Police may charge data centre in largest ever child abuse images bust

library
crime | hacking | security

Canadian police have seized over 1.2 petabytes of data from the dark net – more than four times the amount of data in the US Library of Congress – in what could be the largest child abuse image investigation ever.

In what would be a game-changing shift in prosecutorial tactics, police are considering going beyond the traditional method of prosecuting individuals and will potentially also press charges against the owner of the drives that hold that material – most likely, an Ontario data centre that houses the abusive images.

As Motherboard reports, police developed in-house password cracking software that’s slowly churning through the massive information trove.

Up to 7500 people – the number of unique IP addresses associated with the data seized – from nearly 100 countries could be implicated.

Scott Tod, Deputy Commissioner of the Ontario Provincial Police (OPP), spoke to Motherboard in late February following an address to a crowd of defence specialists.

Here’s what he had to say about the data centre, which investigators have refrained from naming:

What we are alleging is occurring is that there are individuals and organizations that are profiting from the storage and the exchange of child sexual exploitation material.

They store it and they provide a secure website that you can log into, much like people do with illegal online gaming sites.

Tamir Israel, a staff lawyer at the Canadian Internet Policy Public Interest Clinic (CIPPIC), said that charges against the data centre will likely depend on whether employees were aware of the activity taking place on the file-sharing service the data centre hosts.

Such awareness isn’t the norm, he said:

There’s no proactive obligation to investigate what happens on your service. If you do become aware that something is there, there’s a reporting obligation.

But usually data centers aren’t actively looking through their stuff, so it’s reasonable to say that they wouldn’t have come across that.

Hanni Fakhoury, senior staff attorney at the Electronic Frontier Foundation, told Motherboard that going after a web hosting server is a novel approach:

What I’ve traditionally seen is very targeted investigations. Agents will go undercover on some peer-to-peer site and see files that are available for sharing, and they’ll engage a person and trade photos with them. Or they’ll see that the person is sharing child pornography files and take investigative steps to uncover that specific individual and arrest them. That’s very common, that’s bread and butter how these sorts of cases are done.

What is new is this approach that says, you know what, there’s a web hosting server out there that hosts a lot of child porn. It also hosts other stuff that we’re not interested in, but it hosts a lot of child porn, so we’re going to take down that whole host.

Police have developed password-cracking software that can cycle through 500,000 possibilities per second in order to sift through the seized data, which contains approximately 1.5 million compressed, password-protected RAR files, stored and analysed on the additional hardware they’ve had to purchase for the job.

Out of the 7500 IP addresses police have identified, 2200 of the users are in the US, 843 are in Germany, 534 are in Japan, 457 are in Russia, 394 in Canada, 380 in the UK and 374 in France.

Until all the files have been password-cracked, however, there’s no saying how many of those files actually contain child porn. In fact, it’s probably a mash-up of abusive images and more innocent material.

From Tod:

We’re not making any assumptions of how many are actually criminally guilty at this time, or criminally responsible. But we’re certainly a size of information that’s being traded that we know is illegal material of volumes that we’ve never seen before.

This is the first investigation of this scale, to my knowledge—in North America, if not worldwide.