As the acting cybersecurity chief of a federal agency, Timothy DeFoggi should have been well versed in the digital footprints users leave behind online when they visit web sites and download images.
But DeFoggi—convicted today in Maryland on three child porn charges including conspiracy to solicit and distribute child porn—must have believed his use of the Tor anonymizing network shielded him from federal investigators.
He’s the sixth suspect to make this mistake in Operation Torpedo, an FBI operation that targeted three Tor-based child porn sites and that used controversial methods to unmask anonymized users.
But DeFoggi’s conviction is perhaps more surprising than others owing to the fact that he worked at one time as the acting cybersecurity director of the U.S. Department of Health and Human Services. DeFoggi worked for the department from 2008 until January this year. A department official told Business Insider that DeFoggi worked in the office of the assistant secretary for administration as lead IT specialist but a government budget document for the department from this year (.pdf) identifies a Tim DeFoggi as head of OS IT security operations, reporting to the department’s chief information security officer.
The porn sites he’s accused of using—including one called PedoBook—were hosted on servers in Nebraska and run by Aaron McGrath, who has already been convicted for his role in the sites. The sites operated as Tor hidden services—sites that have special .onion URLs and that cannot normally be traced to the physical location where they are hosted.