Authorities: Child porn ring, weak as weakest link

Share this: Email | Facebook | X

Authorities say the administrators of a major international online child pornography ring went to great lengths to keep investigators from sniffing out their website, on which millions of explicit images were traded.

Members, who numbered 1,000 at its peak, were granted access to the hierarchical group's website by invitation only and had to be vetted by senior members. Only the most trusted members controlled the huge stash of child pornography, and members advised one another in forums on how best to cover their tracks.

But a single weak link brought the network crashing down, allowing investigators to follow a trail of incriminating data from the website to its users and net more than 50 arrests thus far, authorities said.

"Any time we can get in to and, for lack of a better term, 'bust' an online community that has protected itself, that is a big accomplishment," said Matthew Dunn, section chief of the child exploitation section at the U.S. Immigration and Customs Enforcement Cyber Crimes Center, which took part in the investigation.

Federal prosecutors revealed details of their two-year investigation this week, saying more than 50 arrests had been made in the U.S., including 22 of 26 suspects who have been charged in federal court in Indianapolis in an alleged conspiracy to distribute child pornography. Nineteen of the 22 defendants have pleaded guilty or been convicted, and authorities are trying to identify the other four suspects, known only by their screen names.

Prosecutors said they are also trying to extradite the group's alleged leader, Delwyn Savigar, who is serving a 14-year prison term in England after pleading guilty to sexually assaulting or trying to sexually assault three underage girls there. Savigar's attorney did not immediately respond to a phone message Friday seeking comment.

Authorities got wind of the website in late 2007, after an Alabama man who was the target of another investigation gave the U.S. Postal Inspection Service consent to use his electronic accounts, Dunn said. Authorities took over the man's e-mail and online identity, and used it to access the website.

"Once we're in, and we see the material, there's your investigation," Dunn said. "You realize they are distributing child pornography."

Investigators followed clues to computers across the globe, including to hard drives in Indiana, where authorities decided to prosecute the case as a conspiracy.

Dunn said authorities seized the website in February 2008, but its operators, who occasionally switched Internet service providers to avoid detection, put it back online.

In September 2008, the website was shut down for good, as authorities across multiple time zones arrested suspects simultaneously. Savigar was arrested in that takedown, along with suspects in New York, Baltimore, Michigan and California.

Prosecutors waited until this week to announce the arrests because they didn't want to tip off suspects. The latest person arrested in connection with the conspiracy in the U.S. made his first court appearance before a federal magistrate in Indianapolis this week. Edward Oedewaldt has pleaded not guilty.

Oedewaldt's case shows the difficulty in tracking down suspects. He was indicted in September 2008 under his screen name, "Legend," but wasn't arrested until last month, when authorities finally determined who he was and picked him up in Louisiana, Dunn said.

"He took a lot of steps to hide his identity," Dunn said. He said Oedewaldt bragged online that he didn't think he would be caught.

Oedewaldt's attorney, Howard Bergstein, declined to comment Wednesday after the hearing.

According to court documents, forensic experts sifted through hard drives, discovering folders filed with hundreds of thousands of illegal images. They used software programs to trace online activity. They recovered deleted files, and looked at online chats in which they say suspects incriminated themselves.

Some defendants cooperated and ratted out other group members, or told authorities about other forums, court document show.

FBI Supervisory Special Agent Craig Sorum, who runs the Minnesota Cyber Crime Task Force but who did not work on this conspiracy case, said the use of passwords and a strict process for vetting members are common among groups who want to keep law enforcement out. Sometimes, the site operators might ask prospective members to send illegal images before letting them in, much like a drug dealer might ask someone to smoke a joint before making a sale.

"They know the cops and FBI are not going to do that," Sorum said. "When they do that, it's just a way of continuing the activity. It's like drug dealers, you want to make sure you're dealing with the guys in your illegal business."

Several defendants had criminal records for sexually assaulting minors or producing child porn pictures or video, according to court documents. At least two alleged members discussed adopting children, according to the filings.

"We went after everyone we could identify," said Steve Grocki, a Department of Justice lawyer who worked on the case.

Other such networks have been taken down recently. In March 2008, federal authorities announced that nearly two dozen people in the U.S., Germany, Australia and the U.K. had been arrested in connection with the trafficking of child pornography through Internet newsgroups and file-sharing networks. In that case, in which over 400,000 images and video were traded, the group used powerful encryption tools and had a multilayered system to vet new members.

Sorum said there is no way of knowing how many of these online forums exist, because they have names that are not necessarily associated with child pornography, and they can be embedded within other sites.

"They pop up all the time," Sorum said. "Our job is to swoop in and catch them."

Authorities say they believe there were people accessing the website from Europe, including England, France, Germany, the Netherlands and the Nordic countries, as well as from Australia, Canada, Brazil, Chile, Argentina and the Philippines. U.S. prosecutors passed their leads on to other countries for authorities there to follow up, Dunn said.

"Geography is meaningless on the Internet," Grocki said.