Unsealed Warrant Shows FBI Malware Affected Innocent Tor Users While Agency Ran More Than 20 Child Porn Sites
from the supporting-justifications-cited:-1.-the-ends dept
Thanks to the ACLU's push to unseal documents related to the FBI's targeting of TorMail users and Freedom Hosting, the warrant affidavits supporting its NIT deployment have been released by the agency. Joseph Cox of Motherboard reports:
In 2013, the FBI received permission to hack over 300 specific users of dark web email service TorMail. But now, after the warrants and their applications have finally been unsealed, experts say the agency illegally went further, and hacked perfectly legitimate users of the privacy-focused service.
“That is, while the warrant authorized hacking with a scalpel, the FBI delivered their malware to TorMail users with a grenade,” Christopher Soghoian, principal technologist at the American Civil Liberties Union (ACLU), told Motherboard in an email.
The 99-page affidavit [PDF] is lightly-redacted but contains some completely uncensored and surprising admissions from the agency. Contrary to its post-release statements about the scope of the "narrowly-tailored" warrant not being exceeded, the actual contents show the deployment of the NIT to unmask Tor users is much more aligned with Soghoian's "grenade" description.
As Cox points out, the TorMail affidavit [PDF] says the NIT would only be delivered to logged-in, specifically-targeted TorMail users.
[T]he NIT… will be deployed on the TARGET ACCOUNTS while the TARGET ACCOUNTS operate in the District of Maryland, to investigate any user who logs into any of the TARGET ACCOUNTS by entering a username and password.
In reality, the deployment occurred the moment a user landed on any site utilizing Freedom Hosting -- not just the child porn sites the FBI had taken control of. And the number of sites the FBI was running during this investigation is staggering.
According to the new documents, the NIT was used against users of 23 separate websites.
If you thought the FBI's admin efforts for two separate child porn websites (in two investigations spaced a couple of years apart) were questionable, you have to wonder about the morality (or legality) of the US government becoming one of the world's largest distributor of child pornography. Researcher Sarah Jamie Lewis notes that, according to her numbers, the FBI could have been operating close to half (if not more) of the child porn websites in existence.
And, as for the claims the FBI didn't exceed the scope of the warrant: that's clearly not true. The warrant was issued in Maryland and was delivered to users all over the world. The supporting affidavit contains descriptions of one site apparently located in Hungary, but never makes any attempt to limit the FBI efforts to within US borders, much less Maryland.
The NIT violated Rule 41 limitations and then exceeded the FBI's own assertions about targeting specific users. It continues to deploy the same malware against Tor users with a similar lack of concern for jurisdictional restrictions or its implicit invitation for foreign law enforcement agencies to engage in the same tactics against US citizens.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: 4th amendment, child porn, doj, fbi, malware, nit, playpen, warrant
Reader Comments
Subscribe: RSS
View by: Time | Thread
Red line
But what is described here is unforgivable. Users of specific services or software cannot be justified targets merely for choosing those services or software. If this proves to be the new norm, laws are not sufficient to protect our rights anymore.
[ link to this | view in chronology ]
We are past the point of stopping this, we need to demand that things be stopped.
We need full reviews & disclosures.
We need people held accountable.
We need punishments.
We need to make sure we don't keep heading towards not looking any different than the dictatorships we call out around the globe.
We had a horrible problem, so we screwed innocent people and ran at least half of the places you can get the horrible things & spread more of it... by undermining the checks & balances of the law and many of our cases have fallen apart because what we did was so stupid the courts say WTF is wrong with you people!?
[ link to this | view in chronology ]
Re: and ? ? ?
bear in mind (paraphrasing) freddy douglass's quote: power never devolves voluntarily...
hmmm, ok, now what ? ? ?
voting for (t-rump/killary) will solve these problems ? ? ?
...or exacerbate ? ? ?
well, (meta-ironically) fortunately and unfortunately, at the same time, Empire is both reaching its peak and falling, at the same time...
hard rain coming...
based on a true story...
[ link to this | view in chronology ]
Re: Re: and ? ? ?
[ link to this | view in chronology ]
WHO?
[ link to this | view in chronology ]
I love that old saying. It just rolls off the tongue.
[ link to this | view in chronology ]
Re:
But then, anything not allowing unlimited personal nuclear weaponry seems to be government overreach...
[ link to this | view in chronology ]
If they had nothing to hide...
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Innocent TOR user? No such thing
Expect a correction from the FBI any time now: there is no such thing as an "innocent" TOR user. The FBI sees TOR users hiding things...and people with things to hide are terrorists.
[ link to this | view in chronology ]
Re: Innocent TOR user? No such thing
The FBI sees TOR users hiding things...and people with things to hide are terrorists.
Almost, they see non-government people hiding things as terrorists, the government of course is not only allowed to hide things it's their Right to do so, because of course they need to be able to keep secrets, despite insisting that the public can't.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Nope
Nope...still not surprised.
[ link to this | view in chronology ]
So...what else was on Freedom Hosting?
Just for giggles Mike Masnick, which sites would that be????
Thanks!
[ link to this | view in chronology ]
If you need child porn...
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Perhaps this should be addressed by properly asking the right question of the FBI, which is:
"In the past 20 years, how many child porn producers have been arrested?"
I suggest having a box of tissue nearby, because the answer is going to make you cry.
Funding the FBI is no different than other departments. If the FBI is "doing its job", then it means they get the lion's share of the money.
From the agency which wastes no time in setting up fake terrorists.
Stop and think about the ramifications regarding an agency sitting on the world's largest collection of child pornography and the surprisingly timed "arrests" of people, most of whom are consumers, not producers.
[ link to this | view in chronology ]
Re:
Producers have money; producers fight back.
Much easier to make showy convictions of "consumers." The public defender won't even make you prove it was child porn, and will most likely help arm-twist the "consumer" into a plea.
[ link to this | view in chronology ]
Expediency is not Justice
Unsealed Warrant Shows FBI Malware Affected Innocent Tor Users While Agency Ran More Than 20 Child Porn Sites
In US government lingo the Affected Innocent Tor Users were simply collateral damage and are completely expendable especially when viewed through FBI's prism of expedient motives.
[ link to this | view in chronology ]
Don't worry, Congress will soon make it retroactively legal.
[ link to this | view in chronology ]
Clinton started this:)
Nothing to see here.
[ link to this | view in chronology ]
It will happen again.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Child Porn: It's for te children, now fortified with FBI approval and dissemination
Wow- how do we stop these goodguys? A few wankers who may/could/might hurt a kid aren't enough for me to eradicate privacy of citizens, while granting a criminal gov't child porn distribution rights. And every time there is a pedo-sweep 80% are gov't or priests and rabbi's; teachers and cops.
Not to mention that more kids are killed every year by their mothers in America, than kids raped by strangers ( which is shockingly rare.)
[ link to this | view in chronology ]