Federal Bureau of Investigation (FBI) is known for going all out for capturing cyber-criminals and terrorists but this time, the agency has set a new precedent in hacking operations. According to court documents the agency used a single warrant and compromised more than 8,000 computers in 120 different countries.
Some information related to this secret hacking operation was disclosed by Motherboard in January this year in which it was reported that the FBI deployed a malware to over one thousand visitors who allegedly frequented a child pornography website on the darkweb. The case garnered immense publicity back then as the child pornography Playpen website case.
However, a latest report compiled after reviewing court documents suggests that the magnitude of this hacking operation was larger than what was being speculated. What happened was that the FBI collected more than 8,000 IP addresses to hack computers that were located in 120 different countries. The startling fact is that the computers were all attacked using a single warrant.
It is apparent that this is by far the largest known hacking campaign by a law enforcement agency and it also demonstrates how the policing crime may affect dark web in the future. The revelations have come at a time when the United States is gearing for changing the current laws regarding mass hacking and the government is expecting magistrate judges to allow mass hacking of computers in any country.
According to Colin Fieman, a federal public defender,
“We have never, in our nation’s history as far as I can tell, seen a warrant so utterly sweeping.”
Basically, the case was about the investigations conducted by the FBI in relation to dark web’s child pornography website Playpen. The agency seized this particular site in February 2015 but did not shut it down. Instead, the agency started running this website from a government server for around 13 days. Though the agency had administrative control of Playpen but even then the investigators couldn’t see the original IP addresses of visitors of Playpen. That’s because users connected to this site through Tor network.
To break this shield of anonymity, the agency deployed NIT (network investigative technique). The technique involves using malware to hack computers. This particular malware included an exploit for Tor browser and with its help the agency was able to hack into the computers of all the visitors of Playpen’s child pornography threads. The malware sent the real IP addresses of the suspects to FBI.
Court files revealed that more than 1,000 IP addresses of users in the US were obtained by the FBI. The motherboard has noted that during the past year the FBI hacked computers in diverse locations including Turkey, Australia, Chile, UK, Greece, Colombia, Denmark, Austria and Norway. But according to latest transcripts, the number of countries explored by the agency during its hacking operation was much higher, as computers in at least 120 countries were hacked.
Chief technologist at American Civil Liberties Union (ACLU), Christopher Soghoian told MotherBoard that:
“The fact that a single magistrate judge could authorize the FBI to hack 8000 people in 120 countries is truly terrifying.”
It has also been revealed that the FBI hacked a Satellite Provider as well.
Soghoian also added, “we should expect to see future operations of this scale conducted not just by the FBI, but by other federal, state and local law enforcement agencies, and we should expect to see foreign law enforcement agencies hacking individuals in the United States, too.”
Until now, such mass hackings by the FBI are only limited to child pornography investigations but if changes to the Rule 41 are made then law enforcement authorities in the US will get the authority to expand their hacking operations to other forms of crimes as well.
Security experts and privacy activists have always raised concerns about the outcomes of the changes in Rule 41 but the US Department of Justice has explained the necessary nature of changes to Rule 41 in a recently published blog post. The post was written by Criminal Division’s Assistant Attorney General Leslie R-Caldwell. The post read:
“We believe technology should not create a lawless zone merely because a procedural rule has not kept up with the times.”
Sohogian stated that:
“With the changes to Rule 41, this is probably the new normal. We should expect to see future operations of this scale conducted not just by the FBI, but by other federal, state and local law enforcement agencies, and we should expect to see foreign law enforcement agencies hacking individuals in the United States, too.”