Playpen (website)

Playpen was a notorious darknet child pornography website that operated from August 2014 to March 2015. The website operated through the Tor network which allowed users to use the website anonymously. After running the website for 6 months, the website owner Steven W. Chase was captured by the FBI. After his capture, the FBI continued to run the website for another 13 days as part of Operation Pacifier.

When it was shut down in March 2015, the site had over 215,000 users and hosted 23,000 sexually explicit images and videos of children as young as toddlers.

Website shutdown
The shutdown operation, called Operation Pacifier, involved the Federal Bureau of Investigation (FBI) hijacking the site and continuing to serve content for two weeks (from February 19, 2015 until March 4, 2015). During this time the FBI used a malware-based "Network Investigative Technique" (NIT) to hack into the web browsers of users accessing the site in what is known as a watering hole attack, thereby revealing their identities. The operation led to the arrest of 956 site users and five prison sentences.

While the FBI claimed to have knowledge about the existence of the website right from its beginning, it was unable to track down the server locations or the site owner. This was because the website was hosted anonymously through Tor. Only a mishap of the site owner that revealed his IP address finally allowed law enforcement to track down both the servers and personnel.

Convictions
The investigation led to the sentencing of Steven W. Chase, a 58-year-old man from Florida who created the website, to 30 years in prison in May 2017. His two co-defendants pleaded guilty and were sentenced to 20 years each earlier in 2017 for their involvement in Playpen.

In 2017, the FBI dropped charges against one defendant after the court for that case requested details on the NIT malware. The FBI preferred to keep the NIT malware a secret for future investigations.

Shutdown criticisms
The investigation was criticized by the Electronic Frontier Foundation because of the generality of the warrant, and because after having taken control of the website, the FBI continued to operate the website for nearly two weeks and thus distribute child pornography, i.e. exactly the same crime the bureau sought to stop. The lawyer of a defendant in the case stated that the FBI not only operated the website, but improved it so its number of visitors rose sharply while it was under their control.

Challenges were raised about the FBI's possible severe misuse of the initial search warrant, leading to the likely dismissal of much of the gathered evidence against one defendant. The warrant stated it was to be used to gather information on people in the Eastern District of Virginia only, but because the NIT malware indiscriminately infected people using the site, it was in fact used to gather information from many other areas. Before the change to Rule 41 in 2016 to allow it, this was illegal. On August 28, 2019, the Eleventh Circuit Court of Appeals ruled that the warrant was invalid but that the evidence obtained was not required to be excluded due to the good-faith exception doctrine.