Eighteen months before Megaupload's operators were indicted in the United States, the company complied with a secret U.S. search warrant targeting five of its users, who were running their own file-sharing service using Megaupload's infrastructure, according to interviews and newly unsealed court documents.

The June 24, 2010 warrant to search the Megaupload servers in Virginia (.pdf) was part of a U.S. criminal investigation into NinjaVideo, which was piggy-backing on Megaupload's "Megavideo" streaming service. Though the feds had already begun quietly investigating Megaupload months before, in this case the government treated Megaupload as NinjaVideo's internet service provider, serving Megaupload with the warrant and asking them to keep it quiet.

Megaupload responded as "good corporate citizens," said Ira Rothken, who represents founder Kim Dotcom. The company kept the warrant a secret and turned over information on the alleged NinjaVideo operators, as well as database information on the 39 pirated movies detailed in the warrant. The NinjaVideo probe led to the indictment of the five top NinjaVideo administrators, including founder Hana Beshara, on charges similar to those now faced by Dotcom and other Megaupload operators.

"Megaupload complied with the warrant and cooperated with the government's request," Rothken said. He said Megaupload had gotten "a number of such warrant and subpoena type requests a year and still have an expectation that as classic 'online service providers' they are immune from liability for the acts of users who are the target of such warrants and subpoenas."

Despite Megaupload's cooperation, the 39 infringing NinjaVideo files were later used against the popular file-sharing service as evidence to seize Megaupload.com domains and prosecute Dotcom and others connected to the site.

One possible reason for that: An e-mail obtained by prosecutors showed that Megaupload executives quickly discovered that the 39 files were not confined to the accounts controlled by NinjaVideo.

"The 39 supplied MD5 hashes identify mostly very popular files that have been uploaded by over 2,000 different users so far," Megaupload's co-founder, Mathias Ortmann, wrote to DotCom five days after the search warrant, in an "urgent" e-mail cited in the amended indictment in the Megaupload prosecution (.pdf).

Despite this discovery, Megaupload did not delete the 39 movies from its servers. The government used that fact to demonstrate that the company knew full well that its service was being used for piracy.

In the Megaupload domain seizure warrant unsealed Friday, a federal agent whose name was redacted not only accuses Megaupload of "uploading infringing content themselves," but also pointedly notes that most of the 39 NinjaVideo files were left on Megaupload's servers.

According to the application to seize Megaupload's domains:

On or about June 24, 2010, members of the Mega Conspiracy were informed, pursuant to a criminal search warrant from the U.S. District Court for the Eastern District of Virginia, that thirty-nine infringing copies of copyrighted motion pictures were present on their leased servers at Carpathia Hosting, a hosting company headquartered in the Eastern District of Virginia. A member of the Mega Conspiracy informed several of his co-conspirators at that time that he located the named files using internal searches of the Mega Conspiracy's systems. As of November 18, 2011, thirty-six of the thirty-nine infringing copies of copyrighted motion pictures were still being stored on servers controlled by the Mega Conspiracy.

Rothken calls the government's argument "outrageous." Given the NinjaVideo search warrant, and the government's specific request for secrecy and to retain the files, Megaupload might have been accused of evidence-spoliation if it had taken the movies down, says Rothken.

"If anything, such a cooperation request by the government bolstered Megaupload's view that as a cloud storage intermediary it was operating lawfully even if some users may have been misbehaving," Rothken said.

Federal prosecutors declined comment.

Rothken insists that the 2010 NinjaVideo search warrant in no way warned Megaupload that they too might be prosecuted for the same files. Under the DMCA, Rothken notes, internet service providers can't be held legally liable for piracy if they respond promptly to takedown notices by copyright holders, which he says Megaupload always did.

"Megaupload qualifies for the DMCA safe harbor," Rothken said in a telephone interview.

The feds dispute that. A January 13, 2012 warrant to seize Megaupload's domains claims that copyright holders – including Warner Bros. Entertainment Inc., Sony Music Entertainment Inc., and the Business Software Alliance – had sent Megaupload "thousands" of notices under the DMCA, and they were ignored.

Days after a judge signed the order to seize Megaupload, Dotcom's New Zealand compound was raided on Jan. 19, 2012, in what prosecutors have called one of "the largest criminal copyright cases ever brought by the United States." In all, the Justice Department seized 18 domains connected to Megaupload, including Megaworld, Megaclick and Megaporn. The agency said it executed more than 20 search warrants in the United States and eight countries, seizing $50 million in assets.

Four of the members, including Dotcom, were arrested in Auckland, New Zealand. They remain free on bail, pending potential extradition to the U.S. to face charges in what authorities say was a seven-year scheme that netted Megaupload $175 million in subscriber and advertising fees.

The seized Megaupload.com sites had gotten a combined 50 million hits daily, compared to NinjaVideo's roughly 6 million hits monthly. When the indictment was unsealed in January, the sites were redirected to the control of the FBI. They greet visitors with a message from the Justice Department that they have "been seized pursuant to an order issued by a U.S. District Court."

The authorities said Megaupload facilitated copyright infringement of movies "often before their theatrical release, music, television programs, electronic books, and business and entertainment software on a massive scale." The government said Megaupload's "estimated harm" to copyright holders was "well in excess of $500 million."

Even beyond the NinjaVideo investigation, Dotcom long ago had reason to be concerned that the United States might target him. In July 2010, the Dutch-based news site, TorrentFreak, published a story about recent seizures under the Department of Homeland Security's program known as Operation in Our Sites. The headline was "Pirate Bay and Megaupload Escape Domain Seizure by US."

On July 8, 2010, Dotcom sent a link to the story in an e-mail to Ortmann and Sven Echternach, head of business development for Megaupload, according to the Megaupload superseding indictment. "This is a serious threat to our business. Please look into into this and see how we can protect ourselves," according to the indictment.

Dotcom asked, "Should we move our domain to another country."