Threat Management

FBI-issued spyware leads to arrest of child pornography suspect


The FBI used spyware, or as the agency prefers to call it, “Network Investigative Techniques” (NIT), to ensnare an alleged collector and watcher of child pornography earlier this month.

Special Agent Stacy Shahrani testified in a complaint against Staten Island resident Luis Escobosa that her work on the FBI's Crimes Against Children squad contributed to the agency's efforts to ultimately arrest Escobosa at his home and seize some of his belongings.

Shahrani wrote that a Tor-based website, called “Playpen,” was previously in operation and was dedicated to “the advertisement and distribution of child pornography and the discussion of matters pertinent to the sexual abuse of children, including the safety and security of individuals who seek to sexually exploit children online.”

After the FBI identified the website's onion address, or Tor specific URL, it moved to seize the computer server hosting it. At that point, the agency deployed a NIT.

This spyware, along with data from the website's logs and subsequent monitoring of them by law enforcement, turned up a user going by “Fraud92787.” Shahrani claims this user was Escobosa.

The FBI's policy on NITs was scrutinized in 2014 when it began using the tactic to subvert Tor's anonymity aspect. In the past, the broad NIT phrase has meant FBI issued spyware or even backdoor programs, Wired reported previously.

In this case, the complaint doesn't clarify what NIT it used, but does say it allowed them to gather Fraud92787's IP address. The complaint does detail, however, the user's actions on the site including the accessing of child pornography.

Eventually, “using publicly available websites,” the agents traced Fraud92787's IP address back to the Internet Service Provider (ISP) Verizon FiOS. The company turned over information about the user's location after being subpoenaed/summoned.

The FBI then showed up at Escobosa's door where he allegedly waved his Miranda rights and admitted to downloading children's pornography. Evidence of this was then found on his seized devices.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.