FBI Deploying Large-Scale Hacking With Little To No Judicial Oversight

from the 'we-just-need-to-coughcompromiseabunchofcomputerscough.-please-sign-here. dept

Thu, Jan 7th 2016 11:42am — Tim Cushing

With an apparent minimum of judicial oversight, the FBI is engaging in large-scale hacking campaigns, Vice's Joseph Cox reports.

In order to fight what it has called one of the largest child pornography sites on the dark web, the FBI hacked over a thousand computers, according to court documents reviewed by Motherboard and interviews with legal parties involved.

“This kind of operation is simply unprecedented,” Christopher Soghoian, principal technologist at the American Civil Liberties Union (ACLU), told Motherboard in a phone interview.

The FBI appears to have exploited flaws in the Tor browser to use a seized server as a honeypot for its child pornography investigations. Rather than take a seized server offline, the FBI kept it running, using it to gather a wealth of information from anyone who attempted to create an account.

[T]he FBI ran Playpen from its own servers in Newington, Virginia, from February 20 to March 4, reads a complaint filed against a defendant in Utah. During this time, the FBI deployed what is known as a network investigative technique (NIT), the agency's term for a hacking tool.

The specifics of the hacking tool are unknown, but it intercepted a large amount of device-specific data, including the operating system used, Host Name, username, MAC address and whether or not a particular computer had previously been compromised by the FBI's hacking tool.

All told, the FBI gathered information on more than 1,300 Playpen users during this two-week span. The documents state the FBI now has over a thousand "true IP addresses" in its possession -- which isn't nearly the same thing as having positively ID'ed several hundred individuals. And, while it's difficult to complain about efforts made to take down child pornographers, it's highly likely the warrant was obtained from a judge who had no idea what she was authorizing.

Magistrate Judge Theresa C. Buchanan in the Eastern District of Virginia, who signed the warrant used for the NIT, did not respond to questions on whether she understood that the warrant would grant the power to hack anyone who signed up to Playpen, or whether she consulted technical experts before signing it, and her office said not to expect a reply.

The ACLU's Chris Soghoian says the DOJ seeks NIT authorization using "very vague" wording that obscures the methods deployed and the scope of surveillance effort. Federal public defender Colin Fieman, who is already handling several cases tied to the FBI's takeover of the Playpen server, says the warrant is a surveillance blank check.

Fieman said that the warrant “effectively authorizes an unlimited number of searches, against unidentified targets, anywhere in the world.”

This is the power the FBI desires. The DOJ is pushing for an update to existing statutes that would grant the FBI permission to do exactly this. It has already demonstrated its willingness to treat servers in foreign countries as unprotected territory where it can do as it wishes. With the warrant it obtained here, the FBI is treating domestic computers with the same lack of concern. Thanks to its obfuscatory warrant applications, it's being granted this power by judges who have no idea what they're dealing with or have been misled by the agency's creative phrasing.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: fbi, hacking, surveillance, tor

12 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Berenerd (profile), 7 Jan 2016 @ 12:24pm

One warrant to rule them all.....
[ link to this | view in chronology ]
Mason Wheeler (profile), 7 Jan 2016 @ 1:43pm

The specifics of the hacking tool are unknown, but it intercepted a large amount of device-specific data, including the operating system used, Host Name, username, MAC address and whether or not a particular computer had previously been compromised by the FBI's hacking tool.

...all of which, except for the last item of course, are things any server receives as a matter of course while transacting ordinary business. Why do you present this scary-sounding list that's actually not scary at all to people who understand the technical terms involved, when you regularly criticize politicians for saying exactly equivalent things when attacking tech companies they don't like?
[ link to this | view in chronology ]
- Chris Rhodes (profile), 8 Jan 2016 @ 5:25am
  
  Re:
  all of which, except for the last item of course, are things any server receives as a matter of course while transacting ordinary business.
  Not over Tor, however, which suggests an exploit in the browser to tell it to send data outside of Tor. Probably a JavaScript hack, since there's already precedent for using malicious scripts to de-mask Tor users, IIRC.
  [ link to this | view in chronology ]
Anonymous Coward, 7 Jan 2016 @ 1:52pm

So my question is, for those who were not involved in any manner, How did the FBI go about removing said hack and malware? Or did they just write it off as no consequence?
[ link to this | view in chronology ]
- Rekrul, 7 Jan 2016 @ 2:09pm
  
  Re:
  Most likely, the presence of the FBI's malware on a particular user's system will be used as evidence that they have the right person and that it wasn't a case of a neighbor using their WiFi.
  [ link to this | view in chronology ]
  - Median Wilfred, 7 Jan 2016 @ 3:38pm
    
    Re: Re:
    So, removing FBI malware would constitute interfering with a Federal Investigation? And maybe cost a convict more years in the slammer?
    
    How can we distinguish "FBI NIT" from J. Random Malware?
    [ link to this | view in chronology ]
Rekrul, 7 Jan 2016 @ 2:13pm

I'm still not clear on how operating a honeypot site isn't entrapment.
[ link to this | view in chronology ]
- Anonymous Coward, 7 Jan 2016 @ 3:11pm
  
  Re:
  It's not entrapment because nobody's stopped them. If nobody stops 'em, it's obviously legal.
  
  I'm starting to think that that's how laws work now.
  [ link to this | view in chronology ]
- Chris Rhodes (profile), 8 Jan 2016 @ 5:30am
  
  Re:
  To be entrapment, they would have to persuade or convince you to do something you otherwise wouldn't have done without their interference. If an FBI agent had called you up out the blue, told you about the site, and then asked you to sign up, that would be entrapment.
  
  This isn't even close to entrapment, however, since they didn't invite anyone to sign up. It's even less entrapment than it would be if the site were on the clearnet, since dark net sites have to be searched out specifically.
  [ link to this | view in chronology ]
- Anonymous Coward, 8 Jan 2016 @ 9:49am
  
  Re:
  > I'm still not clear on how operating a honeypot site isn't entrapment.
  
  Entrapment involves convincing someone to do something illegal. So if the FBI was spamming out links to the darkweb site and then arresting anyone who went there, that would be entrapment.
  
  Placing malware on an illegal site instead of taking the site down isn't entrapment, but either the FBI is engaged in two illegal activities (distributing malware and hosting a CP site) or those two activities aren't in themselves* illegal. Either option is rather troubling.
  
  *The illegality would be to do with either the motives of such activities or the results of such activities. In the first case, anyone in a position of authority can do whatever they want, and in the second, we're entered "preCrime" territory.
  [ link to this | view in chronology ]
- tqk (profile), 8 Jan 2016 @ 11:56am
  
  Re:
  I'm still not clear on how operating a honeypot site isn't entrapment.
  
  I'd like to know how they're going to prove they've preserved evidence of a crime, as opposed to planting/manufacturing evidence. Once you've got root/admin, all bets are off. I wonder if judges and lawyers understand this. Perhaps they've determined via parallel construction that someone's a perpetrator. Hand that person's details off to this bunch and they can plant unassailable damning evidence (as long as no one looks at it too closely).
  
  All those cop shows I watched went into excruciating detail over chain of evidence stuff and any flaws risk the case falling apart. So, how do they prove they're not just witch hunting or nailing some random victim to inflate their stats?
  
  I hope they've got more than "created account on malicious server" to back them up, especially when the FBI is doing far worse things than that here.
  [ link to this | view in chronology ]
Anonymous Coward, 7 Jan 2016 @ 11:11pm

The FBI are terrorists
[ link to this | view in chronology ]