FBI Deploying Large-Scale Hacking With Little To No Judicial Oversight

from the 'we-just-need-to-coughcompromiseabunchofcomputerscough.-please-sign-here. dept

With an apparent minimum of judicial oversight, the FBI is engaging in large-scale hacking campaigns, Vice's Joseph Cox reports.

In order to fight what it has called one of the largest child pornography sites on the dark web, the FBI hacked over a thousand computers, according to court documents reviewed by Motherboard and interviews with legal parties involved.

“This kind of operation is simply unprecedented,” Christopher Soghoian, principal technologist at the American Civil Liberties Union (ACLU), told Motherboard in a phone interview.
The FBI appears to have exploited flaws in the Tor browser to use a seized server as a honeypot for its child pornography investigations. Rather than take a seized server offline, the FBI kept it running, using it to gather a wealth of information from anyone who attempted to create an account.
[T]he FBI ran Playpen from its own servers in Newington, Virginia, from February 20 to March 4, reads a complaint filed against a defendant in Utah. During this time, the FBI deployed what is known as a network investigative technique (NIT), the agency's term for a hacking tool.
The specifics of the hacking tool are unknown, but it intercepted a large amount of device-specific data, including the operating system used, Host Name, username, MAC address and whether or not a particular computer had previously been compromised by the FBI's hacking tool.

All told, the FBI gathered information on more than 1,300 Playpen users during this two-week span. The documents state the FBI now has over a thousand "true IP addresses" in its possession -- which isn't nearly the same thing as having positively ID'ed several hundred individuals. And, while it's difficult to complain about efforts made to take down child pornographers, it's highly likely the warrant was obtained from a judge who had no idea what she was authorizing.
Magistrate Judge Theresa C. Buchanan in the Eastern District of Virginia, who signed the warrant used for the NIT, did not respond to questions on whether she understood that the warrant would grant the power to hack anyone who signed up to Playpen, or whether she consulted technical experts before signing it, and her office said not to expect a reply.
The ACLU's Chris Soghoian says the DOJ seeks NIT authorization using "very vague" wording that obscures the methods deployed and the scope of surveillance effort. Federal public defender Colin Fieman, who is already handling several cases tied to the FBI's takeover of the Playpen server, says the warrant is a surveillance blank check.
Fieman said that the warrant “effectively authorizes an unlimited number of searches, against unidentified targets, anywhere in the world.”
This is the power the FBI desires. The DOJ is pushing for an update to existing statutes that would grant the FBI permission to do exactly this. It has already demonstrated its willingness to treat servers in foreign countries as unprotected territory where it can do as it wishes. With the warrant it obtained here, the FBI is treating domestic computers with the same lack of concern. Thanks to its obfuscatory warrant applications, it's being granted this power by judges who have no idea what they're dealing with or have been misled by the agency's creative phrasing.


Reader Comments (rss)

(Flattened / Threaded)

  1. icon
    Berenerd (profile), Jan 7th, 2016 @ 12:24pm

    One warrant to rule them all.....

    reply to this | link to this | view in thread ]

  2. icon
    Mason Wheeler (profile), Jan 7th, 2016 @ 1:43pm

    The specifics of the hacking tool are unknown, but it intercepted a large amount of device-specific data, including the operating system used, Host Name, username, MAC address and whether or not a particular computer had previously been compromised by the FBI's hacking tool.

    ...all of which, except for the last item of course, are things any server receives as a matter of course while transacting ordinary business. Why do you present this scary-sounding list that's actually not scary at all to people who understand the technical terms involved, when you regularly criticize politicians for saying exactly equivalent things when attacking tech companies they don't like?

    reply to this | link to this | view in thread ]

  3. identicon
    Anonymous Coward, Jan 7th, 2016 @ 1:52pm

    So my question is, for those who were not involved in any manner, How did the FBI go about removing said hack and malware? Or did they just write it off as no consequence?

    reply to this | link to this | view in thread ]

  4. identicon
    Rekrul, Jan 7th, 2016 @ 2:09pm

    Re:

    Most likely, the presence of the FBI's malware on a particular user's system will be used as evidence that they have the right person and that it wasn't a case of a neighbor using their WiFi.

    reply to this | link to this | view in thread ]

  5. identicon
    Rekrul, Jan 7th, 2016 @ 2:13pm

    I'm still not clear on how operating a honeypot site isn't entrapment.

    reply to this | link to this | view in thread ]

  6. identicon
    Anonymous Coward, Jan 7th, 2016 @ 3:11pm

    Re:

    It's not entrapment because nobody's stopped them. If nobody stops 'em, it's obviously legal.

    I'm starting to think that that's how laws work now.

    reply to this | link to this | view in thread ]

  7. identicon
    Median Wilfred, Jan 7th, 2016 @ 3:38pm

    Re: Re:

    So, removing FBI malware would constitute interfering with a Federal Investigation? And maybe cost a convict more years in the slammer?

    How can we distinguish "FBI NIT" from J. Random Malware?

    reply to this | link to this | view in thread ]

  8. identicon
    Anonymous Coward, Jan 7th, 2016 @ 11:11pm

    The FBI are terrorists

    reply to this | link to this | view in thread ]

  9. icon
    Chris Rhodes (profile), Jan 8th, 2016 @ 5:25am

    Re:

    all of which, except for the last item of course, are things any server receives as a matter of course while transacting ordinary business.
    Not over Tor, however, which suggests an exploit in the browser to tell it to send data outside of Tor. Probably a JavaScript hack, since there's already precedent for using malicious scripts to de-mask Tor users, IIRC.

    reply to this | link to this | view in thread ]

  10. icon
    Chris Rhodes (profile), Jan 8th, 2016 @ 5:30am

    Re:

    To be entrapment, they would have to persuade or convince you to do something you otherwise wouldn't have done without their interference. If an FBI agent had called you up out the blue, told you about the site, and then asked you to sign up, that would be entrapment.

    This isn't even close to entrapment, however, since they didn't invite anyone to sign up. It's even less entrapment than it would be if the site were on the clearnet, since dark net sites have to be searched out specifically.

    reply to this | link to this | view in thread ]

  11. identicon
    Anonymous Coward, Jan 8th, 2016 @ 9:49am

    Re:

    > I'm still not clear on how operating a honeypot site isn't entrapment.

    Entrapment involves convincing someone to do something illegal. So if the FBI was spamming out links to the darkweb site and then arresting anyone who went there, that would be entrapment.

    Placing malware on an illegal site instead of taking the site down isn't entrapment, but either the FBI is engaged in two illegal activities (distributing malware and hosting a CP site) or those two activities aren't in themselves* illegal. Either option is rather troubling.

    *The illegality would be to do with either the motives of such activities or the results of such activities. In the first case, anyone in a position of authority can do whatever they want, and in the second, we're entered "preCrime" territory.

    reply to this | link to this | view in thread ]

  12. icon
    tqk (profile), Jan 8th, 2016 @ 11:56am

    Re:

    I'm still not clear on how operating a honeypot site isn't entrapment.

    I'd like to know how they're going to prove they've preserved evidence of a crime, as opposed to planting/manufacturing evidence. Once you've got root/admin, all bets are off. I wonder if judges and lawyers understand this. Perhaps they've determined via parallel construction that someone's a perpetrator. Hand that person's details off to this bunch and they can plant unassailable damning evidence (as long as no one looks at it too closely).

    All those cop shows I watched went into excruciating detail over chain of evidence stuff and any flaws risk the case falling apart. So, how do they prove they're not just witch hunting or nailing some random victim to inflate their stats?

    I hope they've got more than "created account on malicious server" to back them up, especially when the FBI is doing far worse things than that here.

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
New And For A Limited Time

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.