In the child pornography investigation conducted by the Argos taskforce, Motherboard has learned that Australian authorities hacked Tor users located in the US. While arrests were made around the world that were based on the evidence provided by Argos, recently-filed court documents raise questions on the legality of hacking users outside an agency’s jurisdiction.
Taskforce Argos is a specialist police unit that consists of not only standard police officers, but also detectives, IT specialists, and deepweb consultants. The Queensland-based police unit is responsible for taking down one of the most horrific child pornography sites in existence. The site, called The Love Zone, have over 29,000 members who were required to upload new material each month. One of the site members was known as Britain’s “worst-ever pedophile.”
In order to successfully gather enough evidence to prosecute hundreds of pedophiles and rescue 85 victims, Argos had to infiltrate the site. Through a series of arrests, agents were able to take control of The Love Zone. They arrested the site’s owner, kept the arrest from the media, and seamlessly took over the account.
Since The Love Zone was only accessible via Tor, law enforcement was unable to use standard tools to identify the site’s members. Their IP addresses were masked. This is why maintaining control of the site was so crucial.
The recently-filed court documents in question are part of a case against a Michigan man. Seth Piccolo was sentenced to five years in prison after pleading guilty to distribution and possession of child pornography.
After Taskforce Argos hacked the site, US law enforcement was sent a list containing names and IP addresses of US citizens who were members of the site. Seth Piccolo was one of these men. It’s suggested in a recent filing that 30 more individuals were named in the list received by the FBI, all of whom had been identified by the same method.
Department of Justice attorneys wrote “All of those users are currently under investigation for producing, distributing, receiving and accessing child pornography through this website.”
An Australian barrister, Greg Barns, told Motherboard in an encrypted phone call: “I think that’s problematic, because they’ve got no jurisdiction.” He is not the only one who is having similar thoughts.
Motherboard reached out to Matthew Borgula, Piccalo’s attorney, and was able to confirm the method Argos used to reveal a user’s real IP address. The authorities, still posing as The Love Zone’s admin, sent Piccalo a link that, once clicked, routed Piccalo’s web traffic in a manner that allowed authorities to see his real IP address.
While the details of Piccalo’s case are still somewhat unclear, documents from another court case shed some light on how law enforcement was able to complete this.
“When a user clicked on that hyperlink, the user was advised that the user was attempting to open a video file from an external website. If the user chose to open the file, a video file containing images of child pornography began to play, and the FLA [foreign law enforcement agency] captured and recorded the IP address of the user accessing the file.”
Christopher Soghoian, from the American Civil Liberties Union, told Motherboard in an encrypted phone call:“If they get your IP address from the Tor Browser, then it is law enforcement hacking,”
While the owner of the site, Shannon McCoole, was caught by such a method, the case against him is arguably different because he was an Australian citizen.
Greg Barns, the Australian barrister who practices criminal and human rights law and was a former national president of the Australian Lawyers Alliance, said that one possible argument for investigating and hacking the overseas-criminals was based on the location of the site’s owner. It’s possible that because McCoole was Australian and he was the site’s “CEO,” anyone using the site was fair game for Australian law enforcement. Another possible argument was based on the evidence that the site was, at one point, moved to a server in Brisbane.
“But they can’t simply wander around the world, assisting other law [enforcement], saying, ‘We’re here to help,’” Barns said.
Authorities have been hesitant or completely unable to answer questions on the matter.
Given the way the Tor network operates, Australian authorities would not have known what country a computer was located within. Prior to the hacking of an individual’s computer, the possibility of the individual residing in Australia was not that unlikely. Argos would not respond to questions regarding whether or not a warrant was obtained to gather IP addresses of US users.
While some entities and organizations such as The Electronic Frontier Foundation have argued that using a hacking tool to discover the IP address of a Tor user is a breach of rights, many US judges have disagreed. Judges claim there is no reasonable expectation of privacy when using the Tor network, meaning that it isn’t protected by the Fourth Amendment.
The possibility that Taskforce Argos investigated the US citizens with permission of US law enforcement agencies is not out of the question but there is a lack of evidence to conclude this.