Operation Torpedo
 |
| Operation Torpedo | |
|---|---|
| Operation Name | Operation Torpedo |
| Type | child pornography crackdown |
| Roster | |
| Executed by | The Netherlands, United States |
| Mission | |
| Target | users of onion service/website Pedoboard, Pedobook and TB2 |
| Timeline | |
| Date begin | 2011 |
| Date end | 2012 |
| Date executed | November 2012 |
| Results | |
| Suspects | 25 |
| Convictions | 18 |
| Accounting | |
Operation Torpedo was a 2011 operation in which the Federal Bureau of Investigation (FBI) compromised three different hidden services hosting child pornography, which would then target anyone who happened to access them using a network investigative technique (NIT).
Investigation History
The operation started after Dutch law enforcement compromised a hidden service called Pedoboard, and found it was physically located at a Nebraska web hosting company.[1][2] The ensuing FBI investigation found that an employee, Aaron McGrath, was operating two child pornography sites at his work and one at his home. After a year of surveillance, the FBI arrested McGrath and took control of his three sites (PedoBoard, PedoBook, TB2) for a two-week period starting in November 2012.[3]
Methodology
The FBI seized access to the web sites after his arrest and continued to run them for a two week period. During this time the websites (onion services) were modified to serve up a NIT in what is termed a "watering hole attack", which would attempt to unmask visitors by revealing their IP address, operating system and web browser. The NIT code was revealed as part of the case USA v Cottom et al. Researchers from University of Nebraska at Kearney and Dakota State University reviewed the NIT code and found that it was an Adobe Flash application that would ping a user's real IP address back to an FBI controlled server, rather than routing their traffic through the Tor network and protecting their identity. It used a technique from Metasploit's "decloaking engine" and only affected users who had not updated their Tor web browser.[4][5][6][7] An investigation by The Daily Dot claimed that the NIT was created by former part-time employee of The Tor Project and Vidalia developer Matthew Edman and was internally known as "Cornhusker".[8]
Results
The NIT was successful in revealing approximately 25 domestic users as well as numerous foreign users.[9] The U.S. Department of Justice noted in December 2015 that besides McGrath, 18 users in the United States had been convicted as a result of the operation.[10] One user caught by the NIT had accessed the site for only nine minutes and had since wiped his computer, yet a month-later police search of his home and digital devices found—through digital forensics—image thumbnails indicating past presence of downloaded child pornography, as well as text instructions on accessing and downloading child pornography.[11] Another user was unmasked through his messages with an undercover FBI agent, and this user turned out to be Timothy DeFoggi, who was at that time the acting director of cybersecurity at the U.S. Department of Health and Human Services.[9][12]
See also
- Freedom Hosting
- Operation Pacifier
- List of U.S. Cases
References
- ^ Poulsen, Kevin. "Visit the Wrong Website, and the FBI Could End Up in Your Computer". WIRED. Archived from the original on 2020-02-04. Retrieved 2020-01-19.
- ^ Pagliery, Jose (2016-01-25). "FBI hackers took down a child porn ring". Money.cnn.com. Archived from the original on 2020-06-01. Retrieved 2020-01-19.
- ^ "Info". www.justice.gov. Archived from the original on 2020-11-01. Retrieved 2020-01-19.
- ^ "Feds bust through huge Tor-hidden child porn site using questionable malware". Ars Technica. 2015-07-16. Archived from the original on 2020-03-24. Retrieved 2020-01-19.
- ^ Kevin Poulsen (Wired.com) (2015-06-30). "FBI Tor busting 227 1". Documentcloud.org. Archived from the original on 2018-07-02. Retrieved 2020-01-19.
- ^ Ashley Podhradsky (2017-01-17). "Scholarly Commons - Annual ADFSL Conference on Digital Forensics, Security and Law: Reverse Engineering a Nit That Unmasks Tor Users". Annual Adfsl Conference on Digital Forensics, Security and Law. Commons.erau.edu. Archived from the original on 2018-07-02. Retrieved 2020-01-19.
- ^ Poulsen, Kevin. "The FBI Used the Web's Favorite Hacking Tool to Unmask Tor Users". WIRED. Archived from the original on 2019-02-22. Retrieved 2020-01-19.
- ^ "Former Tor developer created malware for the FBI to hack Tor users | the Daily Dot". The Daily Dot. Archived from the original on 2018-07-05. Retrieved 2018-07-05.
- ^ a b "Federal Cybersecurity Director Found Guilty on Child Porn Charges". WIRED. 2014-08-26. Archived from the original on 2019-02-23. Retrieved 2020-01-19.
- ^ "New York Man Sentenced to Six Years in Prison for Receiving and Accessing Child Pornography | OPA | Department of Justice". Justice.gov. 2015-12-17. Archived from the original on 2018-07-05. Retrieved 2020-01-19.
- ^ "United States of America Plaintiff - Appellee v. Michael Huyck Defendant - Appellant | FindLaw". Caselaw.findlaw.com. Archived from the original on 2018-07-05. Retrieved 2020-01-19.
- ^ "Former Acting HHS Cyber Security Director Sentenced to 25 Years in Prison for Engaging in Child Pornography Enterprise | OPA | Department of Justice". Justice.gov. 2015-01-05. Archived from the original on 2018-07-02. Retrieved 2020-01-19.