As an earlier report on Motherboard by Joseph Cox points out, sometimes it doesnt always take sophisticated malware and programs to identify criminals on dark net.
“Due to a misconfiguration of the server hosting the TARGET WEBSITE(Playpen), the TARGET WEBSITE was available for access on the regular Internet to users who knew the true IP address of the server,” the warrant application from February 2015 read. These documents were unsealed as part of the Richard Stamper, child pornography suspicion case.
“Basically, Playpen must have set their site to a default, meaning if you typed in the IP address you could see the Playpen site,” the UK activist and technologist Thomas White explained via encrypted chat.
“Whereas if they set another default like ‘server not found’ then you could only access Playpen by typing the corrct .onion address.” This would have enabled law enforcement could track the actual IP address that belonged to Playpen.
“An FBI Agent, acting in an undercover capacity, accessed IP address 18.104.22.168 on the fegular Internet and resolved to TARGET WEBSITE,” continued the warrant application. The FBI tracked the IP