Home » Featured » Judge Rules Warrant Used in PlayPen Investigation Not Valid
Click Here To Hide Tor

Judge Rules Warrant Used in PlayPen Investigation Not Valid

A ruling by a US federal judge William Young today declared that the magistrate judge who issued a warrant authorizing the FBI to infect suspects’ PC’s with tracking malware lacked all of the authority to do so.

In early 2015, the Feds had used the warrant to install a so called NIT, a Network Investigative Technique, on the computers of people who visited a website hidden in the Tor network that hosted a huge archive of photos and videos of child sex abuse.


The agents commandeered the websites server, and before shutting it down, configured it to deliver the NIT to pedophiles PC’s for a couple weeks, allowing the investigators to unmask and identify the websites visitors even though they were connecting via the anonymizing Tor network. Each NIT, once in place on a computer, was able to ping an outside FBI controlled system to reveal a suspects true IP address, which could be traced back to their home with their ISP’s help.

Hundreds of machines visiting the hidden Playpen website were infected with the FBI’s NIT. It turns out that the warrant was invalid, and that this mass installation and monitoring was effectively an unlawful search.

“It follows that the resulting search was conducted as though there were no warrant at all,” Judge Young said in his ruling.

“Since warrant less searches are presumptively unreasonable, and the good faith exception is not applicable, the evidence must be excluded.”

The warrant was one of three that the FBI investigators used to gather evidence related to their own take down of the illegal Playpen dark net site. Playpen was believed to have more than 200,000 users at the time the FBI took it over and began collecting user data. In turn, this led to the identification of as many as 1,300 suspected pedophiles.

According to Judge Young, the problem with the warrant was that it was signed by a US magistrate judge, who only had the jurisdiction to authorize warrants in his local area. Collecting evidence outside of that area, which the FBI surely did with the NIT, can only be done with the authorization of a district judge.

This is where things will be frustrating for the Feds, as it turns out the federal judges who could have properly authorized the search were likely just yards away when the NIT warrant was signed.

“The magistrate who issued the warrant sat primarily in Alexandria, Virginia,” Judge Young noted. Also saying, “Four district judges and three senior judges sit routinely in that court house.”

Judge Young’s ruling came in response to a motion filed by Alex Levin, one of the thousands of people accused of viewing child porn on Playpen. Levin asked for evidence against him to be thrown out of his trial as a result of the skeptical warrant. Judge Young granted Levin the request.

With hundreds of other prosecutions in the hopper, Judge Young’s interpretation of events, and the decision to effectively throw out evidence collected by US government malware, could land a heavy blow to the FBI’s efforts.


  1. Jemima Puddle Duck

    One can always trust Americans to make the most colossal of fcuk ups. All these dirty bar stewards are going to get off Scott free due to the total incompetence of the yanks so called ‘top police division’.

  2. Ha, good job you federal fucks. They’re all going to get off because of this.

  3. Lessons learned — use anonymous public Wi-Fi, use Tails (and, spoof your MAC address), use Tor Bridges, use Tails containers (15-minimum character passphrase), copy a TrueCrypt volume that you created on Windows (25-minimum character passphrase; and yes, you can access TrueCrypt volumes on Tails), keep a low profile, don’t dox yourself, use the highest security settings available, disable JavaScript (of course), etc. As for your passphrases — do NOT write them down anywhere, use Upper & lower case letters, punctuation characters, special characters (right above the top numbers on your keyboard).

    • If you’re important enough for them to really want, they’ll find you no matter what you try. Bin Laden hid in such a way he couldn’t even be seen by satellites and never touch a computer or phone years before his death, and they still caught him.

      For pedos on tor, it means as long as you don’t produce kid porn or run any servers or downloads huge amounts, they *probably* won’t go after you. If you do any of the stuff mentioned, they’ll use resources to find those people like they’ve done in almost a dozen other pedo sites that got busted.

      • Big Joe


        If you locate your hidden servers outside the US and Europe, the FBI isn’t going to bother with you much, if at all; they are not going to fly agents all over the World in an attempt to take down every CP hidden server. In fact, the FBI itself admits that, on average, a new CP darknet server is established every day. Probably an exaggeration, to be sure, but once a month is certainly believable.

        As for Bin Laden, the US government spent at least $20 million to kill a terrorist who had retired. I doubt that the US government is spending that total amount in its “war” on CP porn.


        • Alpha Dog

          I’ve seen that “a new CP darknet server is established every day” circulating in comments a lot but haven’t seen an article where the FBI says it. Can you please provide a source? I can see how them saying things like that would help their case for passing more surveillance laws and allowing them to setup more CP server of their own. What Bob said is partly true. If they want to spend enough resources on a target they will, but its only in circumstances where someone is in danger. That’s why so many of the CP servers they selected to bust were supposedly producing CP. The FH bust was in Ireland and was done through the FBI, but that was a case where they were more interested in Snowden and tormail than CP. But it shows that they don’t mind crossing into international territories when needed. Not to mention who knows what goes on between US LEA and GCHQ and their new darknet task force. Its been hard to find which servers they’ve been hosting. Pedobook, TLZ and Playpen are ones we know about this far. The number of increasing arrests each bust also shows how LEA is evolving their tactics. They used to just grab the producers. Then they grabbed the producers and admins. Now they grab producers, admins and random downloaders. This technicality was definitely a setback for them but if nothing else served as an expensive lesson that they’ll use on the next CP sites they host or raid.


          • Anonymouse

            Yeah I’ll go out on a limb here and say the new child porn server a day sounds great when trying to pass another spying bill or when trying to justify mass deployment of a NIT on tor but has a 0% chance of being true. Once a month maybe, but its like the balance of onion sites to go up and down. Drug markets, hacking forums, anything illegal, one goes down because it ran out of money or the cops decided to raid it or the cops didn’t want to host it anymore, a new one goes up in its place, and just as much mystery surrounds it as the site that just went down. This is true for anything illegal on tor. There’s no way of knowing who’s really running sites, just a username and maybe a PGP signature that people hope wasn’t signed by a user who gave up a password for a reduced sentence. The FBI ran TLZ, the biggest child porn site in tor history, for weeks without anyone knowing anything was up. Its certain they’re still chasing down leads from that case, hopefully still impersonating users to catch more pedos.

          • Looks like you were right. I just read about rule 41. Great post.

    • I agree with using public wifi and using strong passwords. But really, you should use whonix, not tails. Tails doesn’t protect you from the NIT used here, but whonix likely would. Even if you are using the wifi at the local library you could still be identified because of the proliferation of security cams. The NIT would allow them see some one at the library downloaded illegal info, then they send an officer to request cam footage showing who was there at that time.

      Also, you should use a diceware password with at least 6 words in it. They are easier to remember than random alphanumerica/special symbol passwords.

      • this was extremly helpful thanks

      • Anonymous

        The above advice is just pure bullshit. Use a PASSPHRASE, not something that TLAs/LE can use a standard dictionary attack against!!! Choose something that is a salient memory, say, from your childhood; something like this — “I and Sue went to see the movie ‘blank’; (JMN) it was fun, and later on, Robert stopped by — 8##UJ@” The first bit of the passphrase is easy to remember, and will get you LOTS on entropy; the middle and last bit will take some memorization, but it will stop TLAs/LE from guessing your passphrase via a brute force attack!

        As for anonymous Wi-Fi access points, it takes MONTHS for a TLA/LE to trace a Tor connection, get a search warrant, etc., and by that time, any security footage will be long gone. But, your point is well-taken; use a disguise or simply access a Wi-Fi spot where there are no cameras! In any case, use Tor bridges and encryption; the latter cannot be emphasized enough.

        As for Tails, it is absolutely secure, or at least nearly so! Just visit their website if you don’t believe me. Besides, the only successful attacks (so far) have been against Windows machines.

        In the end, good computer security is a lot like religion — you just have to take some things “on faith”.

        • Anonymouse

          No one except the feds can say for sure how long it takes to trace a connection. Former tor devs have even said they think the feds have 0days they save for extreme situations. They don’t mean drug or kid porn or scam sites but a real threat like a terror plot unfolding. Saying it takes months to trace a tor connection really depends on how important you are and how much they want you. There are a lot of illegal sites of all types they don’t care about because no ones lives are in danger and don’t pose much of a threat.

          Given they got almost 2000 ip addresses from a single kid porn bust and arrested just over 100 shows they prioritize who they arrest first. Producers and admins always get busted first, then people that have kids or are around kids are at the top of their list, but most of the kid porn downloaders are lonely and never are around kids so they’re not a threat. If they’re outside of America they forward the info on to the appropriate foreign law enforcement where the investigation continues. Its really twisted to think about but most kid porn downloaders lead fairly normal lives but are very lonely and aren’t around kids. They don’t pose a threat to anyone so a lot of them get sort of a pity pass because they don’t pose any danger.

  4. Look at the imbecilic troglodyte attempting to aid the anonymity of pedophiles? ugggggggggggggh you fucking greasy ass nerd… I wish I knew you.

  5. No need for a trial just take them outback with a baseball bat

Leave a Reply

Your email address will not be published. Required fields are marked *


Captcha: *