Ex Federal cyber security chief Timothy DeFoggi has been found guilty of child abuse as per criminal charges filed against him, say reports. The former director of cyber security at the United States Department of Health and Human Services (HHS) was convicted in Nebraska for three child abuse images offences including distributing and soliciting the explicit content.
Ex Cyber Security Chief Charged For Child Porn Offences
On Tuesday, the US Department of Justice announced that Timothy DeFoggi, 56, was convicted by a federal jury in District of Nebraska of engaging in a child exploitation enterprise, conspiracy to advertise and distribute child abuse images and accessing a computer with intent to view child abuse images in connection with his membership in a child abuse site, according to a press release published by the DOJ.  
Federal prosecutors successfully argued that DeFoggi was a registered member of a website only accessible using the Tor anonymity service and there he “exchanged private messages with other members where he expressed an interest in images and incidents of violent rape and murder of children” between March and December of 2012. It was reported that DeFoggi was the acting director of the Dept. of Health and Human Services when he was detained in May 2013 during a federal crackdown aimed at child abuse sites that existed on the Dark Web, and a HHS official has since confirmed that he stayed with the office until only seven months ago.  

For those who don’t know about Tor, The Tor project, an acronym for ‘The Onion Router’, is a free service which defends the user against traffic surveillance and grants anonymity on the internet. This uses a process called ‘onion routing’, which is called so as like peeling an onion several layers of encryption are removed and relayed through several routes – meaning your location and details are unknown.

He’s the sixth suspect to make this mistake in Operation Torpedo, an FBI operation that targeted three Tor-based child abuse sites and that used controversial methods to unmask anonymized users. 

Ex Cyber Security Chief Charged For Child Porn Offences

But DeFoggi’s conviction is perhaps more surprising than others owing to the fact that he worked at one time as the acting cyber security Director of the U.S. Department of Health and Human Services. DeFoggi worked for the department from 2008 until January this year. A department official told Business Insider that DeFoggi worked in the office of the assistant secretary for administration as lead IT specialist but a government budget document for the department from this year (.pdf) identifies a Tim DeFoggi as head of OS IT security operations, reporting to the department’s chief information security officer.

The child abuse sites he’s accused of using—including one called PedoBook—were hosted on servers in Nebraska and run by Aaron McGrath, who has already been convicted for his role as the webmaster of the the site. The sites operated as Tor anonymizer services—sites that have special .onion URLs and that cannot normally be traced to the physical location where they are hosted.

Although anyone could use the sites, registered users like DeFoggi—who was known online under the user names “fuckchrist” and “PTasseater”—could set up profile pages with an avatar, often child abuse images, and personal information and upload files. The site archived more than 100 videos and more than 17,000 child abuse and child erotica images, many of them depicting infants and toddlers being sexually abused by adults.

The FBI seized the sites in late 2012, after McGrath failed to secure his administrative account with a password. Agents were able to log in and uncover the IP address of the Nebraska server where he was hosting two of them. McGrath worked at the server farm, and hosted the third site from his home. The FBI monitored him for a year and after arresting him in November 2012 continued to operate his child abuse sites secretly from a federal facility in Omaha for several weeks before shutting them down. During this time, they monitored the private communications of DeFoggi and others and engaged in “various investigative techniques…to defeat the anonymous browsing technology afford by the Tor network” and identify the real IP addresses of users.

These techniques “successfully revealed the true IP addresses of approximately 25 domestic users who accessed the sites (a small handful of domestic suspects were identified through other means, and numerous foreign-based suspect IPs were also identified),” prosecutors wrote in a court document. In March 2013, twenty suspects were indicted in Nebraska; followed by two others who were indicted the following August.

Ex Cyber Security Chief Charged For Child Porn Offences

One of these techniques involved drive-by downloads that infected the computers of anyone who visited McGrath’s web sites. The FBI has been using malicious downloads in this way since 2002, but focused on targeting users of Tor-based sites only in the last two years.

The malware that investigators installed remotely on the machines of visitors to PedoBook and McGrath’s other sites was designed to identify the computer’s IP address as well as its MAC address and other identifiers. The results were coordinated raids in April 2013 that swept up more than a dozen suspects.

DeFoggi became part of that sting after becoming a registered member of PedoBook in March 2012 where he remained active until December that year when the FBI shuttered it. During this time DeFoggi, who described himself as “having many perversions,” solicited child abuse images from other members, viewed images and exchanged private messages with other members expressing interest in raping, beating and murdering infants and toddlers.

Among those with whom he corresponded was an FBI undercover employee. During chats DeFoggi described using Tor to access PedoBook early in the morning hours and between 4 and 6 pm. Among the evidence seized against him was pen register/trap trace data obtained from Verizon showing someone at his Maryland residence using Tor during these hours as well as the IP addresses used by an AOL account under the username “ptasseater,” which pointed to DeFoggi’s home.

When agents arrived at his home early one morning to execute a search warrant, they had to pry him from his laptop, which was in the process of downloading a child abuse video from a Tor web site called OPVA, or Onion Pedo Video Archive. In addition to child abuse images stored on his computer, authorities also found evidence of his Tor browser history, showing some of his activity at PedoBook and OPVA.

DeFoggi received many commendations during his government career, according to an exhibit list created by the government for his trial. The list includes several certificates of award from the U.S. Treasury, a certificate of appreciation from the State Department for his work on a Hurricane Katrina task force, several documents related to computer courses he attended and certifications he received.

DeFoggi is scheduled to be sentenced in November.