In 2015, the FBI seized a Tor-hidden child-porn website known as Playpen and allowed it to run for 13 days so that the FBI could deploy malware in order to identify and prosecute the website’s users. That malware, known in FBI-speak as a "network investigative technique," was authorized by a federal court in Virginia in February 2015.

In a new revelation, Vice Motherboard has now determined that this operation had much wider berth. The FBI’s Playpen operation was effectively transformed into a global one, reaching Turkey, Colombia, and Greece, among others.

Motherboard’s Joseph Cox wrote on Twitter on Friday that he was able to find a document describing this infiltration as something called "Operation Pacifier" by using creative "Google-fu."

It's amazing the shit law enforcement leave online, accessible by some Google-fu https://t.co/cVfXRQgzE4 pic.twitter.com/ZjuSgywAg5 — Joseph Cox (@josephfcox) January 22, 2016

Ars was able to find the same document on a Danish website by searching on Google for filetype:ppt "operation pacifier" (we have republished it here). When changing the filetype to PDF, we also found a related document on a Colombian government website and republished it as well.

The Danish document is an undated presentation by Rob Wainwright, director of Europol, who notes that more than 3,000 criminal cases (34 in Denmark) have been generated by the European Union-wide law enforcement agency. The Colombian document simply makes reference to the operation in a summary of "trans-national operations," and it includes others called "Operation Moulin Rouge" and "Operation Red Eclipse." It is not clear if those initiatives are related to this child-porn sting.

What goes around, comes around

One legal expert that Ars spoke with said that the FBI's hacking of foreign targets is problematic.

"A foreign search by United States investigators potentially offends the territorial sovereignty of the foreign state in which it occurred, thus subjecting the United States and its citizens to countermeasures and the officials performing the search and seizure to prosecution by the foreign country," Ahmed Ghappour, a law professor at the University of California, Hastings, told Ars by e-mail.

"Under customary international law it is considered an invasion of sovereignty for one country to carry out law enforcement activities within another country without that country’s consent."

He called the deployment of such malware a "sea change" compared to what has historically been the norm.

"While the foreign relations implications are muted in cases with exceptional crimes like child pornography or terrorism, the Department of Justice has made it clear that these (and other more powerful) hacking techniques will be used in the pursuit of general crimes," he added.

"It’s doubtful that cross-border hacking in pursuit of run of the mill criminals will be well received by foreign countries. How would we feel if other countries (say, China or Iran) hacked persons in the US in pursuit of what they perceive as criminal acts? The foreign relations issues beg the question whether magistrates and law enforcement agents are the right government actors to be making these decisions, or whether they lack institutional competence to weigh the government’s law enforcement interests against foreign relations risk."

Hand in hand

The revelation comes on the same day that a man in Tacoma, Washington, makes his arguments before a federal judge to have his related case dismissed. His theory is largely based on the notion that because the government itself perpetuated the illegal distribution of child porn, which he argues is so egregious, that the entire case should be tossed.

In yet another related case prosecuted out of New York, an FBI search warrant affidavit described both the types of child pornography available (Ars will not repeat those here) on Playpen (aka Website A) and the malware’s capabilities:

Pursuant to that authorization, on or about and between February 20, 2015, and March 4, 2015, each time any user or administrator logged into Website A by entering a username and password, the FBI was authorized to deploy the NIT which would send one or more communications to the user’s computer. Those communications were designed to cause the receiving computer to deliver to a computer known to or controlled by the government data that would help identify the computer, its location, other information about the computer, and the user of the computer accessing Website A. That data included: the computer’s actual IP address, and the date and time that the NIT determined what that IP address was; a unique identifier generated by the NIT a series of numbers, letters, and/or special characters) to distinguish the data from that of other computers; the type of operating system running on the computer, including type (eg, Windows), version (eg, Windows 7), and architecture (eg, x86); information about whether the NIT had already been delivered to the computer; the computer’s Host Name; the computer's active operating system username; and the computer’s MAC address.

Christopher Allen, an FBI spokesman, declined to comment specifically on this case. "The FBI routinely coordinates with international law enforcement partners on a range of investigations, including child pornography cases," he e-mailed Ars.