The former acting cybersecurity director for the US Department of Health and Human Services, Tim DeFoggi, was convicted yesterday on three child porn charges.
As reported byWired,DeFoggi is the sixth suspect to be caught by the FBI’s Operation Torpedo, which used controversial methods of defeating the Tor anonymizing software in order to find child porn suspects.
One site frequented byDeFoggi wasPedoBook, hosted by Aaron McGratha Nebraska man who was convicted earlier for his role in the operations. The websites were only accessible to users who installed Tor on their browsers. DeFoggi used names such as “fuckchrist” and “PTasseater”to register on thesites, where he could view more than 100 videos and more than 17,000 child porn images.
The FBI seized McGrath’s site in late 2012 after monitoring him for a year. Then they kept it up and running for several more weeks, gathering private communications from DeFoggi and other users. The FBI used “various investigative techniques to defeat the anonymous browsing technology afforded by the Tor network.”
The techniques used include “drive-by downloads,” in which a website installs malware on every visitor’s computer.
Such a deployment “can be a bulky full-featured backdoor program that gives the government access to your files, location, web history and webcam for a month at a time, or a slim, fleeting wisp of code that sends the FBI your computers name and address, and then evaporates,” explained Wired in an earlier piece on Operation Torpedo.
Having set up such atrap, FBI agents got to know DeFoggi better. Wired’s Kim Zetter explains:
During chats DeFoggi described using Tor to access PedoBook early in the morning hours and between 4 and 6 pm. Among the evidence seized against him was pen register/trap trace data obtained from Verizon showing someone at his Maryland residence using Tor during these hours as well as the IP addresses used by an AOL account under the username ptasseater, which pointed to DeFoggis home.
When agents arrived at his home early one morning to execute a search warrant, they had to pry him from his laptop, which was in the process of downloading a child porn video from a Tor web site called OPVA, or Onion Pedo Video Archive. In addition to child porn images stored on his computer, authorities also found evidence of his Tor browser history, showing some of his activity at PedoBook and OPVA.
DeFoggi worked for the Department of Health and Human Services from 2008 until January of this year. He’s scheduled to be sentenced in November.