According to an announcement on the Spanish National Police’s website, an international operation conducted by the National Police’s Central Cybercrime Unit led to the arrest of eight individuals for sharing child exploitation content on darknet chatrooms and through Skype.
The announcement, published May 8, revealed that the Spanish National police investigated users of a certain darknet chatroom in 2017. Users of the darknet chatroom, the announcement explained, shared links to other (clearnet) platforms where pedophiles shared links to various forms of child abuse content. These offline communities were only accessible via invitation. The National Police, in coordination with Europol, obtained invite links to at least one of these groups. One of these groups apparently communicated and shared links to content through Skype. (And I thought Skype had killed groups chats years ago.)
“The National Police made use of an innovative operational protocol to analyze the information collected from service providers about the people investigated,” the announcement explained. The information provided to the public indicated that law enforcement worked with the hosting companies used by the pedophiles and obtained access logs that included a piece of identifying information. The hosting companies likely provided the police with lists of I.P. addresses connected to individually uploaded pictures or videos. The users who had their I.P. address hidden behind Tor or a VPN likely escaped the scope of Operation Sky.
As with many of the investigations aimed at users of darknet markets or child abuse forums and chatrooms, law enforcement ends up catching the “low-hanging fruit.” The operation that ended Hansa Market exemplified this. Police swapped the usual text-only nLockTime (aka locktime) files with .xslx files that contained resources loaded from a server owned by the police. Very few of the darknet vendors who safely opened the file got arrested (the trick fooled a handful of vendors at best). During Operation Sky, the National Police worked with their partners across the globe in an effort to identify users in 14 countries.
Once they had the identity of the eight suspects currently in custody, the Spanish National Police worked with Europol to time the raid in a way that prevented users from destroying evidence. The raids in Spain resulted in four arrests and the seizure of dozens of electronic storage devices. Other countries have not reported their arrests. The investigation, according to Europol, is ongoing.