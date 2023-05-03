US Marshals’ Secretive Surveillance Wing Still Trying To Recover After Being Hit By Ransomware More Than Two Months Ago

Money can’t buy you everything. Not even the kind of money that’s apparently infinite, if our current federal deficit is any indication.

The US Marshals Service was hit with ransomware in February. And, despite drastic measures being taken by the USMS, the breached system still has yet to return to service.

And it wasn’t just any part of the Marshals Service. It was its innermost sanctum, as Devlin Barrett reports for the Washington Post. Here’s what the hackers targeted:

The computer network was operated by the Marshals’ Technical Operations Group (TOG), a secretive arm within the agency that uses technically sophisticated law enforcement methods to track criminal suspects through their cellphones, emails and web usage. Its techniques are kept secret to prolong their usefulness, and exactly what members of the unit do and how they do it is a mystery even to some of their fellow Marshals personnel.

Sounds bad! Sounds like the sort of thing you’d want to keep ultra-protected to ensure the sort of thing that happened doesn’t happen. That’s where it gets even worse. This super-secret group (one not previously acknowledged or reported) had a bunch of its stuff left out in the open, an apparent oversight by the Marshals Service and one that went unnoticed until someone from the outside noticed it and decided to ransom the TOG’s data stash.

Rather than negotiate with computerrorists, the Marshals Service deployed the nuclear option, much to the surprise of many of TOG’s members.

To limit the potential spread of infected devices and systems, officials decided to wipe the cellphones of those who worked in the hacked system — clearing out their contacts and emails. The action was taken with little advance notice on a Friday night, meaning some employees were caught by surprise, these people said.

The exposed-then-ransomed-then-nuked system was apparently an essential part of the Marshals Service’s fugitive apprehension program. But the Service remains (perhaps a bit too) optimistic that 10 weeks without it (and no resurrection date in sight), it can still go about the business of rounding up bad guys. The statements provided to the Washington Post infer the Service still has plenty of fugitive-hunting options, which is, of course, the sort of thing people in the fugitive-hunting business would say when an apparent crippling of their offensive weaponry is made public.

But for it being so secretive and so high tech, a lot of the fugitive tracking work is still being done the old fashioned way: by grabbing third party records without warrants.

A great deal of the hunting is done through what is called pen register/trap and trace — a means of cellphone surveillance that has evolved along with phone technology.

This law enforcement tactic dates back to the days when almost all phone communication occurred via landlines. These orders can now be used to grab email metadata and cell phone communication data, including metadata on SMS texts. It’s also a handy way to hide Stingray deployments, something I’m sure the Marshals Service has never done. Some services are capable of providing this metadata in near-real time, which leverages the Third Party Doctrine to create ad hoc tracking devices — something that would seem to run afoul of the Supreme Court’s Carpenter decision. And that appears to be the Marshals Service’s PR/TT bread-and-butter:

The Technical Operations Group does so many real-time PR/TT data searches that in many years, it collects more of that data than the FBI and DEA combined…

That’s insane. The FBI and DEA have more personnel and cover far more law enforcement territory (in terms of investigations) than the USMS. And yet, this is the agency that outpaces those agencies’ exploitation of third party records.

That’s a little strange. It’s also a little strange that something called a “Technical Operations Group” relies so heavily on a decidedly old school method of information gathering. Quite certainly it has better and more powerful tools. But its continued reliance on something decades-old suggests there’s still plenty of value in allowing old dogs to continue performing old tricks.

Even old bad dogs. Some within the Marshals Service think the TOG is a rogue unit — one rarely placed under direct oversight and prone to abusing its power. Others think this sort of thing is an ideal to be striven for: a powerful and unsupervised group of go-getters rarely bogged down by red tape or constitutional rights.

But this lack of supervision is likely part of the problem facing the agency now. Its most secret stuff was left exposed, inviting computer criminals to not only attempt to extort money from the government, but also dig through sensitive data pertaining to USMS personnel, its investigations, and the third party contractors it employs. This is an inadvertent plea for direct supervision, albeit one that has cost the Marshals Service some of its capabilities and, undoubtedly, a decent amount of taxpayers’ money.

