It takes special skills and a certain amount of inside knowledge to crack the secret world of traders in child pornography, Chris Barton, of the NZ Herald, reports.
Peter, aka "Squirrel", was fourth in line when the team made covert entry to a Wellington flat early on May 6, 2008.
Ahead of him were two police officers and Jon "DiNozzo" Peacock who, like Peter, is a senior inspector with the Censorship Compliance Unit of the Department of Internal Affairs.
As they made their way upstairs and moved along the hall to the bedrooms at the rear of the house, another team entered through the back door.
The target, Daniel Jess Moore, had no idea what was about to burst in on him. He was on his computer, which held thousands of child sex files. What Moore did not realise was that he was talking - using Internet Relay Chat, or IRC - to Secret Service agents in the United States, who kept him chatting as the teams moved in.
When the group who had gone in through the front door realised they had found their man, the police did not hesitate, grabbing Moore and wrestling him to the ground to handcuff him. Moore put up a fight, furiously kicking in the direction of his desk.
Peter, who asked that his full name not be disclosed, saw what was happening.
"He was attempting to kick his machine to take the power off. I stood in front of his feet to make sure he couldn't kick any of the plugs out."
The team all knew how important it was to keep Moore's computer live.
"We were very much aware he was encrypting," says Peacock. "We were aware if we didn't get the system live it would be a boat anchor and the success of the case would be hugely compromised."
Kick the power out, or hit a hot key on the keyboard of an encrypted system and all the data is immediately lost, scrambled to indecipherable mush, and only unlocked if you have the correct pass key.
Moore was going to extraordinary efforts to conceal a library of 30,000 child-abuse images and videos, and an illicit network of at least 100 members actively trading in the material.
Moore was the gatekeeper, the security expert using 40-character-long encryption keys to hide his trade.
The operation had begun in October 2007 with the United States Secret Service, and the US Department of Homeland Security tracking a network of people trading and distributing child pornography.
The US agents had infiltrated the network posing as participants and had figured out two key people - one based in the US and Daniel Moore from New Zealand - were running a secret channel.
From internet protocol (IP) address information (an individual footprint we all leave when we are online) provided by the US agents, Department of Internal Affairs inspectors executed a search warrant with a New Zealand internet provider which led them to 32-year-old Moore.
The inspectors here were not surprised. Moore had been convicted in 2003 for distribution and possession of objectionable images.
Moore was using an old part of the internet - a place that's accessed with a different type of software from the ubiquitous browser most use today. It's a cyber place where like-minded people can hang out as a group and "talk" live by typing on their keyboards.
Despite its age, Internet Relay Chat still has its followers, attracting all types - from those into Star Wars, automated quiz sessions or swapping music files, to those who want "adult" sex chat.
The chat rooms or channels are segregated by their topics of interest and clearly named. As for the nefarious zones, Peacock says they are not areas one would stray into accidentally. "There's very much a deliberate set of steps required to participate in those areas."
The Censorship Compliance Unit was a little surprised by what the US agents had found. The unit has had considerable success in tracking New Zealand IRC users over the years, carrying out a number of successful stings. But lately the system seemed to have fallen out of favour as the medium of choice for child-abuse image traders, with most now preferring to use file-sharing networks.
What was alarming was how much more advanced Moore had become.
Peacock: "He had obviously learned a hell of a lot about how to be an operator rather than participant. He was the manager for these channels. He was vetting people gaining access and maintaining the security."
Moore decided who could join the secret channel and how they could enter by handing out passwords and encrypting communications.
"Traditionally, your value or worth is proved by your collection and the type of files you have, plus also a knowledge of security protocols," says Peacock.
As channel operator, Moore would have also set "share ratios", where users given access have to upload files to the server before they are permitted to download. Typically, the ratio would be 3:1 - as a way to create a loyal following and develop trust among the group.
With Moore restrained and his computer still running, Peter began by photographing the scene and then capturing the computer's secrets. The house, a student flat, was not the cleanest, but it was not the worst house the unit has searched.
"It's not uncommon for us to walk into a house that is completely covered in garbage," says Peter. On one occasion, they found a suspect had been urinating into milk bottles. "The people are very much shut-ins - they like to live near their computer."
They are also very secretive. None of Moore's flatmates had any idea of what he was up to, including his female partner who was living with him at the time. "They get very good at hiding their activities. They know how to blend."
Peter is the unit's technical guru, responsible for creating software capture tools now used in 20 countries and translated into five languages.
Everything is branded "Squirrel" - hence the nickname. One tool is called Squirrel Hunter, the software to capture websites is Squirrel Web Sniper and another is called Squirrel Stomper.
"We try to keep it very light here," he says.
So what did he use for the live acquisition and examination of Moore's PC? "
Squirrel USB - I couldn't think of a good name for that one."
Moore was running everything from a notebook-sized external drive. It was easy to hide and enabled him to be highly portable with his operation. The "container" encryption was quite clever, too, as a way of securing a number of files and only having to rely on a single pass phrase to access them.
"It's like having a big bucket, putting all files into the bucket and then encrypting the bucket," says Peter.
It took five days, running rotating shifts, to get all the data from Moore's machine. That involved finding alternative accommodation for the flatmates and taking possession of the house, as well as changing locks on the main power box and the house to ensure Moore, or anyone else, didn't try to get back in or cut the power.
Five days of watching data slowly trickle from one computer to another wasn't exactly riveting.
"Yes, it was tedious, we started to get on each other's nerves," says Steve O'Brien, the unit's national manager, who shared in the shifts. "It was a cold hole as well."
But the end result was satisfying.
The team got data off the drive, and was able to access the memory and identify other passwords Moore was using for others' systems - information that was helpful to US agents in their investigation.
"Some of the stuff he had in his collection is probably as bad as we are ever going to see," says Peacock.
More than 11,000 images and movies were objectionable - depicting pre-pubescent girls aged between 4 and 14 years of age.
The activity depicted ranged from young girls and infants photographed in highly sexualised poses through to images of victims of indecent assault engaging in sexual activity with other children or adults and, in some cases, with animals.
Moore categorised the files into a complex library structure of directories based on the name of the image, a description of the activity in the file or its source.
Investigation work continues in the US, where agents are hopeful of charging more offenders.
For Moore, the trade is less about money than status. "It's about status and the hierarchy. It's about being the top of the food chain - amassing a bigger collection and a fuller collection," says Peacock.
"Often, there will be a movie split down to images and it will be about getting all the images - it's a collecting behaviour."
But it's also clear that people like Moore find it difficult to stop.
Not long after the raid on the flat, Moore was seen in January 2009 following a female along Oriental Parade, Wellington, taking a series of pictures of her as she walked along the footpath. He was arrested for making an intimate covert recording and a laptop computer was seized. It was found to have a child-sexual-abuse image collection numbering about 16,000 files.
A subsequent search of Moore's new address found another computer with a further 3757 image files depicting children engaged in sexual activities.
"We're not that keen on the term addiction, but it was certainly something that he chose not to stop doing," says Peacock. "This guy is very much one of the more serious offenders that we've dealt with."
O'Brien says the unit does try to profile offenders, but it's not easy. One offender told O'Brien he knew what he was doing was wrong, but said he had never viewed images of children under the age of 6, because that would be really wrong. "He thought ages 6 to 12 was OK. Somehow, he had convinced himself that was all right."
Peter takes satisfaction in the unit's ability to take offline someone of Moore's calibre. "We did take down a very major player. It has ramifications internationally - one user here could equate to 200 users internationally."
Meanwhile, he continues to develop his flagship software Squirrel Hunter which allows an investigator to become part of a file-sharing network and quickly identify users trading child-abuse images.
The software also identifies the sharing of known files - files the unit has come across previously and which they've "hashed", effectively creating a digital fingerprint for the file.
Whenever the unit comes across a series of images they haven't seen before, they send them to Interpol or The National Centre for Missing and Exploited Children in the US. Sometimes, that can have dramatic effects - like the time certain features in images led to an offender being tracked down and his child victims being rescued from their situation.
O'Brien says he's noticed a disturbing trend in the type of images now traded since the unit began tracking images on the internet in 1996.
"The material has got a lot younger and a lot more violent. When we first started, a lot was trying to portray consensual action between adult and the child, often with the child smiling."
What do offenders say when they're caught? "I'm surprised how many will thank us. They say, `I've tried to stop, I know it's wrong'."
Some continue to argue that there is nothing wrong with what they're doing. Most, he says, tend to say they are sorry for their actions but didn't know how to stop. "They say, 'Now you've stopped me, I know I'm going to go to jail and I'm almost relieved'."
Last week, Daniel Moore was sentenced to four and a-half years' jail on numerous counts of distributing and possessing objectionable material.
O'Brien says it's a satisfactory outcome. "He will, with that length of sentence, at least get treatment inside as well."
