Operation Torpedo was a 2011 operation in which the FBI compromised three different hidden services hosting child pornography, which would then target anyone who happened to access them using a network investigative technique (NIT).
The operation started after Dutch police compromised a hidden service called Pedoboard, and found it was physically located at a Nebraska web hosting company. The ensuing FBI investigation found that an employee, Aaron McGrath, was operating two child pornography sites at his work and one at his home. After a year of surveillance, the FBI arrested McGrath and took control of his three sites (PedoBoard, PedoBook, TB2) for a two-week period starting in November 2012. During this time the websites were modified to serve up a network investigative technique (NIT), which would attempt to unmask visitors by revealing their IP address, operating system and web browser.
The NIT was successful in revealing approximately 25 domestic users as well as numerous foreign users. The NIT code was revealed as part of the case USA v Cottom et al. Researchers from University of Nebraska at Kearney and Dakota State University reviewed the NIT code and found that it was a Flash application that would ping a user's real IP address back to an FBI controlled server, rather than routing their traffic through the Tor network and protecting their identity. It used a technique from Metasploit's "decloaking engine" and only affected users who had not updated their Tor web browser. An investigation by Daily Dot claimed that the NIT was created by former part-time employee of Tor Project and Vidalia developer Matthew Edman and was internally known as "Cornhusker".
The US Department of Justice noted in December 2015 that besides McGrath, 18 users in the USA had been convicted as a result of the operation. One user caught by the NIT had accessed the site for only nine minutes and had since wiped his computer, yet a month-later police search of his home and digital devices found (through digital forensics) image thumbnails indicating past presence of downloaded child pornography, as well as text instructions on accessing and downloading child pornography. Another user was unmasked through his messages with an undercover FBI agent, and this user turned out to be Timothy DeFoggi, who was at that time the Acting Director of Cybersecurity at the United States Department of Health and Human Services.
- "Visit the Wrong Website, and the FBI Could End Up in Your Computer". WIRED. Retrieved 2020-01-19.
- Pagliery, Jose (2016-01-25). "FBI hackers took down a child porn ring". Money.cnn.com. Retrieved 2020-01-19.
- "Info". www.justice.gov. Retrieved 2020-01-19.
- "Federal Cybersecurity Director Found Guilty on Child Porn Charges". WIRED. 2014-08-26. Retrieved 2020-01-19.
- "Feds bust through huge Tor-hidden child porn site using questionable malware". Ars Technica. 2015-07-16. Retrieved 2020-01-19.
- Kevin Poulsen (Wired.com) (2015-06-30). "FBI Tor busting 227 1". Documentcloud.org. Retrieved 2020-01-19.
- Ashley Podhradsky (2017-01-17). "Scholarly Commons - Annual ADFSL Conference on Digital Forensics, Security and Law: Reverse Engineering a Nit That Unmasks Tor Users". Commons.erau.edu. Retrieved 2020-01-19.
- "The FBI Used the Web's Favorite Hacking Tool to Unmask Tor Users". WIRED. Retrieved 2020-01-19.
- "Archived copy". Archived from the original on 2018-07-05. Retrieved 2018-07-05.CS1 maint: archived copy as title (link)
- "New York Man Sentenced to Six Years in Prison for Receiving and Accessing Child Pornography | OPA | Department of Justice". Justice.gov. 2015-12-17. Retrieved 2020-01-19.
- "United States of America Plaintiff - Appellee v. Michael Huyck Defendant - Appellant | FindLaw". Caselaw.findlaw.com. Retrieved 2020-01-19.
- "Former Acting HHS Cyber Security Director Sentenced to 25 Years in Prison for Engaging in Child Pornography Enterprise | OPA | Department of Justice". Justice.gov. 2015-01-05. Retrieved 2020-01-19.