FBI Deploying Large-Scale Hacking With Little To No Judicial Oversight

from the 'we-just-need-to-coughcompromiseabunchofcomputerscough.-please-sign-here. dept

With an apparent minimum of judicial oversight, the FBI is engaging in large-scale hacking campaigns, Vice's Joseph Cox reports.

In order to fight what it has called one of the largest child pornography sites on the dark web, the FBI hacked over a thousand computers, according to court documents reviewed by Motherboard and interviews with legal parties involved.

“This kind of operation is simply unprecedented,” Christopher Soghoian, principal technologist at the American Civil Liberties Union (ACLU), told Motherboard in a phone interview.
The FBI appears to have exploited flaws in the Tor browser to use a seized server as a honeypot for its child pornography investigations. Rather than take a seized server offline, the FBI kept it running, using it to gather a wealth of information from anyone who attempted to create an account.
[T]he FBI ran Playpen from its own servers in Newington, Virginia, from February 20 to March 4, reads a complaint filed against a defendant in Utah. During this time, the FBI deployed what is known as a network investigative technique (NIT), the agency's term for a hacking tool.
The specifics of the hacking tool are unknown, but it intercepted a large amount of device-specific data, including the operating system used, Host Name, username, MAC address and whether or not a particular computer had previously been compromised by the FBI's hacking tool.

All told, the FBI gathered information on more than 1,300 Playpen users during this two-week span. The documents state the FBI now has over a thousand "true IP addresses" in its possession -- which isn't nearly the same thing as having positively ID'ed several hundred individuals. And, while it's difficult to complain about efforts made to take down child pornographers, it's highly likely the warrant was obtained from a judge who had no idea what she was authorizing.
Magistrate Judge Theresa C. Buchanan in the Eastern District of Virginia, who signed the warrant used for the NIT, did not respond to questions on whether she understood that the warrant would grant the power to hack anyone who signed up to Playpen, or whether she consulted technical experts before signing it, and her office said not to expect a reply.
The ACLU's Chris Soghoian says the DOJ seeks NIT authorization using "very vague" wording that obscures the methods deployed and the scope of surveillance effort. Federal public defender Colin Fieman, who is already handling several cases tied to the FBI's takeover of the Playpen server, says the warrant is a surveillance blank check.
Fieman said that the warrant “effectively authorizes an unlimited number of searches, against unidentified targets, anywhere in the world.”
This is the power the FBI desires. The DOJ is pushing for an update to existing statutes that would grant the FBI permission to do exactly this. It has already demonstrated its willingness to treat servers in foreign countries as unprotected territory where it can do as it wishes. With the warrant it obtained here, the FBI is treating domestic computers with the same lack of concern. Thanks to its obfuscatory warrant applications, it's being granted this power by judges who have no idea what they're dealing with or have been misled by the agency's creative phrasing.

Filed Under: fbi, hacking, surveillance, tor

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. icon
    Chris Rhodes (profile), 8 Jan 2016 @ 5:30am


    To be entrapment, they would have to persuade or convince you to do something you otherwise wouldn't have done without their interference. If an FBI agent had called you up out the blue, told you about the site, and then asked you to sign up, that would be entrapment.

    This isn't even close to entrapment, however, since they didn't invite anyone to sign up. It's even less entrapment than it would be if the site were on the clearnet, since dark net sites have to be searched out specifically.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Special Affiliate Offer

Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it

Email This

This feature is only available to registered users. Register or sign in to use it.