Security & Infrastructure Tools
Police take down 373,000 fake CSAM sites in Operation Alice
Police and Europol have dismantled 373,000 fake child sexual abuse material (CSAM) sites under Operation Alice, shutting down a Chinese‑based scam platform that advertised counterfeit CSAM packages costing between €17–€215 and attracted around 10,000 users who paid about $400,000. The investigation seized 287 servers—105 in Germany—and issued an arrest warrant for the operator, while Europol highlights its broader child‑protection initiatives such as Help4U and “Stop Child Abuse – Trace an Object.”
International law enforcement action Operation Alice has resulted in the takedown of more than 373,000 dark web sites that advertised fake CSAM packages. The multi-jurisdictional effort, led by Germany and supported by Europol, began in mid-2021 and centered on a platform known as “Alice with Violence CP,” operated by a 35-year-old individual based in China. The operation targeted sites that claimed to offer child sexual abuse material (CSAM) and a range of cybercrime services, including stolen payment data and access to compromised systems.
Investigators say the sites used deceptive previews of supposed CSAM “packages” to lure visitors into supplying email addresses and then paying a fee in Bitcoin, typically ranging from EUR 17 to EUR 250. In return, purchasers received nothing of value. Europol describes the model as a purely fraudulent enterprise built on promises of data volumes—from a few gigabytes to several terabytes of CSAM—that were never delivered. The apparent intent was to monetize curiosity and malice, while keeping the true content out of reach or, more likely, inaccessible to customers.
Estimates indicate around 10,000 users fell prey to the scheme, collectively paying roughly $400,000 to the operator before discovery and disruption. Among those who paid, authorities identified 440 individuals spread across 23 countries, with around 100 suspects continuing to be investigated. Crucially, the operation underscores that mere attempts to acquire illegal material constitute criminal activity in many jurisdictions, highlighting the broader legal risks that accompany such online searches and purchases.
At the height of the scam, the network relied on 287 servers, a substantial portion of which—105 servers—were located in Germany. All of these servers have since been seized, and German authorities have issued an international arrest warrant for the Chinese operator. The seizure of this infrastructure represents a significant success in dismantling a distributed criminal operation that sought to exploit victims’ vulnerability while evading law enforcement through a sprawling and anonymous dark web presence.
The Operation Alice takedown is complemented by Europol’s ongoing and broader child protection initiatives. Among these is the Help4U lifeline for young people facing online sexual abuse, which Europol began supporting in November 2025. The agency is also advancing the Stop Child Abuse – Trace an Object initiative, which invites the public to help identify the origins of objects seen within CSAM material. By tracing objects back to perpetrators, authorities aim to disrupt networks and ultimately rescue children from abuse. These programs reflect a sustained, cross-border commitment to preventing exploitation and reducing the reach of criminal enterprises that seek to profit from harm.
The scale of Operation Alice, involving hundreds of thousands of fraudulent sites and a global network of users, demonstrates both the ingenuity of criminal actors and the persistent vigilance of international law enforcement. It also serves as a reminder of the ongoing online risks associated with illicit CSAM markets and the importance of coordinated responses that combine investigative work, cyber forensics, and public awareness campaigns to deter and disrupt such criminal ecosystems.