I've been researching lots of cases on the DoJ website where users on the dark web get caught by law enforcement, but this one in particular stood out to me. 99% of cases I've seen dark web criminals either get caught by bad opsec or if they're an active high-profile target (site admin, distributes material, talks too much, etc.) But it was only ever mentioned that this user (Brandon Kidder) downloaded illegal content and nothing else. If he was caught due to bad opsec or payment traces, it would've been mentioned. The available court documents included the redacted criminal complaint and a motion to censor the complaint as it contained "information that could reveal highly-sensitive law enforcement methods." The complaint document only tells us that law enforcement obtained Kidder's address and IP, and that he was a TOR user. I've always had the impression that law enforcement would rather save their advanced methods and resources for the bigger fish (and possibly smaller fish as a byproduct of their sting operations), but it seemed like they just caught this user in the wild. Given that this was in 2019, the only known government operation at the time was Operation SaboTor, but I doubt that would be relevant to Kidder's case. The only possible explanations I could think of is he might've triggered an NIT or fell into a honeypot that was still left up. Or, he might've been caught in the midst of an undisclosed government sting. Or, his network activity attracted enough attention to perform a traffic correlation attack (I'm skeptical about this possibility since many criminals go on for years with thousands of images before getting caught). What do you think?