As the acting cybersecurity chief of a federal agency, Timothy DeFoggi should have been well versed in the digital footprints users leave behind online when they visit web sites and download images.

But DeFoggiconvicted today in Nebraska on three child porn charges including conspiracy to solicit and distribute child pornmust have believed his use of the Tor anonymizing network shielded him from federal investigators.

Hes the sixth suspect to make this mistake in Operation Torpedo, an FBI operation that targeted three Tor-based child porn sites and that used controversial methods to unmask anonymized users.

But DeFoggis conviction is perhaps more surprising than others owing to the fact that he worked at one time as the acting cybersecurity director of the U.S. Department of Health and Human Services. DeFoggi worked for the department from 2008 until January this year. A department official told Business Insider that DeFoggi worked in the office of the assistant secretary for administration as lead IT specialist but a government budget document for the department from this year (.pdf) identifies a Tim DeFoggi as head of OS IT security operations, reporting to the departments chief information security officer.

The porn sites hes accused of usingincluding one called PedoBookwere hosted on servers in Nebraska and run by Aaron McGrath, who has already been convicted for his role in the sites. The sites operated as Tor hidden servicessites that have special .onion URLs and that cannot normally be traced to the physical location where they are hosted.

Although anyone could use the sites, registered users like DeFoggiwho was known online under the user names fuckchrist and PTasseatercould set up profile pages with an avatar, often child porn images, and personal information and upload files. The site archived more than 100 videos and more than 17,000 child porn and child erotica images, many of them depicting infants and toddlers being sexually abused by adults.

The FBI seized the sites in late 2012, after McGrath failed to secure his administrative account with a password. Agents were able to log in and uncover the IP address of the Nebraska server where he was hosting two of them. McGrath worked at the server farm, and hosted the third site from his home. The FBI monitored him for a year and after arresting him in November 2012 continued to operate his child porn sites secretly from a federal facility in Omaha for several weeks before shutting them down. During this time, they monitored the private communications of DeFoggi and others and engaged in various investigative techniquesto defeat the anonymous browsing technology afford by the Tor network and identify the real IP addresses of users.

These techniques successfully revealed the true IP addresses of approximately 25 domestic users who accessed the sites (a small handful of domestic suspects were identified through other means, and numerous foreign-based suspect IPs were also identified), prosecutors wrote in a court document. In March 2013, twenty suspects were indicted in Nebraska; followed by two others who were indicted the following August.

One of these techniques involved drive-by downloads that infected the computers of anyone who visited McGraths web sites. The FBI has been using malicious downloads in this way since 2002, but focused on targeting users of Tor-based sites only in the last two years.

Tor is free software that lets users surf the web anonymously. Using the Tor browser, the traffic of users is encrypted and bounced through a network of computers hosted by volunteers around the world before it arrives at its destination, thus masking the IP address from which the visitor originates.

View original post here:

Federal Cybersecurity Director Found Guilty on Child Porn Charges