4 ‘despicables’ jailed for running hidden worldwide child abuse forums

Four men will be serving prison terms plus lifetimes of supervised release after having produced and distributed imagery of theirs and others’ sexual abuse of children; and/or run multiple services for producers and consumers of child abuse imagery – services that they mistakenly thought were hidden away on the Tor anonymizing network.

The Department of Justice (DOJ) on Monday announced the sentencing of the four men, who had all previously pleaded guilty to conducting what the department called a worldwide child exploitation enterprise.

Chief US District Judge Waverly D. Crenshaw of the Middle District of Tennessee handed down these sentences to these convicts:

• Patrick D. Falte, 29, of Franklin, Tennessee, was sentenced to 35 years in prison for engaging in a child exploitation enterprise, three counts of advertising child abuse imagery, and three counts of distributing child abuse imagery.

These remaining three men were all convicted of engaging in a child exploitation enterprise:

• Benjamin A. Faulkner, 28, of Ontario, Canada, who was sentenced to 35 years in prison.
• Andrew R. Leslie, 24, of Middleburg, Florida, who was sentenced to 30 years in prison.
• Brett A. Bedusek, 35, of Cudahy, Wisconsin, who was sentenced to 20 years in prison.

Giftbox Exchange

The DOJ says that in July 2015, Falte created a website called the “Giftbox Exchange” as a Tor hidden service, meaning it could only be accessed by users through the Tor anonymity network. He used Bitcoin to pay for it – another tactic typically used by criminals trying to hide their tracks.

At the time that law enforcement shuttered the site in November 2016, it had over 72,000 registered users and 56,000 posts. The DOJ says that besides running the site on the Tor network in order to mask the IP addresses of its users, Falte and his co-conspirators also used other techniques to thwart law enforcement, including file encryption and cryptography.

The DOJ’s press release quoted US Attorney Don Cochran for the Middle District of Tennessee, who said that the four men’s sentences mean they’ll all be locked away where they can’t hurt children anymore:

The sentences imposed on these despicable individuals should ensure that they never have another opportunity to abuse another child. With all that we have, we will continue to hunt down the evil and abominable like-minded individuals who delight in abusing children and will bring them to justice.

Tor doesn’t hide all the tracks

This case is just the latest of a long string of reminders that in spite of the anonymity provided by the dark web’s clever encryption, you can still be tracked down. There have been many criminals who have thought pretty highly of their own skills at covering their tracks, including putting faith in the Tor network to keep them anonymous… yet still left tracks that investigators followed to their computers.

Tor is short for “The Onion Router. It provides online anonymity by encrypting network traffic and bouncing it around among a number of relays, also known as nodes, in the Tor network.

Instead of coming from your own IP number, traffic routed via Tor appears to come from the last relay (the exit node) in the randomly-chosen chain of Tor relays used for your connection.

According to the Tor Project, Tor relay operators have “no records of the traffic that passes over the network and therefore can’t hand over information about its origin.”

There are ways to get around the anonymity provided by Tor, however. The FBI infamously cooked up one such, planting police malware onto a dark web site called Playpen that was dedicated to child sex abuse. The FBI took it over and ran it for 13 days, planting a so-called network investigative technique (NIT) – what’s also known as police malware – onto the computers of those who visited.

The NIT forced more than 8,000 computers to cough up their IP addresses, MAC addresses; open ports; lists of running programs; operating system types, versions and serial numbers; preferred browsers and versions; registered owners and registered company names; current logged-in user names; and their last-visited URL.

It was a massive haul of evidence, and it led to the arrests of nearly 900 people worldwide. However, the courts ultimately decided that the underlying search warrant was, in fact, unconstitutional.

Another crook who used Tor, slipped up and didn’t get off was Ryan S. Lin: a then-25-year-old who pleaded guilty in April 2018 to seven counts of cyberstalking, five counts of distribution of child abuse imagery, nine counts of making hoax bomb threats, three counts of computer fraud and abuse, and one count of aggravated identity theft.

Lin, a computer science graduate from Rensselaer Polytechnic Institute, was savvy enough to use a two-pronged approach to protecting anonymity: both a virtual private network (VPN) and an anonymizing service to mask his true IP address. He was also smart enough to know that VPNs keep logs.

Fortunately for the FBI, he did a terrible job at hiding his tracks in spite of all his supposed tech smarts. When investigators got access to Lin’s Gmail account, they found that he’d sent himself two screenshots of what looked to be his iPhone. The images showed what apps were installed, including several apps for anonymous texting, encrypted email, and free burner telephone numbers.

Lin thought the IP address-anonymizing Tor service would protect him. He thought VPNs would hide him. He also seemed to put his faith in anonymous overseas texting services and overseas encrypted email providers that don’t respond to law enforcement and/or don’t maintain IP logs or other records.

In October 2018, he was sentenced to 17.5 years in jail.