dealing with suspects on the dark web. However, that also means law enforcement agencies may be searching computers across international borders and beyond their legal remit. Task Force Argos has repeatedly declined to answer questions from Motherboard on whether the unit obtained a warrant to unmask suspects in this operation.
In February 2015, the FBI embarked on the largest law enforcement hacking operation to date, and obtained over 8000 IP addresses from 120 countries on a legally contentious warrant.
Although this Australian operation was relatively smaller in scope, it still affected targets across the world. Cops really are hacking the planet.