Australian police ran a TOR-hidden child porn site for six months before sending a video to users that ultimately revealed their real IP addresses. The IP addresses of 30 Americans were turned over to the FBI. Credit: Thinkstock Aussie cops hacked U.S. TOR users as part of a child porn investigation, according to a report by Motherboard. The IP addresses of at least 30 Americans were turned over to the FBI.The police knew the owner of the dark web child porn site called “The Love Zone” started all of his messages with “hiyas.” Search engine results turned up over 450,000 hits for hiyas, but police whittled away at it until they had identified the owner; the former childcare worker is currently serving 35 years for “evil, depraved” sex offenses.After the Queensland Police Service’s Task Force Argos took over The Love Zone owner’s account, the cops could see what users were viewing on the TOR-hidden site and could read all private messages, but they could not see the users’ IP addresses. So, after running the site for six months, the Australian police resorted to social engineering and “hacking,” sending out a child porn video as bait.A court filing from 2015 described how Australian police obtained the real IP addresses. When a user clicked on that hyperlink, the user was advised that the user was attempting to open a video file from an external website. If the user chose to open the file, a video file containing images of child pornography began to play, and the [foreign law enforcement agency] captured and recorded the IP address of the user accessing the file. FLA configured the video file to open an Internet connection outside of the Network software, thereby allowing FLA to capture the user’s actual IP address, as well as a session identifier to tie the IP address to the activity of a particular user account.Motherboard called it hacking but also noted that it is “unclear” if Australian police hacked computers in other countries or if they obtained a warrant to do so.Another court filing mentioned that the IP addresses of “more than 30 registered users” were turned over the FBI. Turning those U.S.-based IPs over to an American intelligence agency is not so much the issue as is how the IPs were obtained, such as if hacking were involved and if it were even legal. Some U.S. judges have ruled that using TOR does not give users a reasonable expectation of IP address privacy; others have decided that using slick computer tricks to obtain IP addresses is a violation of Fourth Amendment rights. Although the FBI wouldn’t comment on The Love Zone operation, the agency told Motherboard, “The FBI, led by its Legal Attaches in numerous countries around the world, seeks to foster strategic partnerships with foreign law enforcement, intelligence, and security services, as well as with other U.S. government agencies by sharing knowledge, experience, capabilities and by exploring joint operational opportunities.”The FBI has come under fire for the “network investigative technique” (NIT) it used during the investigation into the TOR-based “Playpen” child porn site, which had 150,000 members. Several judges have found the FBI’s warrant was invalid. Those judges decided that just because a warrant was issued in one district, it did not give the FBI the legal right to hack computers in other districts. One hundred thirty-five cases are currently being prosecuted.And just as an FYI, the Aussie cops caught another guy from The Love Zone site because even though he cleaned up the meta data on child porn pictures, he didn’t clear the make and model of his Olympus camera. With access to private messages and a clue that the guy was in southeast Asia, the police combed over Flickr and TrekEarth. That led them to a photography studio publishing images with that type of camera.Some of the same kids featured in the child porn were featured in photos that contained nothing illegal. After the photographer posted on Facebook about booking a flight, including a hashtagged airline, the police arrested him at the airport and seized his computers and hard drives. A detective told The Guardian, “It was almost too easy.”Two of the Argos officers were given awards for so successfully pulling off the identity of The Love Zone owner for six months. Related content news Dow Jones watchlist of high-risk businesses, people found on unsecured database A Dow Jones watchlist of 2.4 million at-risk businesses, politicians, and individuals was left unprotected on public cloud server. By Ms. Smith Feb 28, 2019 4 mins Data Breach Hacking Security news Ransomware attacks hit Florida ISP, Australian cardiology group Ransomware attacks might be on the decline, but that doesn't mean we don't have new victims. A Florida ISP and an Australian cardiology group were hit recently. By Ms. Smith Feb 27, 2019 4 mins Ransomware Security news Bare-metal cloud servers vulnerable to Cloudborne flaw Researchers warn that firmware backdoors planted on bare-metal cloud servers could later be exploited to brick a different customer’s server, to steal their data, or for ransomware attacks. By Ms. Smith Feb 26, 2019 3 mins Cloud Computing Security news Meet the man-in-the-room attack: Hackers can invisibly eavesdrop on Bigscreen VR users Flaws in Bigscreen could allow 'invisible Peeping Tom' hackers to eavesdrop on Bigscreen VR users, to discreetly deliver malware payloads, to completely control victims' computers and even to start a worm infection spreading through VR By Ms. Smith Feb 21, 2019 4 mins Hacking Vulnerabilities Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe