FBI Deploying Large-Scale Hacking With Little To No Judicial Oversight
from the 'we-just-need-to-coughcompromiseabunchofcomputerscough.-please-sign-here. dept
With an apparent minimum of judicial oversight, the FBI is engaging in large-scale hacking campaigns, Vice’s Joseph Cox reports.
In order to fight what it has called one of the largest child pornography sites on the dark web, the FBI hacked over a thousand computers, according to court documents reviewed by Motherboard and interviews with legal parties involved.
“This kind of operation is simply unprecedented,” Christopher Soghoian, principal technologist at the American Civil Liberties Union (ACLU), told Motherboard in a phone interview.
The FBI appears to have exploited flaws in the Tor browser to use a seized server as a honeypot for its child pornography investigations. Rather than take a seized server offline, the FBI kept it running, using it to gather a wealth of information from anyone who attempted to create an account.
[T]he FBI ran Playpen from its own servers in Newington, Virginia, from February 20 to March 4, reads a complaint filed against a defendant in Utah. During this time, the FBI deployed what is known as a network investigative technique (NIT), the agency’s term for a hacking tool.
The specifics of the hacking tool are unknown, but it intercepted a large amount of device-specific data, including the operating system used, Host Name, username, MAC address and whether or not a particular computer had previously been compromised by the FBI’s hacking tool.
All told, the FBI gathered information on more than 1,300 Playpen users during this two-week span. The documents state the FBI now has over a thousand “true IP addresses” in its possession — which isn’t nearly the same thing as having positively ID’ed several hundred individuals. And, while it’s difficult to complain about efforts made to take down child pornographers, it’s highly likely the warrant was obtained from a judge who had no idea what she was authorizing.
Magistrate Judge Theresa C. Buchanan in the Eastern District of Virginia, who signed the warrant used for the NIT, did not respond to questions on whether she understood that the warrant would grant the power to hack anyone who signed up to Playpen, or whether she consulted technical experts before signing it, and her office said not to expect a reply.
The ACLU’s Chris Soghoian says the DOJ seeks NIT authorization using “very vague” wording that obscures the methods deployed and the scope of surveillance effort. Federal public defender Colin Fieman, who is already handling several cases tied to the FBI’s takeover of the Playpen server, says the warrant is a surveillance blank check.
Fieman said that the warrant “effectively authorizes an unlimited number of searches, against unidentified targets, anywhere in the world.”
This is the power the FBI desires. The DOJ is pushing for an update to existing statutes that would grant the FBI permission to do exactly this. It has already demonstrated its willingness to treat servers in foreign countries as unprotected territory where it can do as it wishes. With the warrant it obtained here, the FBI is treating domestic computers with the same lack of concern. Thanks to its obfuscatory warrant applications, it’s being granted this power by judges who have no idea what they’re dealing with or have been misled by the agency’s creative phrasing.
Filed Under: fbi, hacking, surveillance, tor
Comments on “FBI Deploying Large-Scale Hacking With Little To No Judicial Oversight”
One warrant to rule them all…..
…all of which, except for the last item of course, are things any server receives as a matter of course while transacting ordinary business. Why do you present this scary-sounding list that’s actually not scary at all to people who understand the technical terms involved, when you regularly criticize politicians for saying exactly equivalent things when attacking tech companies they don’t like?
Re: Re:
Not over Tor, however, which suggests an exploit in the browser to tell it to send data outside of Tor. Probably a JavaScript hack, since there’s already precedent for using malicious scripts to de-mask Tor users, IIRC.
So my question is, for those who were not involved in any manner, How did the FBI go about removing said hack and malware? Or did they just write it off as no consequence?
Re: Re:
Most likely, the presence of the FBI’s malware on a particular user’s system will be used as evidence that they have the right person and that it wasn’t a case of a neighbor using their WiFi.
Re: Re: Re:
So, removing FBI malware would constitute interfering with a Federal Investigation? And maybe cost a convict more years in the slammer?
How can we distinguish “FBI NIT” from J. Random Malware?
I’m still not clear on how operating a honeypot site isn’t entrapment.
Re: Re:
It’s not entrapment because nobody’s stopped them. If nobody stops ’em, it’s obviously legal.
I’m starting to think that that’s how laws work now.
Re: Re:
To be entrapment, they would have to persuade or convince you to do something you otherwise wouldn’t have done without their interference. If an FBI agent had called you up out the blue, told you about the site, and then asked you to sign up, that would be entrapment.
This isn’t even close to entrapment, however, since they didn’t invite anyone to sign up. It’s even less entrapment than it would be if the site were on the clearnet, since dark net sites have to be searched out specifically.
Re: Re:
Re: Re:
I’d like to know how they’re going to prove they’ve preserved evidence of a crime, as opposed to planting/manufacturing evidence. Once you’ve got root/admin, all bets are off. I wonder if judges and lawyers understand this. Perhaps they’ve determined via parallel construction that someone’s a perpetrator. Hand that person’s details off to this bunch and they can plant unassailable damning evidence (as long as no one looks at it too closely).
All those cop shows I watched went into excruciating detail over chain of evidence stuff and any flaws risk the case falling apart. So, how do they prove they’re not just witch hunting or nailing some random victim to inflate their stats?
I hope they’ve got more than “created account on malicious server” to back them up, especially when the FBI is doing far worse things than that here.
The FBI are terrorists