FBI Agent Testifies That The Agency's Tor-Exploiting Malware Isn't Actually Malware
from the just-a-tool-that-does-things-to-people's-computer-w/o-their-knowledge-or-per dept
It wasn't supposed to go this way. The same tactics that are causing the FBI problems now -- running a child porn website, using local warrants to deploy its spyware to thousands of computers around the US (and the world!) -- slipped by almost unnoticed in 2012. In a post-Snowden 2016, the FBI can hardly catch a break.
Just recently, a judge presiding over one of its child porn cases agreed the FBI should not be forced to hand over details on its Network Investigative Technique to the defendant. Simultaneously, the judge noted the defendant had several good reasons to have access to this information. While this conundrum spares the FBI the indignity of the indefinite confinement it's perfectly willing to see applied to others, it doesn't exactly salvage this case, which could be on the verge of dismissal.
In related cases, judges have declared the warrant used to deploy the NIT is invalid, thanks to Rule 41's jurisdictional limits. If a warrant is issued in Virginia (as this one was), the search is supposed to be performed in Virginia, not in Kansas or Oklahoma or Massachusetts.
While the larger issue of whether the evidence can be used against Jay Michaud continues to be discussed, the FBI is spending its time officially expressing its displeasure with its NIT being referred to disparagingly as "malware."
In a testimony earlier this week in the case of US vs. Jay Michaud, FBI special agent Daniel Alfin argued that the hacking tool used to identify Michaud and thousands of other Playpen users—which the FBI euphemistically calls a “Network Investigative Technique” or “NIT”—isn't malware because it was authorized by a court and didn't damage the security of Michaud's computer.
According to the FBI agent, this software isn't malware because it doesn't do any permanent damage.
I have personally executed the NIT on a computer under my control and observed that it did not make any changes to the security settings on my computer or otherwise render it more vulnerable to intrusion than it already was. Additionally, it did not “infect” my computer or leave any residual malware on my computer.
In a very limited sense, Agent Alfin is correct. The tool left no residual damage, nor did it alter settings on the end users' computers. However, it did do something most computer users would consider malicious: it stripped them of their anonymity. The people visiting this site used Tor to obscure their identifying info. They did this on purpose, most likely because they were seeking illegal content. But the fact that the tool removes protections users consciously deployed makes it malicious.
Child porn enthusiasts and other criminals aren't the only people who take active steps to obscure their connection points. Journalists do it. Activists do it. Citizens of oppressive government do it. The FBI doesn't restrict itself to only deploying its surveillance tools against the worst of the worst. It has a long, troubling history of deploying its surveillance tools against people engaged in activities protected by the First Amendment. Anything that undoes something the recipient has proactively done is by definition unwanted, if not simply malicious.
As regular Techdirt commenter That Anonymous Coward pointed out on Twitter, the FBI sure as hell would find this tool "malicious" if it were directed at its computers and devices by someone outside of the agency. This would definitely fit under the CFAA's broad definition of "unauthorized access." Deploying this NIT via a compromised FBI server would make it a lot easier to locate agents working in the field. I don't think the FBI would be OK with this despite there being no "residual malware" left behind after field devices had been identified and located.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
New hacking safe harbor: no permanent damage
[ link to this | view in thread ]
[ link to this | view in thread ]
Sorry, Agent Alfin, but that's not what malware means. Malware is software that takes control of a computer away from the owner/user and causes the computer to act against their interests.
[ link to this | view in thread ]
Just ask Eric holder
[ link to this | view in thread ]
Nice way to divert from the fact that there was harm, rather than on how long the harm lasts. While the harm may or may not be permanent, which can be debated, the fact is that harm WAS DONE. The computer has malware, a rootkit, of some sort installed on it.
Does the FBI do anything to remove this malware?
What makes the FBI so sure that without any updates, their brand of malware will not actually make the computer more vulnerable to other hacking efforts? They seem awfully confident of this.
[ link to this | view in thread ]
Re:
http://www.washingtontimes.com/news/2016/may/19/judge-orders-doj-lawyers-remedial-ethics-clas ses/?page=all
http://www.zerohedge.com/news/2016-05-20/texas-judge-orders-intentionally-deceptive-doj -lawyers-take-remedial-ethics-classes
http://dailycaller.com/2016/05/19/judge-in-obamas-amnesty-case- orders-every-lawyer-involved-to-take-ethics-class/
Judge Hanen’s order reads, in part:
In a footnote, Judge Hanen noted this was not the first time the DoJ has faced such an issue:
Just recently, the Sixth Circuit expressed a similar conclusion. It wrote:
Concluding the order, Judge Hanen wrote, “This Court would be remiss if it left such unseemly and unprofessional conduct unaddressed.”
[ link to this | view in thread ]
Catching pedophiles might be a worthy cause, but you should be honest about the means you use to catch them or else due process goes out the window and the innocent accused will get railroaded in order to get a conviction to boost a career.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
Agreed. Taking various first aid classes does not make one a brain surgeon. Nor does taking "various FBI training classes" make one a forensic computer scientist.
[ link to this | view in thread ]
than it already was
four key words.
six key words: it's ok if we do it.
[ link to this | view in thread ]
[ link to this | view in thread ]
Given the government is well known to redefine the meanings of words, with the intent to deceive, I have problems with this response.
The agent says he observed no changes on his computer. He does not state that for other computers that may have received that NIT. As such it is a very limited snapshot that could easily be another intent to deceive.
[ link to this | view in thread ]
True Litmus Test
The problem with Federal Laws and related Enforcement, seems to now consistently be associated with the fact that they think they get to play by rules and laws as they deem fit, not as is actually written FOR ALL. Isn't it about time that the courts stopped, thought about this for a second, and used actual fairness and common sense to shut this circus down for good?
[ link to this | view in thread ]
right?
[ link to this | view in thread ]
Color me surprised
Not at all.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
FBI logic
[ link to this | view in thread ]
Re: Color me surprised
I'd say it's more likely that they know full well what counts as malware and are just lying about it in an attempt to bolster their case. As Skeeter pointed out above, if someone had done the same thing they did but to them you can be sure that they'd be screaming about malware loud enough to be heard for miles.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re: Color me surprised
[ link to this | view in thread ]
Re:
What constitutes a 'University Degree in Information Technology'?
It isn't CS, it's not Information Science, don't think it could be EE, really doubt it's Mathematics. Is this perhaps like the 'DB Administration' stuff offered by various Schools of Business?
Maybe I've been out of school too long, but something sounds odd about his, uh, [Somekindofa] degree in IT.
Anyone else think it sounds odd?
[ link to this | view in thread ]
Y'all know the drill...
It was OFF!
[ link to this | view in thread ]
Re: Re: Re: Color me surprised
[ link to this | view in thread ]
Re: Re:
"Technology" programs are for training technologists and as such are not usually as long or rigorous as related professional programs. For example, Medical Technologists do not receive the same education as Medical Doctors. The professional programs related to Information Technology have traditionally been Electrical Engineering and Computer Science.
[ link to this | view in thread ]
Re: New hacking safe harbor: no permanent damage
[ link to this | view in thread ]
Re: Re: @Wendy Cockcroft
Yeah, bad guy to the prison. But who know that you are ok? If FBI wan't now to remove somebody, then this software will do it for them. Even people don't realize that "pedophile" is new weapon to remove some good people. In this 135 there will be 20 journalist that are good for people - not for government. Do you ok with that? Are you serious?
[ link to this | view in thread ]