Australian newspaper the Herald Sun reports (archive) that 22 year old Melbourne man Matthew David Graham appeared in court last week to face 88 charges related to the operation of 12 darknet child pornography sites. Graham is also accused of providing instruction on the abduction, rape and murder of a five year old girl in Russia.¹

Graham was first arrested last year as a result of a joint Victorian Police and FBI investigation and although the case had been under a suppression order until last week, the name of an FBI officer involved in assisting with the young man's arrest and the names of his darknet websites continue to remain suppressed. It is unknown at this time what assistance the FBI provided Victorian Police with but a recently unsealed FBI search warrant application related to another darknet child pornography site shut down earlier last month (archive) shows the FBI has been operating darknet child pornography sites so that it may use a "Network Investigative Technique" AKA malware and exploits to identify users of such websites. The relevant section of the FBI affidavit reads:

21. Accordingly, on February 20, 2015, the same date Website A was seized, the United States District Court for the Eastern District of Virginia authorized a search warrant to allow law enforcement agents to deploy at Network Investigative Technique ("NIT") on Website A in an attempt to identify the actual IP addresses and other identifying information of computers used to access Website A.

22. Pursuant to that authorization, on or about and between February 20, 2015, and March 4, 2015, each time any user or administrator logged into Website A by entering a username and password, the FBI was authorized to deploy the NIT which would send one or more communications to the user's computer. Those communications were designed to cause the receiving computer to deliver to a computer known to or controlled by the government data that would help identify the computer, its location, other information about the computer, and the user of the computer accessing Website A. That data included: the computer's actual IP address, and the date and time that the NIT determined what that IP address was; a unique identifier generated by the NIT (e.g., a series of numbers, letters and/or special characters) to distinguish the data from that of other computers; the type of operating system running on the computer, including type (e.g., Windows), version (e.g., Windows 7), and architecture (e.g., x86); information about whether the NIT had already been delivered to the computer; the computer's Host Name; the computer's active operating system username; and the computer's MAC address.

The case returns to court later next month.

1. I am unable to find a newspaper article reporting such an event took place. Perhaps the discussion was mere fantasy or reporting of the case remains suppressed as was the case with this one. ↩