FBI Sends Computer Information Collected By Its Hacking Tools In Unencrypted Form Over The Open Internet

from the the-(fraying)-ends-justify-the-(sloppy)-means dept

The FBI doesn't want to talk about its secret malware, but with over 100 child porn prosecutions tied to it, it's had to discuss at least a few aspects of its Network Investigative Technique (NIT).

In yet another prosecution -- this one actually taking place in Virginia for a change -- the FBI is once again struggling to withhold details of its NIT from the defense. Suppression of the evidence likely isn't an option, as the warrant it obtained in Virginia was actually deployed in Virginia. I'm sure the FBI is as surprised as anybody by this fortuitous coincidence. But the defendant still wants access to more information, as he is looking to challenge the evidence the FBI collected with its Tor-defeating exploit.

The defendant, Edward Matish, has questions about the chain of custody. FBI Special agent Daniel Alfin, who has testified in other Playpen/NIT cases inadvertently admits there could be problems here, considering the FBI does nothing to protect the information it collects from suspect's computers from being intercepted or altered. (h/t Chris Soghoian)

I have read the Defendant's reply to the Government's Response to the Motion to Compel dated May 23,2016. In the motion, Matish asserts that there are chain of custody problems caused by the fact that the NIT transmitted data "unencrypted over the traditional internet". This assertion is further supported by the declaration of Matthew Miller who states "the IP address relayed to the FBI was unencrypted and subject to attack by hackers" Miller Dec.

So, the NIT the FBI says is so secret it won't discuss it even if facing contempt orders apparently sends back info over the open internet. Agent Alfin plows past this admission, calling the defense expert "wrong" while refusing to discuss the possibility that unencrypted transmissions could be altered.

He is wrong. In fact, the network data stream that has been made available for defense review would be of no evidentiary value had it been transmitted in an encrypted format. Because the data is not encrypted, Matish can analyze the data stream and confirm that the data collected by the government is within the scope of the search warrant that authorized the use of the NIT. Had the data been transmitted in an encrypted format the data stream would be of no evidentiary value as it could not be analyzed.

This is absurd. If Alfin is to be believed, any communications/data sent utilizing end-to-end encryption would be nothing but useless, scrambled gibberish to recipients. The FBI didn't encrypt these transmissions because it probably didn't seem worth the effort… at least not at the time. The FBI could have encrypted the transmissions and delivered the decrypted results to defendants for them to examine. I'm sure it wishes it had done this, now that it's being challenged in court.

This is one more example of the FBI's overconfidence getting in the way of its better judgment. These were supposed to be open-and-shut child porn prosecutions -- a repeat of its mostly under-the-radar use of the same tools and tactics in 2012. But they aren't. They're being challenged and the FBI is going from courtroom to courtroom, putting out fires. And all that scrambling is leading to half-assed explanations like this, which raises serious questions about the FBI's investigative "techniques."

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: daniel alfin, doj, edward matish, encryption, fbi, going dark, hacking, malware, nit, playpen


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 7 Jun 2016 @ 8:47am

    Suddenly, the FBI doesn't care as much about its "operational secrets being learned by the bad guys"?

    reply to this | link to this | view in chronology ]

  • icon
    GrooveNeedle (profile), 7 Jun 2016 @ 9:14am

    Ha! FBI's "expert", am I right?

    reply to this | link to this | view in chronology ]

  • icon
    DannyB (profile), 7 Jun 2016 @ 9:15am

    The FBI is Leading By Example

    Nobody should be using encryption.

    Encryption is causing everything to "go dark".

    The FBI is leading by example, showing you how to send (someone else's) personal and private information over the internet without the need to use encryption.

    Note to all Banking and Commerce sites: please follow the FBI's lead!

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Jun 2016 @ 9:18am

    Federal Bureau of Incompetence

    reply to this | link to this | view in chronology ]

    • icon
      DannyB (profile), 7 Jun 2016 @ 9:30am

      Re:

      But the FBI says:
      Had the data been transmitted in an encrypted format the data stream would be of no evidentiary value as it could not be analyzed.
      This is an example of encryption causing data to 'go dark'.

      If data is encrypted, nobody can read it. Unless they are the holder of a magical Golden Key™ made from genuine Unicorn Horn and sprinkled with magic Pixle Dust.

      Ordinary decryption keys won't work on encrypted data. Thus a magical golden key is needed. And the FBI needs it now! Because terrorists. Oh, wait. Wrong TLA. Because pedophiles!

      This seems perfectly consistent with the FBI's talking points.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Jun 2016 @ 9:18am

    How about any computer system?

    With different companies having what appears to be unfettered access to our systems to run ads, to install and remove software, etc... At what point do we no longer consider our computer systems to be "under our control"? If my house was wide open for thousands of strangers a day to walk thru it, how could I be held responsible for what a stranger drops there?

    When others can display any photo they want on our computer whether it be an advertisement or inappropriate types of photos, how can we continue to be held responsible?

    Our data travels unprotected, our computers are wide open to dozens of companies and government agencies and thousands of hackers to run their bots, yet we get held responsible for every piece of data on them.

    There is a point where courts will have to say we can no longer be held responsible any more than if someone placed an inappropriate childs photo under the wiper of your car in a mall parking lot. It may be attached to something you own, but you have no way to stop it from being done to you and no knowledge of who did it.

    reply to this | link to this | view in chronology ]

    • icon
      DannyB (profile), 7 Jun 2016 @ 9:33am

      Re: How about any computer system?

      Just read this previous techdirt comment and you'll feel safer!

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 7 Jun 2016 @ 10:52am

        Re: Re: How about any computer system?

        Well, isnt that just dandy. I really wish I lived in the days of rotary phones, teletype, and black and white tv's.

        I would suspect people are going to snap soon and they wont be from other countries or the go to "enemy" religion. It really is a shame just how much damage a crooked few in charge can cause and how they can make entire organizations look bad. I knew people growing up who were fbi agents and maybe a was wearing rose colored glasses at the time, but they truly didnt seem to be as slimy as they are now days.

        reply to this | link to this | view in chronology ]

        • icon
          DannyB (profile), 7 Jun 2016 @ 12:42pm

          Re: Re: Re: How about any computer system?

          No matter how sarcastic, however cynical, no matter how wildly and insanely paranoid that I try to write a post, it is either already, or very quickly becomes reality and out of date.

          reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 7 Jun 2016 @ 1:20pm

      Re: How about any computer system?

      @ anon cow 9:18

      great points, thank you for that...

      reply to this | link to this | view in chronology ]

  • identicon
    Michael J. Evans, 7 Jun 2016 @ 10:13am

    It is a dark day for justice when my default gut feeling is the desire for the FBI to fail in this case based on the over-reach, incompetence, and their lack of checks and balances that would have helped protect everyone's interests.

    It is a dark day indeed when I feel that the wrongs of the FBI are automatically greater than those of some guy committing thought crimes (I hope that is the actual extent).

    reply to this | link to this | view in chronology ]

  • icon
    ECA (profile), 7 Jun 2016 @ 10:37am

    Naive

    Understand this?
    I do..
    The idea that the NET should be unencrypted..
    The net should NOT require people to PROTECT themselves..
    That Bots, and Malware, should not be around..
    That Everyone and every corp should be truthful and Honest.

    ANYONE want to run around, in real life, with his ID, and CC exposed to ANYONE??
    WOW, lets just publish all the SS#, with names and addresses..

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Jun 2016 @ 10:47am

    I wonder

    How many cyberterrorist alerts this thing sets of when that open and readable traffic is intercepted by the ... 'other agencies'?

    reply to this | link to this | view in chronology ]

  • icon
    Groaker (profile), 7 Jun 2016 @ 12:32pm

    There is a good reason for the FBI to not use encryption. Unlike other FBI computer systems, high quality encryption is available for mere thousands of dollars, not the billion+ it spent on its last failure. Once installed, encryption makes little or no further addition to the labor burden, thus not justifying more staff.

    reply to this | link to this | view in chronology ]

  • icon
    orbitalinsertion (profile), 7 Jun 2016 @ 1:09pm

    So... the FBI should be pushing for everyone to use encryption then, yes? Can't have a terrorist plot when the terrorists only send each other gibberish, right?

    reply to this | link to this | view in chronology ]

  • icon
    Brian (profile), 7 Jun 2016 @ 1:13pm

    "Had the data been transmitted in an encrypted format the data stream would be of no evidentiary value as it could not be analyzed."

    Does this suggest that the NIT they used required this data to be transmitted in the open so that they could intercept it at another point?

    reply to this | link to this | view in chronology ]

  • icon
    That One Guy (profile), 7 Jun 2016 @ 1:41pm

    "Just how dumb do you think I am?"

    Because the data is not encrypted, Matish can analyze the data stream and confirm that the data collected by the government is within the scope of the search warrant that authorized the use of the NIT. Had the data been transmitted in an encrypted format the data stream would be of no evidentiary value as it could not be analyzed.

    Yeah, even without a lot of knowledge in the field of encryption I'm pretty sure I still know more than him. The only way encryption would make the data useless would be if the FBI lacked the keys to decrypt it on the other side, and given it was their malware sending it somehow I'm not seeing that as a real possibility.

    Encryption means the data isn't likely to be intercepted by a third-party and read/changed, making the 'chain of custody' secure, while non-encryption lacks those protections, and the chain of custody is extremely suspect as a result.

    I can only guess that he's hoping that the judge is technically incompetent to such a degree that even if the defense gets someone to point out how utterly wrong his argument is here that he'll still accept the FBI's version over the defense's.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Jun 2016 @ 11:08pm

    If this is from the 2013 Freedom Hosting incident, then the malware that the FBI handed out is very much publicly known. Vlad Tsyrklevich (@vlad902) provided an annotated disassembly.

    reply to this | link to this | view in chronology ]

  • icon
    Coyne Tibbets (profile), 8 Jun 2016 @ 12:42am

    FBI replies

    FBI replies: "Hey! After all the encryption and system breaking; man in the middle attacks; and legal battles we had to go through to get that data: You have the nerve to expect us to take more effort to actually encrypt it?"

    reply to this | link to this | view in chronology ]

  • icon
    Celtictexan (profile), 6 Jan 2017 @ 7:07pm

    I dont care how they get these sickos off the street. If it were me they would all be tortured to death already.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Make this the First Word or Last Word. No thanks. (get credits or sign in to see balance)    
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Make this the First Word or Last Word. No thanks. (get credits or sign in to see balance)    
  • Remember name/email/url (set a cookie)

Follow Techdirt
Insider Shop - Show Your Support!

Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.