The FBI used a powerful app called Metasploit in “Operation Torpedo,” a 2012 sting against the users of three dark net child porn websites.
Metasploit is one of the world’s most popular penetration testing software. A community of over 200,000 users and contributors back Metasploit, giving information security professionals and criminals alike a powerful tool to test for security holes.
The operation began after the FBI arrested Aaron McGrath, a Nebraska man responsible for hosting the three websites.
At the time, visitors could access McGrath’s sites only via the use of Tor, a well-known anonymizing service. The FBI therefore obtained the permission of a federal magistrate to infect all visitors to those websites with malware that would help expose their IP addresses.
According to Wired, this is the first recorded incident in which the FBI has targeted all visitors to a website instead of using code against a particular suspect.
The operation, which led to the arrest of 14 individuals, relied on the Metasploit Decloaking Engine, a proof-of-concept that assembled five different tricks customers could use to break through anonymization systems.
One of the tricks was a 35-line Flash application that the FBI used to initiate a direct connection with users over the web, thereby bypassing Tor and revealing their true IP addresses.
Since “Operation Torpedo,” the FBI has sought to crack Tor and other anonymizing services on a number of other occasions.
In 2013, the FBI launched a similar malware attack against Freedom Hosting, which maintains the servers for a number of well-known Tor websites. This time, in addition to collecting IP addresses, the FBI succeeded in revealing visitors’ MAC addresses.
More recently, the FBI last month participated in an international legal effort codenamed “Operation Onymous” that shut down a number of drug and contraband underground websites, including Topix and Cloud 9.
In the process, the FBI made 17 arrests, including Blake Benthal, the owner and operator of Silk Road 2.0.