So a bit of background. Pedophiles are people who are sexually attracted to children. I don’t need any more explanation to make you understand why it's horrible. I had a small team in later parts but due to privacy reasons, I will not be mentioning them but without them, this was not possible.
Chapter 1: Evil lurks in the light
Pedophiles appear normal, they just tend to be sexually attracted to children, they can have a normal job, a family, and even kids. The problem is they are hard to identify. The goal was to attack them directly, now one might say this is difficult as attacking an individual would not mean any impact and i agree. So let's catch 'em all. Now one might be curious, how to catch a pedophile? Well, first you need to catch them by their works and not suspicion. Pedophilia content is abundant in the dark web. But I disagree that it's not more abundant in clear web. 100s to GBs of child exploitation could be found in seconds. Obviously not going into details.
Chapter 2: The Hunt
So how do we know if someone is a pedophile? He watches pedophilic content, right? So after brainstorming with my team, we made a script in Python. The working of the script is simple. It looks through certain keywords in the same site by bypassing direct search via suggestions. Then filters the most relevant keywords related to it. Download the torrent if certain horrible keywords match. This collecting of keywords also mentally scared him. Few of the titles were of infant babies.
Chapter 3: Devil is in the detail
Now that we know the torrent associated with this content, its time to trap them. Now first the torrent works on peers, ie you and me. Lets understand it via the diagram. Think of the server of trackers like a ledger, a book recording the peers(IP) of the people who are downloading the torrent and seeding it. Next time when someone needs the file, it is obtained from your machine. This is called p2p file sharing.
Now since we have the torrent and we can see who has downloaded it, half the battle is already won.
Chapter 4: Benefit of the doubt elimination
A website which our program uses to confirm that the person is a pedophile. Now there are some instances where one might accidentally download this content as it happened while i was downloading a 52 Gb leak. Benefit of doubt if a person has more than 2 downloads of child pornography then he is a pedophile and is added to Chitragupta’s books ie our list of doom. The website tracks the downloads that the IP has made, making it easy. Also, they have an API which I love.
Here is one of our investigations:
So after this final check, the IP is logged into our final books, till now only i have collected over 300 unique IP addresses.
Chapter 5: Hunting the predator:
Locating someone via IP is the most difficult and daunting task. Since IP address does not reveal the personal identification of the person, it was a challenge to tackle. Taking the untraditional route always helps. Firstly we track the location of the IP and get the ISP’s details via a reverse IP location search.
Note that the location is not accurate but we will solve this. We are hackers after all.
Chapter 6: The Massacre
This part might be illegal but this is a war. This was done by one of my team members, we can call her mamba. she is a great at social engineering. Now with the ISP we do a google search and find the customer care number.
Now after she called a couple of times, she used an internal number to call customer care. Then after a while, making up a convincing story of immediate FBI information required, she forced the side to sprew out information. We had a success rate of around 37%. This also demonstrates Vishing and the technique of Authority and urgencency.
Chapter 7: The unhappily happy ending:
With that, we got access to the phone number and other private information about the individual. After a bit of OSINT, we found that most of them are normal people. Some with happy families. I sometimes questioned the legitimacy of this research but it was the truth and truth hurts. Now action against them can be taken by the authority, but this is far from the truth so we thought of making the information public like a pedophile data breach. But also we just scratched the surface and got a few details. We need the support of people who are insiders willing to support the cause. Let’s put an end to this horrible disease. Until then… TEAM RAVAAN:)
Criticism is something you can easily avoid — by saying nothing, doing nothing, and being nothing -Aristotle