Operation Torpedo was a 2011 operation in which the FBI compromised three different hidden services hosting child pornography, which would then target anyone who happened to access them using a network investigative technique (NIT).
The operation started after Dutch police compromised a hidden service called Pedoboard, and found it was physically located at a Nebraska web hosting company. The ensuing FBI investigation found that an employee, Aaron McGrath, was operating two child pornography sites at his work and one at his home. After a year of surveillance, the FBI arrested McGrath and took control of his three sites (PedoBoard, PedoBook, TB2) for a two-week period starting in November 2012. During this time the websites were modified to serve up a network investigative technique (NIT), which would attempt to unmask visitors by revealing their IP address, operating system and web browser.
The NIT was successful in revealing approximately 25 domestic users as well as numerous foreign users. The NIT code was revealed as part of the case USA v Cottom et al. Researchers from University of Nebraska at Kearney and Dakota State University reviewed the NIT code and found that it was a Flash application that would ping a user's real IP address back to an FBI controlled server, rather than routing their traffic through the Tor network and protecting their identity. It used a technique from Metasploit's "decloaking engine" and only affected users who had not updated their Tor web browser. An investigation by Daily Dot claimed that the NIT was created by former part-time employee of Tor Project and Vidalia developer Matthew Edman and was internally known as "Cornhusker".
The US Department of Justice noted in December 2015 that besides McGrath, 18 users in the USA had been convicted as a result of the operation. One user caught by the NIT had accessed the site for only nine minutes and had since wiped his computer, yet a month-later police search of his home and digital devices found (through digital forensics) image thumbnails indicating past presence of downloaded child pornography, as well as text instructions on accessing and downloading child pornography. Another user was unmasked through his messages with an undercover FBI agent, and this user turned out to be Timothy DeFoggi, who was at that time the Acting Director of Cybersecurity at the United States Department of Health and Human Services.