Cybersecurity official uses Tor but still gets caught with child porn
Timothy DeFoggi wrongly thought he was covering his tracks.
The former acting cybersecurity director for the US Department
of Health and Human Services, Tim DeFoggi, was convicted yesterday on
three child porn charges.
As reported by Wired, DeFoggi is the sixth suspect to be caught by the FBI's Operation Torpedo, which used controversial methods of defeating the Tor anonymizing software in order to find child porn suspects.
One site frequented by DeFoggi was PedoBook, hosted by Aaron McGrath—a Nebraska man who was convicted earlier for his role in the operations. The websites were only accessible to users who installed Tor on their browsers. DeFoggi used names such as "fuckchrist" and "PTasseater" to register on the sites, where he could view more than 100 videos and more than 17,000 child porn images.
The FBI seized McGrath's site in late 2012 after monitoring him for a year. Then they kept it up and running for several more weeks, gathering private communications from DeFoggi and other users. The FBI used "various investigative techniques… to defeat the anonymous browsing technology afforded by the Tor network."
The techniques used include "drive-by downloads," in which a website installs malware on every visitor's computer.
Such a deployment "can be a bulky full-featured backdoor program that gives the government access to your files, location, web history and webcam for a month at a time, or a slim, fleeting wisp of code that sends the FBI your computer’s name and address, and then evaporates," explained Wired in an earlier piece on Operation Torpedo.
Having set up such a trap, FBI agents got to know DeFoggi better. Wired's Kim Zetter explains:
As reported by Wired, DeFoggi is the sixth suspect to be caught by the FBI's Operation Torpedo, which used controversial methods of defeating the Tor anonymizing software in order to find child porn suspects.
One site frequented by DeFoggi was PedoBook, hosted by Aaron McGrath—a Nebraska man who was convicted earlier for his role in the operations. The websites were only accessible to users who installed Tor on their browsers. DeFoggi used names such as "fuckchrist" and "PTasseater" to register on the sites, where he could view more than 100 videos and more than 17,000 child porn images.
The FBI seized McGrath's site in late 2012 after monitoring him for a year. Then they kept it up and running for several more weeks, gathering private communications from DeFoggi and other users. The FBI used "various investigative techniques… to defeat the anonymous browsing technology afforded by the Tor network."
The techniques used include "drive-by downloads," in which a website installs malware on every visitor's computer.
Such a deployment "can be a bulky full-featured backdoor program that gives the government access to your files, location, web history and webcam for a month at a time, or a slim, fleeting wisp of code that sends the FBI your computer’s name and address, and then evaporates," explained Wired in an earlier piece on Operation Torpedo.
Having set up such a trap, FBI agents got to know DeFoggi better. Wired's Kim Zetter explains:
During chats DeFoggi described using Tor to access PedoBook early in the morning hours and between 4 and 6 pm. Among the evidence seized against him was pen register/trap trace data obtained from Verizon showing someone at his Maryland residence using Tor during these hours as well as the IP addresses used by an AOL account under the username “ptasseater,” which pointed to DeFoggi’s home.DeFoggi worked for the Department of Health and Human Services from 2008 until January of this year. He's scheduled to be sentenced in November.
When agents arrived at his home early one morning to execute a search warrant, they had to pry him from his laptop, which was in the process of downloading a child porn video from a Tor web site called OPVA, or Onion Pedo Video Archive. In addition to child porn images stored on his computer, authorities also found evidence of his Tor browser history, showing some of his activity at PedoBook and OPVA.
No comments:
Post a Comment