That, in theory, is a daunting task—Tor hidden services mask their locations behind layers of routing.But when the agents got to a site called “Pedoboard,” they discovered that the owner had foolishly left the administrative account open with no password.

Instead of going for the easy bust, the FBI spent a solid year surveilling Mc Grath, while working with Justice Department lawyers on the legal framework for what would become Operation Torpedo.The NHTCU agents systematically visited each of the sites and made a list of those dedicated to child pornography.Then, armed with a search warrant from the Court of Rotterdam, the agents set out to determine where the sites were located.Now the technique is being adopted by a different kind of a hacker—the kind with a badge.For the last two years, the FBI has been quietly experimenting with drive-by hacks as a solution to one of law enforcement’s knottiest Internet problems: how to identify and prosecute users of criminal websites hiding behind the powerful Tor anonymity system.Reachable only over the Tor network, hidden services are used by organizations that want to evade surveillance or protect users’ privacy to an extraordinary degree.Some users of such service have legitimate and even noble purposes—including human rights groups and journalists.This NIT was purpose-built to identify the computer, and do nothing else—it didn’t collect keystrokes or siphon files off to the bureau. In a two-week period, the FBI collected IP addresses for at least 25 visitors to the sites.Subpoenas to ISPs produced home addresses and subscriber names, and in April 2013, five months after the NIT deployment, the bureau staged coordinated raids around the country.Tor is free, open-source software that lets you surf the web anonymously.It achieves that by accepting connections from the public Internet—the “clearnet”—encrypting the traffic and bouncing it through a winding series of computers before dumping it back on the web through any of over 1,100 “exit nodes.”The system also supports so-called hidden services—special websites, with addresses ending in .onion, whose physical locations are theoretically untraceable.

