Operation Torpedo was a 2011 operation in which the Federal Bureau of Investigation (FBI) compromised three different hidden services hosting child pornography, which would then target anyone who happened to access them using a network investigative technique (NIT).
The operation started after Dutch law enforcement compromised a hidden service called Pedoboard, and found it was physically located at a Nebraska web hosting company. The ensuing FBI investigation found that an employee, Aaron McGrath, was operating two child pornography sites at his work and one at his home. After a year of surveillance, the FBI arrested McGrath and took control of his three sites (PedoBoard, PedoBook, TB2) for a two-week period starting in November 2012. During this time the websites were modified to serve up a NIT, which would attempt to unmask visitors by revealing their IP address, operating system and web browser.
The NIT was successful in revealing approximately 25 domestic users as well as numerous foreign users. The NIT code was revealed as part of the case USA v Cottom et al. Researchers from University of Nebraska at Kearney and Dakota State University reviewed the NIT code and found that it was an Adobe Flash application that would ping a user's real IP address back to an FBI controlled server, rather than routing their traffic through the Tor network and protecting their identity. It used a technique from Metasploit's "decloaking engine" and only affected users who had not updated their Tor web browser. An investigation by The Daily Dot claimed that the NIT was created by former part-time employee of The Tor Project and Vidalia developer Matthew Edman and was internally known as "Cornhusker".
The U.S. Department of Justice noted in December 2015 that besides McGrath, 18 users in the United States had been convicted as a result of the operation. One user caught by the NIT had accessed the site for only nine minutes and had since wiped his computer, yet a month-later police search of his home and digital devices found—through digital forensics—image thumbnails indicating past presence of downloaded child pornography, as well as text instructions on accessing and downloading child pornography. Another user was unmasked through his messages with an undercover FBI agent, and this user turned out to be Timothy DeFoggi, who was at that time the acting director of cybersecurity at the U.S. Department of Health and Human Services.
- ^ Poulsen, Kevin. "Visit the Wrong Website, and the FBI Could End Up in Your Computer". WIRED. Retrieved 2020-01-19.
- ^ Pagliery, Jose (2016-01-25). "FBI hackers took down a child porn ring". Money.cnn.com. Retrieved 2020-01-19.
- ^ "Info". www.justice.gov. Retrieved 2020-01-19.
- ^ a b "Federal Cybersecurity Director Found Guilty on Child Porn Charges". WIRED. 2014-08-26. Retrieved 2020-01-19.
- ^ "Feds bust through huge Tor-hidden child porn site using questionable malware". Ars Technica. 2015-07-16. Retrieved 2020-01-19.
- ^ Kevin Poulsen (Wired.com) (2015-06-30). "FBI Tor busting 227 1". Documentcloud.org. Retrieved 2020-01-19.
- ^ Ashley Podhradsky (2017-01-17). "Scholarly Commons - Annual ADFSL Conference on Digital Forensics, Security and Law: Reverse Engineering a Nit That Unmasks Tor Users". Annual Adfsl Conference on Digital Forensics, Security and Law. Commons.erau.edu. Retrieved 2020-01-19.
- ^ Poulsen, Kevin. "The FBI Used the Web's Favorite Hacking Tool to Unmask Tor Users". WIRED. Retrieved 2020-01-19.
- ^ "Former Tor developer created malware for the FBI to hack Tor users | the Daily Dot". The Daily Dot. Archived from the original on 2018-07-05. Retrieved 2018-07-05.
- ^ "New York Man Sentenced to Six Years in Prison for Receiving and Accessing Child Pornography | OPA | Department of Justice". Justice.gov. 2015-12-17. Retrieved 2020-01-19.
- ^ "United States of America Plaintiff - Appellee v. Michael Huyck Defendant - Appellant | FindLaw". Caselaw.findlaw.com. Retrieved 2020-01-19.
- ^ "Former Acting HHS Cyber Security Director Sentenced to 25 Years in Prison for Engaging in Child Pornography Enterprise | OPA | Department of Justice". Justice.gov. 2015-01-05. Retrieved 2020-01-19.