According to the Norwegian daily Adresseavisen, the FBI used illegal data gathering methods against local users of a cloaked website to reveal their IP addresses and unveil their identities. The illegal hacking reportedly led to dozens of arrests.
Earlier this year, seven men were arrested in Norway in connection with an investigation into an international abuse website. Recently, however, it transpired that the scope of the case in Norway alone is broader than initially thought. The country's National Criminal Investigation Service (Kripos) announced that charges have been brought against 43 Norwegians as a result of the ongoing investigation.
According to Adresseavisen, the wording used by Kripos in describing all cases involving hacking led to neither courts, defenders or local police being able to understand that the evidence had been obtained illegally.
Kripos refused to respond to the question of how the cases originated, but rejected having been aware of information that would have made further investigation illegal.
"When we receive information in this way through our collaboration channels, there is an established starting point that the information we receive is obtained according to the rules applicable in the country in question. Kripos is not familiar with information that would indicate that the data received could not be used as a basis to start the cases," Reinert Ottesen, the head of Kripos court and prosecution unit, said, as quoted by Norwegian national broadcaster NRK.
Nevertheless, data experts and legal scholars are critical of both FBI methods and Kripos procedures. According to law professor Jon Petter Rui at the University of Bergen, Norwegian courts have long deemed admissible illegally obtained evidence, yet cited a change in pattern of late.
The abuse website known as Playpen was active on the Tor network between August 2014 and March 2015. The network keeps its users' identities anonymous. It was forcibly shut down by FBI agents using "special techniques" to obtain information about its users. In total 215,000 people have been identified in connection with the case.