MOTHERBOARD: You managed to expose a massive child pornography platform on the dark net. How did you approach this task? Einar Otto Stangvik : We spent a month putting our heads together to figure out how to attack the platform. We didn't want to unmask just those behind Childs Play, but also the users: Producers of child abuse videos, for example, and people who sexually abuse children. I then tried to download all the text on the platform to classify it, but that ultimately led to a dead end. At the end of 2016, we had to put our research on hold for a while, because we couldn't find an effective avenue to hack the site.

How'd things progress from there?

It happened at the beginning of January of this year. I got to the office and it became clear to me that I had to approach this in a completely different way. So I spent the whole day wading through source codes from MyBB—the software system used by Childs Play. It was only then that I stumbled across the upload function that allows you to set your profile picture on Childs Play. I was dumbfounded when I realized that the function isn't secured through Tor.

Why did this discovery surprise you so much?

Because I was able to use the cheapest trick in the book. Because to crack the software of a website, you have to find a way to upload files or smuggle in your own code. You essentially force the server to connect to the outside world, opening up a weak spot for attacks. Most software programs don't allow that, because attacks on a server through local files is the most obvious gateway overall. I actually expected that a dark net site—especially one that disseminates abusive material—would have blocked all external connections. Or, at the very least, that they would have used the Tor network for connections like these.