FBI Sends Computer Information Collected By Its Hacking Tools In Unencrypted Form Over The Open Internet
from the the-(fraying)-ends-justify-the-(sloppy)-means dept
The FBI doesn't want to talk about its secret malware, but with over 100 child porn prosecutions tied to it, it's had to discuss at least a few aspects of its Network Investigative Technique (NIT).
In yet another prosecution -- this one actually taking place in Virginia for a change -- the FBI is once again struggling to withhold details of its NIT from the defense. Suppression of the evidence likely isn't an option, as the warrant it obtained in Virginia was actually deployed in Virginia. I'm sure the FBI is as surprised as anybody by this fortuitous coincidence. But the defendant still wants access to more information, as he is looking to challenge the evidence the FBI collected with its Tor-defeating exploit.
The defendant, Edward Matish, has questions about the chain of custody. FBI Special agent Daniel Alfin, who has testified in other Playpen/NIT cases inadvertently admits there could be problems here, considering the FBI does nothing to protect the information it collects from suspect's computers from being intercepted or altered. (h/t Chris Soghoian)
I have read the Defendant's reply to the Government's Response to the Motion to Compel dated May 23,2016. In the motion, Matish asserts that there are chain of custody problems caused by the fact that the NIT transmitted data "unencrypted over the traditional internet". This assertion is further supported by the declaration of Matthew Miller who states "the IP address relayed to the FBI was unencrypted and subject to attack by hackers" Miller Dec.
So, the NIT the FBI says is so secret it won't discuss it even if facing contempt orders apparently sends back info over the open internet. Agent Alfin plows past this admission, calling the defense expert "wrong" while refusing to discuss the possibility that unencrypted transmissions could be altered.
He is wrong. In fact, the network data stream that has been made available for defense review would be of no evidentiary value had it been transmitted in an encrypted format. Because the data is not encrypted, Matish can analyze the data stream and confirm that the data collected by the government is within the scope of the search warrant that authorized the use of the NIT. Had the data been transmitted in an encrypted format the data stream would be of no evidentiary value as it could not be analyzed.
This is absurd. If Alfin is to be believed, any communications/data sent utilizing end-to-end encryption would be nothing but useless, scrambled gibberish to recipients. The FBI didn't encrypt these transmissions because it probably didn't seem worth the effort… at least not at the time. The FBI could have encrypted the transmissions and delivered the decrypted results to defendants for them to examine. I'm sure it wishes it had done this, now that it's being challenged in court.
This is one more example of the FBI's overconfidence getting in the way of its better judgment. These were supposed to be open-and-shut child porn prosecutions -- a repeat of its mostly under-the-radar use of the same tools and tactics in 2012. But they aren't. They're being challenged and the FBI is going from courtroom to courtroom, putting out fires. And all that scrambling is leading to half-assed explanations like this, which raises serious questions about the FBI's investigative "techniques."
Filed Under: daniel alfin, doj, edward matish, encryption, fbi, going dark, hacking, malware, nit, playpen
