Being one of the FBI’s biggest and most notorious cyber actions, Operation Pacifier resulted in the Bureau taking over the PlayPen child porn site in 2015 and hacking thousands of computers throughout the world, most of them located in the US. Now, the Austrian government has learned that around 50 computers were hacked by the federal agency in Austria.
Austrian MPs earlier this year sent a letter to the parliament, asking for more information on child pornography and sex tourism cases. They got an answer in response from politician Johanna Mikl-Leitner, stating that Austrian authorities cooperated in Operation Pacifier, being the first time the FBI ever hacked any computers in the country.
Her letter says 50 Austrian IP addresses were “evaluated by a federal intelligence unit and used to pursue suspects of possession and distribution of child pornography”. The provided IP addresses helped investigators find “countless child pornography files,” in March 2016. According to the letter “extensive investigations are still underway.”
“The IP addresses were found through Operation Pacifier and lead [sic] to further investigations by Austrian police,” Thomas Soxberger from the Austrian parliament press office wrote in an email.
According to the document, Austrian law enforcement was working together with the Europol in the case. A Europol presentation showed the agency had created 3,229 cases as part of Operation Pacifier (the 50 Austrian cases may be included within that figure).
The FBI being the one who took over the PlayPen website for a short period, uploaded malware to the computers of visitors of child pornography related threads. The agency hacked computers in the US, Greece, Chile, Denmark, Colombia, Austria, potentially in Turkey and the UK.
In the US, the defendants in several cases tried to suppress evidence obtained by the malware, claiming the warrant used was invalid. Scarlet Kim, a legal officer from activist group Privacy International, said in an email:
“But the FBI’s deployment of malware went even further, transcending national boundaries and infecting untold numbers of computers scattered around the world. It is hard to imagine how a magistrate judge sitting in the Eastern District of Virginia could possibly sign off on an operation of this magnitude. The dramatic expansion of the FBI’s extraterritorial reach raises serious questions. How will other countries react to the FBI pursuing law enforcement activities in their jurisdictions without prior consent? Would the US welcome similar hacking operations carried out on US residents by other countries? Is the FBI violating the laws of foreign jurisdictions by hacking devices located in them?”