Featured Article

Inside the shutdown of the ‘world’s largest’ child sex abuse website

Hackers found the dark web site just weeks after the U.S. government did

Comment

fbi bitcoin dark web 1
Image Credits: Bryce Durbin / TechCrunch

This morning, the Justice Department announced that it had brought charges against the administrator and hundreds of users of the “world’s largest” child sexual exploitation marketplace on the dark web.

For me, it marked the end of a story I’ve wanted to write for two years.

In November 2017, I was working for CBS as the security editor at ZDNet. A hacker group reached out to me over an encrypted chat claiming to have broken into a dark web site running a massive child sexual exploitation operation. I was stunned. I had previous interactions with the hacker group, but nothing like this.

The group claimed it broke into the dark web site, which it said was titled “Welcome to Video,” and identified four real-world IP addresses of the site, said to be different servers running this supposedly massive child abuse site. They also provided me with a text file containing a sample of a thousand IP addresses of individuals who they said had logged in to the site. The hackers boasted about how they siphoned off the list as users logged in, without the users’ knowledge, and had more than a hundred thousand more — but they would not share them.

If proven true, the hackers would have made a major breakthrough in not only discovering a major dark web child abuse site, but could potentially identify the owners — and the visitors to the site.

But at the time, we could not prove it.

My then editor-in-chief and I discussed how we could approach the story. A primary concern was that the dark web site was already under federal investigation, and writing about it could jeopardize that effort.

But we also faced another headache: There was no legal way we could access the site to verify it was what the hackers claimed.

“Children around the world are safer because of the actions taken by U.S. and foreign law enforcement to prosecute this case and recover funds for victims.”
Jessie K. Liu, U.S. Attorney for the District of Columbia

The hackers gave me a username and password for the site, which they said they had created just for me to verify their claims. But we could not access the site for any reason — even for journalistic reasons and in a controlled environment — for fear that the site may display child abuse imagery. Only federal agents working an investigation are allowed to access sites that contain illegal content. While journalists have a lot of flexibility and freedoms, this was not one of them.

After a call with several CBS lawyers, we decided that there was no legal way to write the story without verifying the site’s contents, something we legally weren’t able to do.

The story was dead, but the site wasn’t.

One thing the lawyers couldn’t tell me is if I should report the findings to the government. That was ultimately my decision to make. It’s a bizarre situation to be in. As a cybersecurity and national security reporter, the government all too often is “the nemesis,” often a target of journalistic inquisitions and investigations. But while journalists are told to report and observe and not get involved, there are exceptions. Risk to life and child exploitation are top of the list. A journalist cannot idly stand by knowing there could be a car bomb sitting outside a building, ready to detonate. Nor can one dismiss the idea of a child abuse site continuing to operate on the dark web.

I spoke with a well-known journalist to ask for ethical advice. We agreed to speak on background, from reporter to reporter. Having never faced a situation like this, my primary concern was to ensure I was on the right moral, ethical and legal side of things. Was it right to report this to the feds?

The answer was simple and expected: Yes, it was right to report the information to the authorities, so long as I protected my source. Protecting your sources is one of the cardinal rules of journalism, but my source was a hacker group — it was not the dark web site itself. After all, I was working under the assumption that the authorities would not care much for the source information anyway.

I reached out to a contact at the FBI, who passed me on to a special agent at a field office. After a brief phone call, I emailed the four IP addresses slated to be the dark web site’s real-world location, and the list of the thousand alleged users of the site.

And then silence. I heard nothing back. I followed up and asked, but the agent warned that if the site became — or was already — subject to investigation, there was little, if anything, they could say.

I recall the hackers were frustrated. After I told them I wouldn’t be writing the story, we are no longer communicating.

Weeks went by. I felt just as frustrated at the lack of insight into what I had only guessed or hoped was progress by the federal agents.

I recall running the list of IP addresses that the hackers gave me through a resolver, which provided some limited insight into who might be visiting the dark web site. We found individuals accessed the dark web site from the networks of the U.S. Army Intelligence, the U.S. Senate, the U.S. Air Force and the Department of Veterans Affairs, as well as Apple, Microsoft, Google, Samsung and several universities around the world. We could not identify, however, specific individuals who accessed the site. And because the dark web is anonymized, it’s likely that not even companies knew their staff were accessing this site.

How could they possibly let this go, I thought to myself, wondering whether the FBI agent had acted on the information I handed over. If there was an investigation it would take time and effort, and the wheels of government seldom move quickly. Would I ever know whether the perpetrators would ever be caught?

Today, two years later, I got my answer.

dark web site
The seized dark web marketplace, containing 250,000 child sexual exploitation videos and images. The site was shut down following a government investigation.

U.S. prosecutors said in the indictment, filed in August 2018 but unsealed Wednesday, that the dark web site — confirmed as “Welcome to Video” — had some 250,000 user-uploaded graphic images and videos of children who were being sexually abused. The government called it the “largest darknet child pornography website” in a press release.

This morning, after news of the site’s removal had been reported, I rifled through the documents posted on the Justice Department’s website and found a screenshot of the site, with the full web address in the address bar. It was a match. For the first time since the hackers told me of the dark web site, I went to the Tor browser and pasted in the address. It loaded — with the government’s “website seized” notice staring back at me.

According to the indictment, federal agents began investigating the site in September 2017, two months before the hackers breached the site. The site’s administrator, Jong Woo Son, had been running the operation from his residence in South Korea since 2015. The indictment said the main landing page to the site contained a security flaw that let investigators discover some of the IP addresses of the dark web site — simply by right-clicking the page and viewing the source of the website.

It was a major error, one that would trigger a chain of events that would ensnare the entire site and its users.

Prosecutors said in the indictment that they found several IP addresses: 121.185.153.64 and 121.185.153.45. One of the IP addresses the hackers gave me was 121.185.153.114 — an address on the same network subnet as the dark web site.

It was long-awaited confirmation that the hackers were telling the truth. They did in fact breach the site. But whether or not the government knew about the breach remains a mystery.

The IP addresses in the recently unsealed indictment were on the same network as the IP address provided by the hackers. (Image: TechCrunch)

Some five months after I contacted the FBI, the government obtained a warrant to seize and dismantle the dark web site. It’s believed the indictment was kept under seal until today in order to arrest, charge and prosecute individuals suspected of being involved in the site.

In total, there were 337 arrests, including a former Homeland Security special agent and a Border Patrol officer.

Authorities were able to rescue 23 children who were being actively abused.

I reached out to the federal agent this morning, and was told the FBI was not involved in the investigation. The Internal Revenue Service’s Criminal Investigation division, which investigates and prosecutes financial crimes, and the Homeland Security Investigations unit, which largely deals with human smuggling, child trafficking and related computer crimes, were credited with the work.

While authorities from the U.K. and South Korea contributed to the investigation, sources say the IRS received an anonymous tip that kickstarted it.

From there, the IRS used technology to trace bitcoin transactions, which the dark web site used to profit from the child exploitation videos. Users would have to pay in bitcoin to download content or upload their own child exploitation videos. The government also launched a civil forfeiture case to seize the bitcoins allegedly used by 24 individuals in five countries who are accused of funding the site.

The hacker group has not been in touch since we broke off communications. Publishing a story about the hack two years ago may have caused irreparable harm to the government’s investigation, potentially sinking it entirely. It was a frustrating time, not least being in the dark and not knowing if anyone was doing anything.

I’ve never been so glad to walk away from a story.

Justice Dept. says it’s taken down ‘world’s largest’ child exploitation sites on the dark web

More TechCrunch

Meta’s Oversight Board has now extended its scope to include the company’s newest platform, Instagram Threads, and has begun hearing cases from Threads.

Meta’s Oversight Board takes its first Threads case

The company says it’s refocusing and prioritizing fewer initiatives that will have the biggest impact on customers and add value to the business.

SeekOut, a recruiting startup last valued at $1.2 billion, lays off 30% of its workforce

The U.K.’s self-proclaimed “world-leading” regulations for self-driving cars are now official, after the Automated Vehicles (AV) Act received royal assent — the final rubber stamp any legislation must go through…

UK’s autonomous vehicle legislation becomes law, paving the way for first driverless cars by 2026

ChatGPT, OpenAI’s text-generating AI chatbot, has taken the world by storm. What started as a tool to hyper-charge productivity through writing essays and code with short text prompts has evolved…

ChatGPT: Everything you need to know about the AI-powered chatbot

SoLo Funds CEO Travis Holoway: “Regulators seem driven by press releases when they should be motivated by true consumer protection and empowering equitable solutions.”

Fintech lender SoLo Funds is being sued again by the government over its lending practices

Hard tech startups generate a lot of buzz, but there’s a growing cohort of companies building digital tools squarely focused on making hard tech development faster, more efficient and —…

Rollup wants to be the hardware engineer’s workhorse

TechCrunch Disrupt 2024 is not just about groundbreaking innovations, insightful panels, and visionary speakers — it’s also about listening to YOU, the audience, and what you feel is top of…

Disrupt Audience Choice vote closes Friday

Google says the new SDK would help Google expand on its core mission of connecting the right audience to the right content at the right time.

Google is launching a new Android feature to drive users back into their installed apps

Jolla has taken the official wraps off the first version of its personal server-based AI assistant in the making. The reborn startup is building a privacy-focused AI device — aka…

Jolla debuts privacy-focused AI hardware

OpenAI is removing one of the voices used by ChatGPT after users found that it sounded similar to Scarlett Johansson, the company announced on Monday. The voice, called Sky, is…

OpenAI to remove ChatGPT’s Scarlett Johansson-like voice

The ChatGPT mobile app’s net revenue first jumped 22% on the day of the GPT-4o launch and continued to grow in the following days.

ChatGPT’s mobile app revenue saw its biggest spike yet following GPT-4o launch

Dating app maker Bumble has acquired Geneva, an online platform built around forming real-world groups and clubs. The company said that the deal is designed to help it expand its…

Bumble buys community building app Geneva to expand further into friendships

CyberArk — one of the army of larger security companies founded out of Israel — is acquiring Venafi, a specialist in machine identity, for $1.54 billion. 

CyberArk snaps up Venafi for $1.54B to ramp up in machine-to-machine security

Founder-market fit is one of the most crucial factors in a startup’s success, and operators (someone involved in the day-to-day operations of a startup) turned founders have an almost unfair advantage…

OpenseedVC, which backs operators in Africa and Europe starting their companies, reaches first close of $10M fund

A Singapore High Court has effectively approved Pine Labs’ request to shift its operations to India.

Pine Labs gets Singapore court approval to shift base to India

The AI Safety Institute, a U.K. body that aims to assess and address risks in AI platforms, has said it will open a second location in San Francisco. 

UK opens office in San Francisco to tackle AI risk

Companies are always looking for an edge, and searching for ways to encourage their employees to innovate. One way to do that is by running an internal hackathon around a…

Why companies are turning to internal hackathons

Featured Article

I’m rooting for Melinda French Gates to fix tech’s broken ‘brilliant jerk’ culture

Women in tech still face a shocking level of mistreatment at work. Melinda French Gates is one of the few working to change that.

1 day ago
I’m rooting for Melinda French Gates to fix tech’s  broken ‘brilliant jerk’ culture

Blue Origin has successfully completed its NS-25 mission, resuming crewed flights for the first time in nearly two years. The mission brought six tourist crew members to the edge of…

Blue Origin successfully launches its first crewed mission since 2022

Creative Artists Agency (CAA), one of the top entertainment and sports talent agencies, is hoping to be at the forefront of AI protection services for celebrities in Hollywood. With many…

Hollywood agency CAA aims to help stars manage their own AI likenesses

Expedia says Rathi Murthy and Sreenivas Rachamadugu, respectively its CTO and senior vice president of core services product & engineering, are no longer employed at the travel booking company. In…

Expedia says two execs dismissed after ‘violation of company policy’

Welcome back to TechCrunch’s Week in Review. This week had two major events from OpenAI and Google. OpenAI’s spring update event saw the reveal of its new model, GPT-4o, which…

OpenAI and Google lay out their competing AI visions

When Jeffrey Wang posted to X asking if anyone wanted to go in on an order of fancy-but-affordable office nap pods, he didn’t expect the post to go viral.

With AI startups booming, nap pods and Silicon Valley hustle culture are back

OpenAI’s Superalignment team, responsible for developing ways to govern and steer “superintelligent” AI systems, was promised 20% of the company’s compute resources, according to a person from that team. But…

OpenAI created a team to control ‘superintelligent’ AI — then let it wither, source says

A new crop of early-stage startups — along with some recent VC investments — illustrates a niche emerging in the autonomous vehicle technology sector. Unlike the companies bringing robotaxis to…

VCs and the military are fueling self-driving startups that don’t need roads

When the founders of Sagetap, Sahil Khanna and Kevin Hughes, started working at early-stage enterprise software startups, they were surprised to find that the companies they worked at were trying…

Deal Dive: Sagetap looks to bring enterprise software sales into the 21st century

Keeping up with an industry as fast-moving as AI is a tall order. So until an AI can do it for you, here’s a handy roundup of recent stories in the world…

This Week in AI: OpenAI moves away from safety

After Apple loosened its App Store guidelines to permit game emulators, the retro game emulator Delta — an app 10 years in the making — hit the top of the…

Adobe comes after indie game emulator Delta for copying its logo

Meta is once again taking on its competitors by developing a feature that borrows concepts from others — in this case, BeReal and Snapchat. The company is developing a feature…

Meta’s latest experiment borrows from BeReal’s and Snapchat’s core ideas

Welcome to Startups Weekly! We’ve been drowning in AI news this week, with Google’s I/O setting the pace. And Elon Musk rages against the machine.

Startups Weekly: It’s the dawning of the age of AI — plus,  Musk is raging against the machine