Operation Torpedo

Operation Torpedo
Operation Torpedo
Operation Name	Operation Torpedo
Type	child pornography crackdown
Roster
Executed by	The Netherlands, United States
Mission
Target	users of onion service/website Pedoboard, Pedobook and TB2
Timeline
Date begin	2011
Date end	2012
Date executed	November 2012
Results
Suspects	25
Convictions	18
Accounting

Last updated April 05, 2024

Operation Torpedo was a 2011 operation in which the Federal Bureau of Investigation (FBI) compromised three different hidden services hosting child pornography, which would then target anyone who happened to access them using a network investigative technique (NIT).

Investigation History

The operation started after Dutch law enforcement compromised a hidden service called Pedoboard, and found it was physically located at a Nebraska web hosting company.^[1]^[2] The ensuing FBI investigation found that an employee, Aaron McGrath, was operating two child pornography sites at his work and one at his home. After a year of surveillance, the FBI arrested McGrath and took control of his three sites (PedoBoard, PedoBook, TB2) for a two-week period starting in November 2012.^[3]

Methodology

The FBI seized access to the web sites after his arrest and continued to run them for a two week period. During this time the websites (onion services) were modified to serve up a NIT in what is termed a "watering hole attack", which would attempt to unmask visitors by revealing their IP address, operating system and web browser. The NIT code was revealed as part of the case USA v Cottom et al. Researchers from University of Nebraska at Kearney and Dakota State University reviewed the NIT code and found that it was an Adobe Flash application that would ping a user's real IP address back to an FBI controlled server, rather than routing their traffic through the Tor network and protecting their identity. It used a technique from Metasploit's "decloaking engine" and only affected users who had not updated their Tor web browser.^[4]^[5]^[6]^[7] An investigation by The Daily Dot claimed that the NIT was created by former part-time employee of The Tor Project and Vidalia developer Matthew Edman and was internally known as "Cornhusker".^[8]

Results

The NIT was successful in revealing approximately 25 domestic users as well as numerous foreign users.^[9] The U.S. Department of Justice noted in December 2015 that besides McGrath, 18 users in the United States had been convicted as a result of the operation.^[10] One user caught by the NIT had accessed the site for only nine minutes and had since wiped his computer, yet a month-later police search of his home and digital devices found—through digital forensics—image thumbnails indicating past presence of downloaded child pornography, as well as text instructions on accessing and downloading child pornography.^[11] Another user was unmasked through his messages with an undercover FBI agent, and this user turned out to be Timothy DeFoggi, who was at that time the acting director of cybersecurity at the U.S. Department of Health and Human Services.^[9]^[12]

Related Research Articles

Operation Avalanche was a major United States investigation of child pornography on the Internet launched in 1999 after the arrest and conviction of Thomas and Janice Reedy, who operated an Internet pornography business called Landslide Productions in Fort Worth, Texas. It was made public in early August 2001 at the end of Operation Avalanche that 100 arrests were made out of 144 suspects. It was followed by Operation Ore in the United Kingdom, Operation Snowball in Canada, Operation Pecunia in Germany, Operation Amethyst in Ireland and Operation Genesis in Switzerland.

Cartoon pornography, or animated pornography, is the portrayal of illustrated or animated fictional cartoon characters in erotic or sexual situations. Animated cartoon pornography, or erotic animation, is a subset of the larger field of adult animation, not all of which is sexually explicit.

Watering hole is a computer attack strategy in which an attacker guesses or observes which websites an organization often uses and infects one or more of them with malware. Eventually, some member of the targeted group will become infected. Hacks looking for specific information may only attack users coming from a specific IP address. This also makes the hacks harder to detect and research. The name is derived from predators in the natural world, who wait for an opportunity to attack their prey near watering holes.

Tor, short for The Onion Router, is free and open-source software for enabling anonymous communication. It directs Internet traffic via a free, worldwide volunteer overlay network that consists of more than seven thousand relays.

The Hidden Wiki was a dark web MediaWiki wiki operating as Tor hidden services that could be anonymously edited after registering on the site. The main page served as a directory of links to other .onion sites.

Maksym Shynkarenko, a citizen of Kharkiv, Ukraine, was indicted on September 16, 2008 by the grand jury for the United States District Court for the District of New Jersey on one count of conspiracy to transport and ship child pornography; sixteen counts of transportation and shipment of child pornography; one count of conspiracy to advertise child pornography; 12 counts of advertising child pornography; one count of engaging in a child exploitation enterprise; and one count of money laundering under the relevant 18 U.S.C. Sections: 2251, 2252A, 1956, and 2.

Tor Mail was a Tor hidden service that went offline in August 2013 after an FBI raid on Freedom Hosting. The service allowed users to send and receive email anonymously to email addresses inside and outside the Tor network.

Lolita City was a child pornography website that used hidden services available through the Tor network. The site hosted images and videos of underage males and females ranging up to 17 years of age. The website was hosted by Freedom Hosting, a defunct Tor based web hosting provider.

Freedom Hosting was a Tor specialist web hosting service that was established in 2008. At its height in August 2013, it was the largest Tor web host.

The dark web is the World Wide Web content that exists on darknets: overlay networks that use the Internet but require specific software, configurations, or authorization to access. Through the dark web, private computer networks can communicate and conduct business anonymously without divulging identifying information, such as a user's location. The dark web forms a small part of the deep web, the part of the web not indexed by web search engines, although sometimes the term deep web is mistakenly used to refer specifically to the dark web.

Tor Bernhard Ekeland is a New York City based computer, trial and appellate lawyer. He is best known for representing hackers prosecuted under the Computer Fraud and Abuse Act ("CFAA"), as well as white-collar defendants, in federal criminal court and on appeal across the United States.

Operation Onymous was an international law enforcement operation targeting darknet markets and other hidden services operating on the Tor network.

Doxbin was an onion service. It was a pastebin primarily used by people posting personal data of any person of interest.

<span class="mw-page-title-main">Carding (fraud)</span> Crime involving the trafficking of credit card data

Carding is a term of the trafficking and unauthorized use of credit cards. The stolen credit cards or credit card numbers are then used to buy prepaid gift cards to cover up the tracks. Activities also encompass exploitation of personal data, and money laundering techniques. Modern carding sites have been described as full-service commercial entities.

Network Investigative Technique, or NIT, is a form of malware employed by the FBI since at least 2002. It is a drive-by download computer program designed to provide access to a computer.

Playpen was a notorious darknet child pornography website that operated from August 2014 to March 2015. The website operated through the Tor network which allowed users to use the website anonymously. After running the website for 6 months, the website owner Steven W. Chase was captured by the FBI. After his capture, the FBI continued to run the website for another 13 days as part of Operation Pacifier.

Government hacking permits the exploitation of vulnerabilities in electronic products, especially software, to gain remote access to information of interest. This information allows government investigators to monitor user activity and interfere with device operation. Government attacks on security may include malware and encryption backdoors. The National Security Agency's PRISM program and Ethiopia's use of FinSpy are notable examples.

Joshua Adam Schulte is a former Central Intelligence Agency (CIA) employee who was convicted of leaking classified documents to WikiLeaks. WikiLeaks published the documents as Vault 7, which The New York Times called "the largest loss of classified documents in the agency's history and a huge embarrassment for C.I.A. officials." After his conviction, the Department of Justice called it "one of the most brazen and damaging acts of espionage in American history."

The Welcome to Video case involved the investigation and prosecution of a child pornography ring which traded videos through the South Korean website Welcome to Video, owned and operated by Son Jung-woo. Authorities estimated about 360,000 downloads had been made through the website, which had roughly 1.2 million members, 4,000 of which were paid members, from 38 countries. Through international cooperation and investigations, 337 people were arrested on charges of possessing child pornography.

References

↑ Poulsen, Kevin. "Visit the Wrong Website, and the FBI Could End Up in Your Computer". WIRED. Archived from the original on 2020-02-04. Retrieved 2020-01-19.
↑ Pagliery, Jose (2016-01-25). "FBI hackers took down a child porn ring". Money.cnn.com. Archived from the original on 2020-06-01. Retrieved 2020-01-19.
↑ "Info". www.justice.gov. Archived from the original on 2020-11-01. Retrieved 2020-01-19.
↑ "Feds bust through huge Tor-hidden child porn site using questionable malware". Ars Technica. 2015-07-16. Archived from the original on 2020-03-24. Retrieved 2020-01-19.
↑ Kevin Poulsen (Wired.com) (2015-06-30). "FBI Tor busting 227 1". Documentcloud.org. Archived from the original on 2018-07-02. Retrieved 2020-01-19.
↑ Ashley Podhradsky (2017-01-17). "Scholarly Commons - Annual ADFSL Conference on Digital Forensics, Security and Law: Reverse Engineering a Nit That Unmasks Tor Users". Annual Adfsl Conference on Digital Forensics, Security and Law. Commons.erau.edu. Archived from the original on 2018-07-02. Retrieved 2020-01-19.
↑ Poulsen, Kevin. "The FBI Used the Web's Favorite Hacking Tool to Unmask Tor Users". WIRED. Archived from the original on 2019-02-22. Retrieved 2020-01-19.
↑ "Former Tor developer created malware for the FBI to hack Tor users | the Daily Dot". The Daily Dot . Archived from the original on 2018-07-05. Retrieved 2018-07-05.
1 2 "Federal Cybersecurity Director Found Guilty on Child Porn Charges". WIRED. 2014-08-26. Archived from the original on 2019-02-23. Retrieved 2020-01-19.
↑ "New York Man Sentenced to Six Years in Prison for Receiving and Accessing Child Pornography | OPA | Department of Justice". Justice.gov. 2015-12-17. Archived from the original on 2018-07-05. Retrieved 2020-01-19.
↑ "United States of America Plaintiff - Appellee v. Michael Huyck Defendant - Appellant | FindLaw". Caselaw.findlaw.com. Archived from the original on 2018-07-05. Retrieved 2020-01-19.
↑ "Former Acting HHS Cyber Security Director Sentenced to 25 Years in Prison for Engaging in Child Pornography Enterprise | OPA | Department of Justice". Justice.gov. 2015-01-05. Archived from the original on 2018-07-02. Retrieved 2020-01-19.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] Poulsen, Kevin. "Visit the Wrong Website, and the FBI Could End Up in Your Computer". WIRED. Archived from the original on 2020-02-04. Retrieved 2020-01-19.

[2] Pagliery, Jose (2016-01-25). "FBI hackers took down a child porn ring". Money.cnn.com. Archived from the original on 2020-06-01. Retrieved 2020-01-19.

[3] "Info". www.justice.gov. Archived from the original on 2020-11-01. Retrieved 2020-01-19.

[4] "Feds bust through huge Tor-hidden child porn site using questionable malware". Ars Technica. 2015-07-16. Archived from the original on 2020-03-24. Retrieved 2020-01-19.

[5] Kevin Poulsen (Wired.com) (2015-06-30). "FBI Tor busting 227 1". Documentcloud.org. Archived from the original on 2018-07-02. Retrieved 2020-01-19.

[6] Ashley Podhradsky (2017-01-17). "Scholarly Commons - Annual ADFSL Conference on Digital Forensics, Security and Law: Reverse Engineering a Nit That Unmasks Tor Users". Annual Adfsl Conference on Digital Forensics, Security and Law. Commons.erau.edu. Archived from the original on 2018-07-02. Retrieved 2020-01-19.

[7] Poulsen, Kevin. "The FBI Used the Web's Favorite Hacking Tool to Unmask Tor Users". WIRED. Archived from the original on 2019-02-22. Retrieved 2020-01-19.

[8] "Former Tor developer created malware for the FBI to hack Tor users | the Daily Dot". The Daily Dot . Archived from the original on 2018-07-05. Retrieved 2018-07-05.

[WiredDeFoggi-9] 1 2 "Federal Cybersecurity Director Found Guilty on Child Porn Charges". WIRED. 2014-08-26. Archived from the original on 2019-02-23. Retrieved 2020-01-19.

[10] "New York Man Sentenced to Six Years in Prison for Receiving and Accessing Child Pornography | OPA | Department of Justice". Justice.gov. 2015-12-17. Archived from the original on 2018-07-05. Retrieved 2020-01-19.

[11] "United States of America Plaintiff - Appellee v. Michael Huyck Defendant - Appellant | FindLaw". Caselaw.findlaw.com. Archived from the original on 2018-07-05. Retrieved 2020-01-19.

[12] "Former Acting HHS Cyber Security Director Sentenced to 25 Years in Prison for Engaging in Child Pornography Enterprise | OPA | Department of Justice". Justice.gov. 2015-01-05. Archived from the original on 2018-07-02. Retrieved 2020-01-19.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]