Washington - Nearly 900 suspected paedophiles have been arrested and almost 300 children identified or rescued from their abusers following the massive takedown of an underground online paedophile network, US and European police said on Friday.

A more than two-year investigation into the notorious Playpen network and its members led to the arrests, the Federal Bureau of Investigation and Europol said, an announcement that came just days after a US court sentenced Playpen founder and administrator Steven Chase to 30 years in prison.

The arrest of Florida-based Chase in December 2014 set off a sweeping global probe into the users of the members-only forum.

Playpen was buried deep online in what is known as the "darknet", where Tor anonymity software and encryption hide often illegal activities.

In this case, it masked participants in a forum where people submitted and traded photographs and videos of the sexual abuse of children.

The nearly 900 arrests included dozens of abusers and child pornography creators.

Dubbed "Operation Pacifier", the investigation began when the FBI used its own malware to effectively seize the Playpen website and server.

Operating it for several weeks more, investigators then hacked and tracked site users by sending malware to their computers.

In an operation that critics say was legally questionable, more than 1 000 computers worldwide were hacked in this way by the FBI, and their users identified.

Lead FBI investigator Dan Alfin said the operation is ongoing.

"As they get smarter, we adapt, we find them," he said. "It's a cat-and-mouse game, except it's not a game. Kids are being abused, and it's our job to stop that."

Civil liberties groups however were strongly critical of the way the FBI took over the network and traced users with its own malware hacking tools.

A single search warrant should not have allowed investigators to gain access to and search more than 1 000 private computers, the Electronic Frontier Foundation said in comments to some of the Playpen court cases.

"The warrant here did not identify any particular person to search or seize. Nor did it identify any specific user of the targeted website," the organisation said. "It did not even attempt to describe any series or group of particular users."

In a statement on Friday, Steven Wilson, head of Europol's European Cybercrime Centre, said the case demonstrated how law enforcement needs to use such methods to fight criminals who can hide behind online anonymisation and encryption programs.

"We need to balance the rights of victims versus the right to privacy," he said. "If we operate by 19th century legal principles then we are unable to effectively tackle crime at the highest level."