Operation Pacifier, the FBI massive hacking campaign to de-anonymize Tor users

Pierluigi Paganini August 02, 2016

Operation Pacifier is the massive hacking campaign against computers worldwide launched by the FBI in early 2015 to track criminals on the dark web.

We are now aware that the FBI launched a massive hacking campaign against computers worldwide in early 2015 in the attempt to de-anonymize criminals visiting dark web child porn website

The use of the NIT was confirmed earlier this year when according to court documents reviewed by Motherboard, the FBI had used it to identify the suspects while surfing on the Tor network. The operation conducted by the FBI is code named ‘Operation Pacifier,’ the web child porn website under investigation was Playpen hosted on the Tor Network.

The Feds used the network investigative technique (NIT) to discover the suspects’ real IP address, their MAC address and other pieces of information.

According to the court documents, the FBI monitored a bulletin board hidden service launched in August 2014, named Playpen, mainly used for “the advertisement and distribution of child pornography.” The FBI was able to harvest around 1300 IPs, and until the moment 137 people have been charged. The network investigative technique used by the FBI included computers in the UK, Chilem and Greece.

In January, a report published by the Washington Post confirmed that in the summer of 2013 Feds hacked the TorMail service by injecting the NIT code in the mail page in the attempt to track its users.

Privacy advocates highlighted that the FBI used only one warrant to hack computers of unknown suspects all over the world. The defense also argues that the FBI left the child pornography site running in order to be able to do the network investigative technique.

The FBI’s expanding extraterritorial raising a heated debate on the case. In April 2016, the US Supreme Court has approved amendments to Rule 41, which now let U.S. judges issue search warrants for hacking into computers located also outside their jurisdiction.

Under the original Rule 41, a judge can only authorize the FBI to hack into computers in the same jurisdiction. The rule change was approved despite the opposition from civil liberties groups such as the American Civil Liberties Union and Access Now, it is curious that the U.S. Justice Department has described the modification as a minor change.

New revelations in the case confirm that the FBI also compromised 50 computers based in Austria.

According to Joseph Cox from MotherBoard, the Austrian MPs asked to the Parliament for more details on child pornography. In response, the politician Johanna Mikl-Leitner confirmed that Austrian law enforcement supported the FBI in the Operation Pacifier, admitting for the first time that the computers in the country were compromised by the NIT. In reality, the Austrian authorities

In a letter sent by Johanna Mikl-Leitner, the FBI investigated on 50 Austrian IP addresses belonging to suspects alleged involved in possession and distribution of child pornography. The investigation allowed the FBI and the Austrian police to track the IP addresses of machines containing “countless child pornography files,”.

The letter also confirmed that the authorities were still investigating the case, the unique certainty is that the 50 IPs were tracked under the Operation Pacifier.

Motherboard cites a presentation of the Europol that refers the Operation Pacifier and its results. The Operation Pacifier generated 3239 cases, including the Austrian ones.

Operation Pacifier

Both Europol and the FBI agencies declined to comment the case.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Operation Pacifier, FBI )


you might also like

leave a comment