Skip to content
Police may charge data centre in largest-ever child abuse images bust
Naked Security Naked Security

Police may charge data centre in largest ever child abuse images bust

Police might press charges against the owner of the drives that hold the child abuse image material - most likely, an Ontario data centre that houses the files.

Image of data centre, courtesy of ShutterstockCanadian police have seized over 1.2 petabytes of data from the dark net – more than four times the amount of data in the US Library of Co​ngress – in what could be the largest child abuse image investigation ever.

In what would be a game-changing shift in prosecutorial tactics, police are considering going beyond the traditional method of prosecuting individuals and will potentially also press charges against the owner of the drives that hold that material – most likely, an Ontario data centre that houses the abusive images.

As Motherboard reports, police developed in-house password cracking software that’s slowly churning through the massive information trove.

Up to 7500 people – the number of unique IP addresses associated with the data seized – from nearly 100 countries could be implicated.

Scott Tod, Deputy Commissioner of the Ontario Provincial Police (OPP), spoke to Motherboard in late February following an address to a crowd of defence specialists.

Here’s what he had to say about the data centre, which investigators have refrained from naming:

What we are alleging is occurring is that there are individuals and organizations that are profiting from the storage and the exchange of child sexual exploitation material.

They store it and they provide a secure website that you can log into, much like people do with illegal online gaming sites.

Tamir Israel, a staff lawyer at the Canadian Internet Policy & Public Interest Clinic (CIPPIC), said that charges against the data centre will likely depend on whether employees were aware of the activity taking place on the file-sharing service the data centre hosts.

Such awareness isn’t the norm, he said:

There's no proactive obligation to investigate what happens on your service. If you do become aware that something is there, there's a reporting obligation.

But usually data centers aren't actively looking through their stuff, so it's reasonable to say that they wouldn't have come across that.

Hanni Fakhoury, senior staff attorney at the Electronic Frontier Foundation, told Motherboard that going after a web hosting server is a novel approach:

What I've traditionally seen is very targeted investigations. Agents will go undercover on some peer-to-peer site and see files that are available for sharing, and they'll engage a person and trade photos with them. Or they'll see that the person is sharing child pornography files and take investigative steps to uncover that specific individual and arrest them. That's very common, that's bread and butter how these sorts of cases are done.

What is new is this approach that says, you know what, there's a web hosting server out there that hosts a lot of child porn. It also hosts other stuff that we're not interested in, but it hosts a lot of child porn, so we're going to take down that whole host.

Police have developed password-cracking software that can cycle through 500,000 possibilities per second in order to sift through the seized data, which contains approximately 1.5 million compressed, password-protected RAR files, stored and analysed on the additional hardware they’ve had to purchase for the job.

Out of the 7500 IP addresses police have identified, 2200 of the users are in the US, 843 are in Germany, 534 are in Japan, 457 are in Russia, 394 in Canada, 380 in the UK and 374 in France.

Until all the files have been password-cracked, however, there’s no saying how many of those files actually contain child porn. In fact, it’s probably a mash-up of abusive images and more innocent material.

From Tod:

We're not making any assumptions of how many are actually criminally guilty at this time, or criminally responsible. But we're certainly a size of information that's being traded that we know is illegal material of volumes that we've never seen before.

This is the first investigation of this scale, to my knowledge—in North America, if not worldwide.

Image of data centre courtesy of Shutterstock.


Only two comments, unless approved by a court order, can they indescrimitly go after anyone without cause? ( decripting, taking their information, secret plans or images, and planting? And after identified, how can you prove it was theirs, not some addition? Or some encryption anomolie.)


500k password checks per second…… Not very good – a 1990s effort.

Why do outfits think that can do better than the opensource efforts? Rainbow tables, etc etc all exist for a reason.

The reality at this rate is that the vast majority of the perpetrators will not be identified via this archive before the end of their natural lives (although odds are good that they’ll come to attention via other channels).


Rainbow tables don’t work for any decently-implemented encryption or password hashing system. If a random salt (for hashing) or initialisation vector (for block encryption) is used, you need a rainbow table *for every possible salt or IV*.

Here’s an article that helps explain why (disclaimer: I wrote it :-). I didn’t use the term rainbow table, but where you see the words “the crooks can pre-calculate a table of hashes for popular passwords,” that includes rainbow tables, which are just one sort of way to do a space/time tradeoff in password cracking:


Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!