FBI's Hacking Tool Found To Have Compromised Dozens Of Computers In Austria

from the because-someone-in-Virginia-inadvertently-said-it-could-do-this dept

The FBI is already having problems here at home with the hacking tool it deployed during its dark web child porn investigation. A few judges have ruled that the warrant used to deploy the Network Investigative Technique (NIT) was invalid because the FBI's "search" of computers around the United States violated Rule 41(b)'s jurisdictional limits.

Now, we'll get to see how this stacks up against international law. It's already common knowledge that the FBI obtained user information from computers around the world during its two weeks operating as the site administrator for the seized Playpen server. More information is now coming to light, thanks (inadvertently) to a foreign government's inquiries into domestic anti-child porn efforts. Joseph Cox of Motherboard has the details:

Earlier this year, Austrian MPs sent a letter to the country's parliament, asking for more information on child pornography and sex tourism cases. In response, politician Johanna Mikl-Leitner wrote that Austrian authorities cooperated in Operation Pacifier, showing for the first time that the FBI hacked computers in the country.

According to her letter, a list of 50 Austrian IP addresses were evaluated by a federal intelligence unit and used to pursue suspects of possession and distribution of child pornography. The IP addresses led investigators to “countless child pornography files,” according to a translation of the letter, which is dated March 2016. “Extensive investigations are still underway,” it continues.

Local law enforcement appears to be unconcerned that the FBI has exceeded its Rule 41(b) grasp. It took the tips delivered to it by the FBI's NIT and has carried out investigations of its own, collaborating with Europol. Apparently, the FBI's lack of explicit permission -- either from the local US magistrate judge or from foreign governments -- isn't considered problematic when used to scoop up offenders few are willing to defend. Europol and the FBI have refused to comment on how far the Playpen/NIT net was cast, but it apparently includes Greece, Chile, Denmark, and Colombia -- along with possible (but unconfirmed) Playpen users located in Turkey and the UK.

Obviously, the Virginia magistrate who signed the FBI's warrant application had no idea how far its NIT would reach. To be fair, the FBI likely had no idea either, as it was dealing exclusively with users whose originating locations had been obscured by the Tor browser. That being said, the FBI gave no indication in its affidavit that it would possibly be carrying out extraterritorial searches, traveling far beyond the magistrate's jurisdiction and into computers located in multiple foreign countries.

To "fix" this limitation, the FBI is firmly behind the current, mostly-downhill push to strip jurisdictional limits from Rule 41, leaving it free to perform this hacking without being second-guessed by federal judges during prosecutions. That other countries are more than happy to partake in the results of possibly illegal actions doesn't say much about their willingness to protect their own citizens from US law enforcement overreach. Or, at least, it shows there are certain suspects they're not interested in protecting -- even if it means creating a slippery slope they may regret later, when the FBI starts coming after alleged criminals not so universally reviled.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: austria, borders, fbi, hacking, malware, nit, rule 41


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 1 Aug 2016 @ 4:06am

    We are already well on the way down that slippery slope. While I agree these people deserve no sympathy at all, this sort of thing can used in far less egregious cases. The US is already doing this in cases that would best be described as secondary copyright infringement (jaywalking stuff, basically). Just look at Megupload and KAT and ask yourselves why the US should be given the time of day in cases like this. New Zealand and Poland have local laws that are well up to the task, and it seems likely no New Zealand or Polish laws were broken. That CP is used as the thin end of the wedge to erode national laws is every bit as repugnant as CP itself.

    link to this | view in chronology ]

    • identicon
      David, 1 Aug 2016 @ 6:26am

      This need not become a slippery slope

      We can just use parallel construction so that we don't need to invent justifications for progressively more invasive methods.

      And just like that, all the files are spiffy clean and there is no slippery slope at all.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 1 Aug 2016 @ 7:07am

        Re: This need not become a slippery slope

        You are right, no slope at all...

        Just the edge of the cliff... that first step is a helluva doozy!

        link to this | view in chronology ]

  • identicon
    Howard West, 1 Aug 2016 @ 4:32am

    Chile

    "Chile", not "Chili".

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 1 Aug 2016 @ 8:05am

      Re: Chile

      You're doing God's (as well as Tim's editor's) work. That typo is Yahoo! News level of cringe.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 1 Aug 2016 @ 4:53am

    Don't think they will regret it

    I agreed with everything you said except for:

    "even if it means creating a slippery slope they may regret later"

    I don't think they will regret it. Getting to the bottom of that slope only means more power and control by the government(s). How they get there is of no concern to them.

    link to this | view in chronology ]

  • identicon
    Avior, 1 Aug 2016 @ 4:54am

    "To be fair, the FBI likely had no idea either,"

    Yeah, it's not like the internet is international or anything like that.
    /s

    link to this | view in chronology ]

  • identicon
    Ukdah, 1 Aug 2016 @ 5:02am

    Not just the US, but Russia and China too?

    So, if Russia and China are caught red-handed hacking into US computers will they now be able to justify it by claiming that they were just investigating reports of possible child porn? I mean, if the FBI can do it, then why not the FSB?

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 1 Aug 2016 @ 6:23am

      Re: Not just the US, but Russia and China too?

      So, if Russia and China are caught red-handed hacking into US computers will they now be able to justify it by claiming that they were just investigating reports of possible child porn? I mean, if the FBI can do it, then why not the FSB?

      So that's what the hack of the DNC's email accounts was actually all about...

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 1 Aug 2016 @ 8:10am

        Re: Re: Not just the US, but Russia and China too?

        Hillary a CP distributor? Nawww....

        Wait, it was for Bill all along, those filthy bastards!!!

        link to this | view in chronology ]

  • identicon
    Anonymous Coward, 1 Aug 2016 @ 5:14am

    The problem with this is that at some point some pedophhile scum is going to get OFF because of it. Illegal searches is never the way

    Get Them yes. But do it rightly

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 1 Aug 2016 @ 8:18am

      Re:

      The concerned Citizens view this as a problem. Those handling the prosecutions do not. Putting away innocent people and letting the guilty escape are NOT the objectives here.

      They literally do not give a fuck about who gets what so long as they have their over/under statistics right where they need them for their next promotion or political gas bagging.

      link to this | view in chronology ]

  • identicon
    kallethen, 1 Aug 2016 @ 5:47am

    If at first you don't succeed...

    Change the rules and try again?

    link to this | view in chronology ]

  • icon
    Peter (profile), 1 Aug 2016 @ 5:59am

    What exactly does the hacking tool do?

    Does it snoop around on third party hard disks and send data to the FBI? Does it use third party computers to distribute illegal files? Are there mechanisms to ensure that the FBI can not place files that it subsequently 'finds'?

    link to this | view in chronology ]

  • identicon
    Quiet Lurcker, 1 Aug 2016 @ 6:10am

    What a great tool for parallel construction. Let someone else dig up the evidence and when your defendant challenges it, well, you couldn't turn over anything raw data even if you wanted. The tools, methods, and data are all in the control of a foreign government. And if the defendant makes application through the Hague Convention(tm) and sovereign immunity, well the case could drag out for years and you could bury the defendant with enough frivolous litigation that he'll cop guilty plea just to have done with it.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 1 Aug 2016 @ 6:44am

    I believe the answer is, "we do what we want, we don't care about violating international law"

    link to this | view in chronology ]

  • icon
    Padpaw (profile), 1 Aug 2016 @ 6:47am

    probably some nonsense about the US being the last bastion for freedom and democracy and all the rest being evil empires bent on world enslavement

    link to this | view in chronology ]

  • identicon
    Rich Kulawiec, 1 Aug 2016 @ 6:50am

    Evidence from hacked systems should be inadmissable

    Here's the reasoning:

    1. If the system has been hacked (let's say by custom malware) then there is proof on the table (a) that it's insecure and (b) that it's been successfully infiltrated by at least one entity.

    2. Since (a) is true, there is no way to know that any actions taken by that system or any data stored or transiting that system is the responsibility of its putative owner.

    3. Since (b) is true, there is no way to know that it hasn't been previously or subsequently infiltrated by someone else.

    Let me pause to note that anyone familiar with bots and botnets can point to a few hundred million examples of (2) and (3).

    4. Because (2) and (3) are true, there is no way to establish a definitive connection between any evidence gathered on the system and the owner of the system. This doesn't mean that the evidence isn't factual, e.g., "File F was found on this system" or "This system participated in a DDoS attack" and similar assertions may be true. But there is no way to leap from those to "The owner placed file F on this system" or "The owner participated in a DDoS attack". And that leap can't be made, because the act of hacking made it impossible: it's spoliation writ large.

    link to this | view in chronology ]

    • icon
      TheResidentSkeptic (profile), 1 Aug 2016 @ 7:35am

      Re: Evidence from hacked systems should be inadmissable

      But you have forgotten their new mantra:

      You are guilty because we said so. No defense allowed.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 1 Aug 2016 @ 8:16am

        Re: Re: Evidence from hacked systems should be inadmissable

        What is truly terrifying about this is that that is actually the case. It would be too easy to plant CP on a machine and then to just "let" FBI find it and they will do all the work of screwing your enemy for you.

        link to this | view in chronology ]

    • identicon
      Rekrul, 1 Aug 2016 @ 10:09pm

      Re: Evidence from hacked systems should be inadmissable

      Evidence from hacked systems should be inadmissable

      You overlook the fact that this case is about child pornography, which is treated much like witchcraft and heresy were during the dark ages. They consider it better to incriminate 100 innocent people than let even one guilty one go free.

      link to this | view in chronology ]

  • identicon
    I.T. Guy, 1 Aug 2016 @ 8:23am

    "extraterritorial searches" Read as:

    extraterrestrial searches. I thought... I hope the aliens don't use encryption.

    link to this | view in chronology ]

  • identicon
    Bill, 1 Aug 2016 @ 9:26am

    First they came for the Socialists, and I did not speak out—
    Because I was not a Socialist.

    Then they came for the Trade Unionists, and I did not speak out—
    Because I was not a Trade Unionist.

    Then they came for the Jews, and I did not speak out—
    Because I was not a Jew.

    Then they came for me—and there was no one left to speak for me.

    - Martin Niemöller

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 1 Aug 2016 @ 3:41pm

    It is good to know who the truly mentally ill in our society are, then we can keep an eye on the people they work for.

    link to this | view in chronology ]

  • identicon
    Rekrul, 1 Aug 2016 @ 10:16pm

    What would happen if someone hacked an electronic billboard in Times Square and played a child porn video? Would the FBI arrest every single person who stopped to look? I mean, they've gone after people who have had as few as two thumbnail images in their browser's cache, people who have porn with young-looking actresses and even people who have had cartoon porn. If the obsession over arresting people who have viewed child porn is so great, wouldn't they have to arrest everyone who doesn't immediately turn their back on such a display?

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.