Tech

Feds Bust One of the Dark Web's Biggest Child Porn Sites Thanks to Tremendously Bad Opsec

The site, "Welcome to Video," hosted 8 terabytes of child porn. More than 337 people have been arrested in 38 countries.
GettyImages-1002113600
Image: Getty Images

The Department of Justice announced on Wednesday that it has seized and shut down Welcome to Video, one of the world’s largest dark web child porn websites in a worldwide law enforcement action.

Law enforcement has arrested 337 alleged pedophiles in 38 countries around the world and has rescued 23 children from abusive situations as part of the operation, the DOJ said in a press conference on Wednesday.

Advertisement

The DOJ said it traced Bitcoin payments on the blockchain in order to find users and administrators of the website. In a bit of shockingly terrible opsec, the website's administrator was running payments through an American Bitcoin exchange under his real name, cell phone number, and email account, which seems to have made at least the initial investigation trivially easy as far as dark web busts go.

The site hosted “more than a quarter million videos, and users downloaded more than a million files totaling 8 terabytes,” the DOJ said.

“Much of [the site] depicted prepubescent children, toddlers, and infants engaged in sexual conduct,” Jessie Liu, a federal prosecutor for the district of Washington DC, said at the press conference.

According to the indictment, the site operated between June 2015 and late 2018, when it was seized. Members of the site paid roughly $350 in Bitcoin for a six-month membership to the website that allowed for unlimited downloads. “The upload page on Welcome to Video stated: ‘Do not upload adult porn,’” the DOJ’s indictment said.

The investigation was a partnership between the DOJ, ICE, the IRS, and their counterparts in the United Kingdom and South Korea. Liu said that 53 alleged pedophiles have been arrested in the United States and that dozens more people are under investigation. She said that people have been arrested in Brazil, the Czech Republic, South Korea, Spain, Ireland, the United Arab Emirates, and other countries.

Advertisement

According to an indictment, law enforcement was able to track users of the site on the blockchain not because of the design of Bitcoin itself, which is pseudonymous, but because “virtual currency exchanges were required by US law to collect identifying information of their customers and verify their clients’ identities.”

1571237172122-Screen-Shot-2019-10-16-at-104553-AM

The indictment notes that the DOJ went undercover and sent Bitcoin to the website’s Bitcoin wallet on several occasions. That Bitcoin wallet was hosted at an exchange and registered to Jong Woo Son, the name of the alleged administrator of the site. He listed his cell phone number and email account with the exchange. The department was also able to track when the administrator cashed out to a bank account through a Bitcoin exchange. The DOJ did not name the exchange in the indictment.

The DOJ used software called Chainalysis to track payments going into the administrator's Bitcoin wallet.

1571238527616-Screen-Shot-2019-10-16-at-110631-AM

A map of transactions made by Chainalysis.

Though the scale of this takedown is incredible, the technical details are pretty run-of-the mill. Unlike previous high profile dark web busts, it doesn’t look like the DOJ had to rely on a vulnerability in the Tor network or hack anything in order to determine the identity of many of the owners of the site. The site’s reliance on American Bitcoin exchanges allowed law enforcement to crack the identities of the administrator and the people using it quite quickly, according to the indictment.

This is, obviously, a major and important dark web bust, but the indictment raises the question of why the DOJ allowed the site to operate for so long. Identifying the administrator and some of its users was able to be done quickly. There are ongoing debates in the law enforcement community about whether it should allow child porn websites to operate in order to gather more evidence and make more arrests, but, as the DOJ itself noted in the press conference, every new video uploaded to the site detailed a new and horrific crime against children.