BestOfGeeks: The FBI Hacked Over 8000 Computers In 120 Countries Based on One Warrant  

The FBI Hacked Over 8000 Computers In 120 Countries Based on One Warrant

Noredine BAHRI
Noredine BAHRI
  • Technical Writer
  • Entrepreneur
  • Founder and CEO
  • Developer
  • Blogger and IT Analyst
2016-11-24 00:17:18

| Share
| Share
| Share
The FBI Hacked Over 8000 Computers In 120 Countries Based on One Warrant

In January, the FBI's “unprecedented” hacking operation, in which the agency, using a single warrant, deployed malware to over one thousand alleged visitors of a dark web child pornography site. Now, it has emerged that the campaign was actually an order of magnitude larger.

In all, the FBI obtained over 8,000 IP addresses, and hacked computers in 120 different countries, according to a transcript from a recent evidentiary hearing in a related case.

The figures illustrate the largest ever known law enforcement hacking campaign to date, and starkly demonstrate what the future of policing crime on the dark web may look like. This news comes as the US is preparing to usher in changes that would allow magistrate judges to authorize the mass hacking of computers, wherever in the world they may be located.

“We have never, in our nation's history as far as I can tell, seen a warrant so utterly sweeping,” federal public defender Colin Fieman said in a hearing at the end of October, according to the transcript. Fieman is representing several defendants in affected cases.

Those cases revolve around the FBI's investigation into dark web child pornography site Playpen. In February 2015, the FBI seized the site, but instead of shutting it down, the agency ran Playpen from a government server for 13 days. However, even though they had administrative control of the site, investigators were unable to see the real IP address of Playpen's visitors, because users typically connected to it through the Tor network.

In order to circumvent that anonymity, the FBI deployed what it calls a network investigative technique (NIT), or a piece of malware. That malware, which included a Tor Browser exploit, broke into the computer of anyone who visited certain child pornography threads on Playpen. It then sent the suspect's real IP address back to the FBI.

According to court filings, the FBI obtained over 1,000 IP addresses of alleged US-based users. Over the past year, bestofgeeks has also found that the FBI hacked computers in Australia, Austria, Chile, Colombia, Denmark, Greece, and likely the UK, Turkey, and Norway too.

But, those are only a tiny handful of countries in which the FBI was hacking computers. According to the newly published transcript, the FBI hacked computers in at least 120 countries.

“The fact that a single magistrate judge could authorize the FBI to hack 8000 people in 120 countries is truly terrifying,” Christopher Soghoian, principal technologist at the American Civil Liberties Union (ACLU) told bestofgeeks in a phone call. (Soghoian has testified for the defense in Playpen cases).

Bizarrely, the FBI also hacked what has been described as a “satellite provider,” according to the transcript.

“So now we are into outer space as well,” Fieman said in the hearing.

Image: United States District Court Western District of Washington at Tacoma

The Department of Justice has had an intense battle on its hands over the past few months, especially around the validity of the warrant used for this hacking operation. According to a filing from the Department of Justice, fourteen court decisions have found that the warrant was not properly issued pursuant to Rule 41 of the Federal Rules of Criminal Procedure, which governs how search warrants can be authorized.

The main issue has been that the judge who signed the warrant, Magistrate Judge Theresa C. Buchanan in the Eastern District of Virginia, did not have the authority to greenlight searches outside of her own district. In four cases, courts have then decided to throw out all evidence obtained by the malware because of the violation.

But, changes to Rule 41 will likely come into effect on December 1, meaning that magistrate judges will be allowed to authorize warrants just like the one used in the Playpen investigation.

The changes “give rank and file law enforcement officers way too much discretion to conduct hacking techniques within and outside the United States,” Ahmed Ghappour, visiting assistant professor at UC Hastings College of Law, and author of the paper “Searching Places Unknown: Law Enforcement Jurisdiction on the Dark Web,” told bestofgeeks in a phone call.

Soghoian added “With the changes to Rule 41, this is probably the new normal.”

“We should expect to see future operations of this scale conducted not just by the FBI, but by other federal, state and local law enforcement agencies, and we should expect to see foreign law enforcement agencies hacking individuals in the United States, too,” he added.

Indeed, in August bestofgeeks reported that Australian authorities had hacked criminal suspects in the United States. It is unclear whether a warrant was obtained.

The Department of Justice said it received bestofgeeks’s request for comment, but did not provide a direct response in time for publication. However, the DoJ published a blog post on Monday further justifying the Rule 41 changes.

“We believe technology should not create a lawless zone merely because a procedural rule has not kept up with the times,” Assistant Attorney General Leslie R. Caldwell of the Criminal Division wrote.

The FBI declined to comment.

As far as is publicly known, these mass hacking techniques have been limited to child pornography investigations. But with the changes to Rule 41, there is a chance US authorities will expand their use to other crimes too.

“That's the real question: are they going to use watering-hole attacks, are they going to use network investigative techniques to pursue, for example, visitors of the Silk Road, or visitors of a drug marketplace, or other types of illicit services?” Ghappour said.

Black Friday online sales to hit a record-breaking $3 billion, over $1 billion from mobile
Black Friday online sales to hit a record-breaking $3 billion, over $1 billion from mobile
Black Friday online sales to hit a record-breaking $3 billion, over $1 billion from mobile

7 communication tips for nonprofit technology professionals
7 communication tips for nonprofit technology professionals

You wear many hats when you work for a nonprofit. I’m sure this is not breaking news for you. As an IT professional, the one hat that I wear eve

7 communication tips for nonprofit technology professionals
Tesla’s solar roof to cost less than a regular roof – even before energy production, says Elon M

Elon Musk made quite the announcement today. During the special shareholders meeting to approve the merger with SolarCity, which they approved by 85%,

7 communication tips for nonprofit technology professionals
Last year the family was left heartbroken when their beloved dog Lola ran away from home.

The Labrador retriever left the Texas family stunned when she took off last summer and Jesyln Robles, a teenager, said of her dog, “I was r

7 communication tips for nonprofit technology professionals
Arabic Hackers Working For CIA Central Intelligence Agency (CIA)

Download This Document From @wikileaks Then Go To Page 8 : "And Yo

7 communication tips for nonprofit technology professionals
Stephen Hawking Has A Message For Donald Trump

  Stephen Hawking says Donald Trump could ‘push earth over the brink’ Stephen Hawking has said that Donald Trump’s decisi

7 communication tips for nonprofit technology professionals
SambaCry is back Hackers can Access to Thousands of Linux PCs Remotely

in these days hackers can be hacked from he's linux A 7-year-old critical remote code execution vulnerability has been discovered in Samba netw

© 2013-2017 best of geeks. All rights reserved.