Skip to content
Former US cybersecurity director gets 25 years for child abuse images
Naked Security Naked Security

Former US cybersecurity director gets 25 years for online child abuse

The former acting director of cybersecurity for the US Department of Health and Human Services is one of 6 so far to be convicted in an ongoing FBI investigation that used drive-by malware to track the online activities of child abusers.

Image courtesy of Omaha Police DepartmentThe former acting director of cybersecurity for the US Department of Health and Human Services (HHS) has been sentenced to 25 years in federal prison over his activities on a child abuse image website that was hidden – but not particularly well – on the Deep Web and accessed via the Tor anonymity network.

Timothy DeFoggi, 56, was convicted on 26 August 2014 after a four-day jury trial in the state of Nebraska.

The charges against him were: engaging in a child exploitation enterprise, conspiracy to advertise and distribute child pornography, and accessing a computer with intent to view child pornography.

In a Department of Justice release, Assistant Attorney General Leslie R. Caldwell was quoted as saying that DeFoggi used the same technology skills he employed at HHS to conduct his crimes:

Using the same technological expertise he employed as Acting Director of Cyber Security at HHS, DeFoggi attempted to sexually exploit children and traffic in child pornography through an anonymous computer network of child predators.

In August, it came to light that the FBI had been silently installing drive-by spyware in its quest to identify and prosecute child abuse image traffickers hiding behind Tor.

The agency not only cracked an unsecured forum for child abuse images hidden on Tor; they then took over three offending sites and booby-trapped them with spyware.

The operation began with an investigation in the Netherlands in August 2011, where national police looking to crack down on the crime of child abuse imagery wrote a web crawler that prowled the Deep Web – which is the portion of World Wide Web content not indexed by standard search engines – siphoning off every Tor address it came across.

They methodically checked out all the hidden addresses the crawler pulled in, determining which were sites devoted to child abuse imagery.

If the sites had been hosted on the World Wide Web then the story would end there: the FBI could have identified the sites’ owners and locations quite easily. On the Dark Web those details are tucked away under the anonymising routing layers of the Tor network.

But one of the sites, going by the stomach-churning moniker “Pedoboard”, had a good old fashioned security problem – an administrator account with no password.

The FBI walked through that open door and poked around until they found enough clues about the real location of the site to arrest its owner, Aaron McGrath, in November 2012.

They identified McGrath as the administrator of three websites that advertised and distributed child abuse imagery.

McGrath was running sites out of the server farm where he worked in Nebraska, along with one server at his home.

The agents didn’t shut the sites down. Rather, they baited them with malware and kept them running for three weeks.

Over the course of the investigation, the FBI identified 25 Tor users of child abuse imagery sites, from states all over the US.

DeFoggi was the sixth man to be convicted as part of the ongoing investigation.

McGrath was convicted in January 2014 and sentenced to 20 years in prison.

According to the Department of Justice (DOJ), users of the website advised each other on how to evade detection by law enforcement, including advice about the proper use of encryption software, techniques to hide or password-protect child image collections, and programs to remove data from a user’s computer.

Beyond sharing child abuse imagery, DeFoggi was also accused of plotting to rape and murder children.

From the DOJ’s statement:

Through the website, DeFoggi accessed child pornography, solicited child pornography from other members, and exchanged private messages with other members in which he expressed an interest in the violent rape and murder of children.  DeFoggi suggested meeting one member in person to fulfill their mutual fantasies to violently rape and murder children.

Last week, Stu Dornan, DeFoggi’s lawyer, wrote to Ars Technica, saying that his client “will be appealing the conviction and sentence and steadfastly maintains his innocence.”

Image of Timothy DeFoggi from Omaha Police Department.


One less pedo to prey on children. And in this case an ounce of prevention … Who says malware can’t have a good purpose ?


Rick wrote: “Who says malware can’t have a good purpose ?”

Errr, that’s a slippery slope you’re starting down, Rick.


I should have enclosed the word malware with quotes since as a forensic tool it wouldn’t fall strictly under the accepted definition of malware.


Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!