A Virginia man admitted accessing a dark web child abuse forum and downloading pictures and videos of child pornography. The pedophiles username on his home computer matched one of the usernames he had used on the forum.
In front of a federal judge in a courtroom in Alexandria, Virginia, Jon Wilkins, 39, pleaded guilty to a single count of knowingly receiving child pornography. The charge carries a mandatory minimum prison sentence of five years and a statutory maximum sentence of 20 years in prison. A federal judge, on April 5, 2019, will decide the actual length of Wilkins’ prison sentence. In most similar cases, judges have sentenced the offending pedophile to less than ten years than prison with another five years of supervised release.
The Federal Bureau of Investigation caught Wilkins as a result of the investigation into users of Playpen, the most active child abuse forum in 2014 and early 2015. The investigation, formerly referred to as “Operation Pacifier,” led to the arrest of the forum’s owner, the seizure of the forum, the identification of thousands of pedophiles across the globe, and more than 1,000 arrests worldwide. Federal agents identified shocking numbers of pedophiles in the United States and arrested them within months of closing the forum. Although many of the identified Playpen members have already been sentenced to prison in federal court, a significant number of alleged users are actively fighting their cases or are in custody awaiting a sentencing hearing. The FBI continued to investigate and arrest Playpen members years after the government shutdown the forum.
Wilkins is a prime example of the FBI’s ongoing investigation into members of the defunct child abuse forum. Even though the FBI shut down the forum in early 2015 and made most of their arrests later that year and throughout early 2016, the FBI waited until February 2018 to file the Wilkins criminal complaint. The criminal complaint accused Wilkins of a single count of receiving child pornography. Most convicted Playpen members faced multiple counts of assorted child pornography crimes, such as distribution, advertising, possession, or receiving child pornography. Federal prosecutors then prepared plea agreements that included only the least serious of the crimes. Possession or receiving child pornography are often considered far less serious than distribution, transporting, or advertising child pornography.
The FBI identified Wilkins the same way they identified literally every other Playpen member caught as a result of Operation Pacifier; they exploited a vulnerability in an older version of the Tor Browser Bundle. During the investigation, the FBI seized the server that had been hosting the forum. After arresting the forum admin, federal agents took control of the forum. They seamlessly moved the forum from the server the admin had been using to a server under FBI control. They then, after obtaining a warrant from a judge without jurisdiction to authorize the FBI’s plan, modified the forum’s source code to ultimately identify forum users. The warrant authorized the execution of a Network Investigative Technique via a drive-by-download allegedly initiated upon user login. However, security researchers, months after the FBI announced the operation, learned that the so-called “malware” may have targeted users far outside of the scope of the warrant.
Since the Tor network hides the I.P. address of its users, the FBI needed the NIT to effectively bypass the anonymity provided by the Tor network. When a Playpen user (or other dark web users on unrelated sites) visited the page that initiated the drive-by-download, the user’s computer sent identifying information to servers under FBI control. This information included the user’s real I.P. address, the Mac address of the computer in use, the username of the Windows account, and similar details. Since the FBI had control of the Playpen server, they had access to forum logs. They matched I.P. addresses with Playpen accounts and forum activity. A Playpen member with the usernames, “cowboy357m” and “SugarDaddy,” shared an I.P. address. Investigators later learned that the I.P. address belonged to a Verizon subscriber in Arlington, Virginia.
FBI Special Agent learned that the Verizon subscriber lived at an address later identified as Wilkins’ house. The FBI executed a search warrant at the man’s house and seized two computers. Both computers had gigabytes of child pornography stored on their hard drives. The owner of both computers had installed the Tor Browser on both Windows machines. The owner had a user account on one of the machines called “Sugar Daddy.” Wilkins admitted that only he had access to both computers. Wilkins’ case ended less than one year after his arrest.
The sentencing hearing was scheduled for April 2019.
by: C. Aliens