PlayPen
| Unix | Assembly language | Mathematics | Web development | I2P |
|---|---|---|---|---|
| GhostBSD | Assembly Programming Tutorial | Statistics | Django for Beginners | MuWire |
| GUI | Artificial intelligence | Artificial neural network | Machine learning | Messenger |
| Tkinter | Artificial intelligence | Artificial neural network | Machine Learning Mastery with Python | Session |
- FBI crack Tor and catch 1,500 visitors to biggest child pornography website on the dark web
2016-01-06
- FBI ran website sharing thousands of child porn images
2016/01/21
Block connection from surface web
If you use Apache and CentOS, you should edit "httpd.conf" file. If you use Apache and Ubuntu, you have to edit "ports.conf" file.
Change the below two lines
#Listen 12.34.56.78:80 Listen 80
into the below four lines. They are just examples.
Listen 127.0.0.1:80 Listen 127.0.0.1:892 Listen 127.0.0.1:1004 #Listen 80
If you change the former into the latter, nobody can connect to your darknet website from surface web. In other words, the cannot connect your website using Google Chrome or Microsoft Internet Explorer.
nginx's setting is similar to Apache HTTP Server's.
Apache on Windows is similar to Apache on CentOS.
How the police got PlayPen's IP address
- An Admin's Foolish Errors Helped the FBI Unmask Child Porn Site 'Playpen'
Unsealed documents show a misconfigured server and some poor opsec helped lead law enforcement to their target.
May 16 2016
Recently unsealed court documents reveal that “Playpen,” one of the largest and most infamous dark web child pornography sites, was shut down partly owing to its administrator's own mistakes.
“Due to a misconfiguration of the server hosting the TARGET WEBSITE [Playpen], the TARGET WEBSITE was available for access on the regular Internet to users who knew the true IP address of the server,” a search warrant application for intercepting communications on Playpen from February 2015 reads. The search warrant and other documents were unsealed in the case of Richard Stamper, who was arrested on suspicion of child pornography charges.
“Basically, Playpen must have set their [child pornography] site to [a] default [web server setting], meaning if you typed in the IP address you could see the Playpen site,” Thomas White, a UK-based activist and technologist, explained in an encrypted chat. “Whereas if they set another default like ‘server not found,’ then you could only access Playpen by typing the correct .onion address.” This means that law enforcement could verify that an IP address belonged to a specific site.
“An FBI Agent, acting in an undercover capacity, accessed IP address 192.198.81.106 on the regular Internet and resolved to TARGET WEBSITE,” the document continues. That address pointed to a server in North Carolina, hosted by a company called CentriLogic.
- How the FBI Located Suspected Admins of the Dark Web’s Largest Child Porn Site
The agency cooperated with a foreign law enforcement agency that had busted a second child pornography site.
Mar 2 2016
In February 2015, the Federal Bureau of Investigation launched an operation that was notable for two reasons: it was the largest known law enforcement hacking operation to date, and it entailed operating a child pornography website as a honeypot for 13 days.
But, in identifying at least two high ranking members of Playpen, and possibly one other, the FBI relied on information provided by a foreign law enforcement agency (FLA), according to court documents.
The following month after the seizure, the FLA obtained an IP address for one of the moderators of this site by sending the target a link to a streaming video on an external website.
"If the user chose to open the file, a video file containing images of child pornography began to play, and the FLA captured and recorded the IP address of the user accessing the file," the FBI complaint reads. Some of the related court documents were recently shared by a user on Reddit.
The video was configured in such a way that when it was opened, the target's computer would open up an internet connection outside of the anonymity network used by the child pornography site, "thereby allowing FLA to capture the user's actual IP address, as well as a session identifier to tie the IP address to the activity of a particular user account," the complaint continues. (The documents do not explicitly say whether this site was hosted on the Tor network, or another less popular network, such as I2P; it only refers to the website operating within "the Network".)
This IP address was then provided to the FBI, and led to David Lynn Browning of Kentucky. Browning, in addition to allegedly being a moderator of the child pornography site seized by the FLA, was suspected of being a moderator on Playpen, according to communications provided by the FLA to the FBI in April 2015. He was arrested in July 2015, according to court documents.
The FLA also obtained the IP address for Michael Fluckiger, a suspected moderator on the seized site and administrator on Playpen. The court documents do not say whether he was identified in the same fashion, however, and he was arrested in March 2015. In Fluckiger's complaint, the FBI mention that the FLA was able to obtain communications from another, third website, which was used as a chat room to discuss child pornography and exploitation.