Several alleged users of a child exploitation dark web site have become implicated after the U.S. Department of Homeland Security was able to obtain their IP addresses from a file sharing service outside the encrypted Tor network.
According to court filings, users of the dark web site posted links to password-protected child exploitation media on U.S.-based Ziifile, a file sharing service.
A court order was all that was needed to obtain the IP addresses of all the suspected dark web site users from the file sharing service.
Bizarrely Simple Takedown
The Department of Homeland Security was able to gain crucial information on several child exploitation website users without resorting to highly specialized methods, such as deploying special exploits or new techniques.
File sharing websites are notoriously known for attracting the attention of federal agencies.
For example, the 2016 takedown of the world’s biggest-ever file sharing website is a reminder of just how permeable their defenses are.
This recent turn of events further highlights the blind faith most dark web users put in web encryption services like Tor which, evidently, can be useless if not properly implemented.
“Bulletin Board A”
Court documents refrained from naming the child exploitation website due to pending investigations, and instead chose to refer to it as “Bulletin Board A.” A transcript from a law enforcement agent shows that at one point, the site had a robust membership of no less than 23,000 members.
Users of “Bulletin Board A,” the dark web adult content site, apparently signed their own fate when they chose to post outside links to their password-protected media which was hosted on the file sharing service Ziifile.
In addition to IP addresses, investigators were also able to obtain business records linked to various downloads posted by members of the dark web adult content website, according to court filings from government attorneys in a separate but related case.
Three Arrests So Far
According to Motherboard, three suspects have already been arrested and tried after using the file sharing website to download media from the dark web adult content site.
In December 2016, David Skally of Rhode Island pleaded guilty to possessing child exploitation charges and was sentenced on March 9 this year.
His admission of guilt was followed closely by that of Jack Bean Jr., a Massachusetts resident who also pleaded guilty to possessing child exploitation in February this year.
The indictment of the third suspect, a Virginia resident by the name of Larry Reece, eventually fell through due to lack of sustainable evidence to indicate Reece’s direct participation in downloading smut content from the file sharing site.
The prosecution also failed to prove that he was indeed a member of the dark web child exploitation site.
Suspects Downloaded Files Outside of Tor
In a bid to quicken their downloads, it is alleged that some users of the dark web child exploitation site opted to download files from the file sharing services outside of Tor, for no reason other than to avoid the painfully slow download speeds encountered when routing traffic via the anonymity network.
This was a fact that was corroborated by Homeland Security Investigation Cyber Crimes Center Special Agent Elizabeth De Jesus, who spoke during a hearing of a related case.
According to her, users of the dark web child exploitation website opted to download their content outside of the anonymous network simply to avoid prolonged download times.