FBI's Hacking Tool Found To Have Compromised Dozens Of Computers In Austria
from the because-someone-in-Virginia-inadvertently-said-it-could-do-this dept
The FBI is already having problems here at home with the hacking tool it deployed during its dark web child porn investigation. A few judges have ruled that the warrant used to deploy the Network Investigative Technique (NIT) was invalid because the FBI's "search" of computers around the United States violated Rule 41(b)'s jurisdictional limits.
Now, we'll get to see how this stacks up against international law. It's already common knowledge that the FBI obtained user information from computers around the world during its two weeks operating as the site administrator for the seized Playpen server. More information is now coming to light, thanks (inadvertently) to a foreign government's inquiries into domestic anti-child porn efforts. Joseph Cox of Motherboard has the details:
Earlier this year, Austrian MPs sent a letter to the country's parliament, asking for more information on child pornography and sex tourism cases. In response, politician Johanna Mikl-Leitner wrote that Austrian authorities cooperated in Operation Pacifier, showing for the first time that the FBI hacked computers in the country.
According to her letter, a list of 50 Austrian IP addresses were evaluated by a federal intelligence unit and used to pursue suspects of possession and distribution of child pornography. The IP addresses led investigators to “countless child pornography files,” according to a translation of the letter, which is dated March 2016. “Extensive investigations are still underway,” it continues.
Local law enforcement appears to be unconcerned that the FBI has exceeded its Rule 41(b) grasp. It took the tips delivered to it by the FBI's NIT and has carried out investigations of its own, collaborating with Europol. Apparently, the FBI's lack of explicit permission -- either from the local US magistrate judge or from foreign governments -- isn't considered problematic when used to scoop up offenders few are willing to defend. Europol and the FBI have refused to comment on how far the Playpen/NIT net was cast, but it apparently includes Greece, Chile, Denmark, and Colombia -- along with possible (but unconfirmed) Playpen users located in Turkey and the UK.
Obviously, the Virginia magistrate who signed the FBI's warrant application had no idea how far its NIT would reach. To be fair, the FBI likely had no idea either, as it was dealing exclusively with users whose originating locations had been obscured by the Tor browser. That being said, the FBI gave no indication in its affidavit that it would possibly be carrying out extraterritorial searches, traveling far beyond the magistrate's jurisdiction and into computers located in multiple foreign countries.
To "fix" this limitation, the FBI is firmly behind the current, mostly-downhill push to strip jurisdictional limits from Rule 41, leaving it free to perform this hacking without being second-guessed by federal judges during prosecutions. That other countries are more than happy to partake in the results of possibly illegal actions doesn't say much about their willingness to protect their own citizens from US law enforcement overreach. Or, at least, it shows there are certain suspects they're not interested in protecting -- even if it means creating a slippery slope they may regret later, when the FBI starts coming after alleged criminals not so universally reviled.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: austria, borders, fbi, hacking, malware, nit, rule 41
Reader Comments
The First Word
“Get Them yes. But do it rightly
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
This need not become a slippery slope
And just like that, all the files are spiffy clean and there is no slippery slope at all.
[ link to this | view in chronology ]
Re: This need not become a slippery slope
Just the edge of the cliff... that first step is a helluva doozy!
[ link to this | view in chronology ]
Chile
[ link to this | view in chronology ]
Re: Chile
[ link to this | view in chronology ]
Don't think they will regret it
"even if it means creating a slippery slope they may regret later"
I don't think they will regret it. Getting to the bottom of that slope only means more power and control by the government(s). How they get there is of no concern to them.
[ link to this | view in chronology ]
"To be fair, the FBI likely had no idea either,"
/s
[ link to this | view in chronology ]
Not just the US, but Russia and China too?
[ link to this | view in chronology ]
Re: Not just the US, but Russia and China too?
So that's what the hack of the DNC's email accounts was actually all about...
[ link to this | view in chronology ]
Re: Re: Not just the US, but Russia and China too?
Wait, it was for Bill all along, those filthy bastards!!!
[ link to this | view in chronology ]
Get Them yes. But do it rightly
[ link to this | view in chronology ]
Re:
They literally do not give a fuck about who gets what so long as they have their over/under statistics right where they need them for their next promotion or political gas bagging.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Change the rules and try again?
[ link to this | view in chronology ]
What exactly does the hacking tool do?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Evidence from hacked systems should be inadmissable
1. If the system has been hacked (let's say by custom malware) then there is proof on the table (a) that it's insecure and (b) that it's been successfully infiltrated by at least one entity.
2. Since (a) is true, there is no way to know that any actions taken by that system or any data stored or transiting that system is the responsibility of its putative owner.
3. Since (b) is true, there is no way to know that it hasn't been previously or subsequently infiltrated by someone else.
Let me pause to note that anyone familiar with bots and botnets can point to a few hundred million examples of (2) and (3).
4. Because (2) and (3) are true, there is no way to establish a definitive connection between any evidence gathered on the system and the owner of the system. This doesn't mean that the evidence isn't factual, e.g., "File F was found on this system" or "This system participated in a DDoS attack" and similar assertions may be true. But there is no way to leap from those to "The owner placed file F on this system" or "The owner participated in a DDoS attack". And that leap can't be made, because the act of hacking made it impossible: it's spoliation writ large.
[ link to this | view in chronology ]
Re: Evidence from hacked systems should be inadmissable
You are guilty because we said so. No defense allowed.
[ link to this | view in chronology ]
Re: Re: Evidence from hacked systems should be inadmissable
[ link to this | view in chronology ]
Re: Evidence from hacked systems should be inadmissable
You overlook the fact that this case is about child pornography, which is treated much like witchcraft and heresy were during the dark ages. They consider it better to incriminate 100 innocent people than let even one guilty one go free.
[ link to this | view in chronology ]
extraterrestrial searches. I thought... I hope the aliens don't use encryption.
[ link to this | view in chronology ]
Because I was not a Socialist.
Then they came for the Trade Unionists, and I did not speak out—
Because I was not a Trade Unionist.
Then they came for the Jews, and I did not speak out—
Because I was not a Jew.
Then they came for me—and there was no one left to speak for me.
- Martin Niemöller
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]