FBI Randomly Used Malware on TORMail Users While Busting Pedophiles

Report Hints on Possible Invading of TORMail users Privacy for Capturing Global Child Porn Gang by the FBI

In 2013, the Federal Bureau of Investigation seized one of the most popular dark web email platform called TorMail and soon after the department began to rifle through the contents of the server.

Back then, the researchers suspected that the FBI deployed an NIT (network investigative technique) as well to infect the users of the site. The NIT is a term used to refer to a hacking tool used by the FBI.

However, the campaign wasn’t confirmed at the time but now the Washington Post’s report proves that the FBI do relies upon NIT usage. Yet there are now more questions than ever particularly it is unclear if the hacking was conducted on such a large scale as being speculated or not.

Most importantly, what did the FBI do with the data received from the privacy-oriented email service?

tor-network

The last two paragraphs of the Washington Post report talk about the TorMail issue, which informed that the email service of Tor was allegedly used by fraudsters, child pornographers, drug vendors and Silk Road employees.

Washington Post’s report states: “This week, people familiar with the investigation confirmed the FBI had used an NIT on TorMail.”

The article further informed readers that the agency obtained a warrant for hacking certain email accounts, owned by people suspected to be involved in child pornography activities.

“Using a privacy-preserving communication service is not an invitation, or a justification, for the government to hack your computer.”

This implies that the FBI was busy in targeting specific users instead of invading the privacy of innocent users. However, considering the previous reports on the way the FBI deployed the NIT previously, it seems quite unlikely that the hacking was targeted, states the Washington Post report.

The question that arises in a common person’s mind is that how could the FBI target specific email accounts owned by perpetrators of child pornography.

According to American Civil Liberties Union’s principal technologist Christopher Sohogian, “there were certainly large numbers of TorMail users who were not engaging in any criminal activity.”

“If the government, in fact, delivered an NIT to every single person who logged into TorMail, then the government went too far; using a privacy-preserving communication service is not an invitation, or a justification, for the government to hack your computer,” he added.

Sohogian opines that this case was from 2013: we still don’t have the NIT order, or the NIT application,” which means that it is yet unclear if the judge who approved NIT really understood what was being authorized.

An FBI’s spokesperson Christopher Allen when asked to give his opinion on the recent report from the Washington Post, said that: “I would not be able to comment one way or the other on your specific question.”

Much later in 2015, the FBI conducted a yet unprecedented hacking spree in which the agency deployed malware infections on at least 1000 computers, which were being used for visiting a particular child pornography website. This particular move was part of an extensive operation called Operation Pacifier.

Operation Pacifier was a huge, multi-agency investigation into the growing issue of child pornography on the dark web, reports MotherBoard.

The international footprints of this operation are being disclosed now as the media reports are making the rounds from as far as Greece and Chile. Reports are coming out informing about arrests of dozens of people.

In August 2015, a 21-year-old man was arrested by Greece’s Cyber Crime Unit on the charges of possession and distribution of child porn. The unnamed man was captured at a hotel in Ilia, Peloponnese. This particular arrest was also part of an investigation, termed as “international authorities code-named Pacifier,” by the Greek news outlet Ekathimerini.com.

This website, which was used for child pornography, was a Tor hidden service and its server was seized by the US authorities. This site was named by Chile news service as Playpen, and in Chile, a man was arrested on similar charges as the one in Greece as part of the Operation Pacifier.

The Director of Europol Rob Wainwright described this operation as “successful infiltration and technical investigation” in a presentation. Wainwright explained that 3,229 cases have been generated so far by the Europol and 34 cases were registered in Denmark only.

These cases came to light when the FBI seized Playpen in February 2015. This incident was described in the US court documents as “the largest remaining known child pornography hidden service in the world.”

After seizing the website, the NIT technique was used by the agency to identify users of the site. The tool helped in obtaining the IP and MAC addresses of the target as well as other important technical data.

According to a report, the FBI obtained around 1,300 accurate IP addresses in 13 days, during which the agency kept the website operational and received criticism for encouraging child pornography itself by running this site.

Last year, FBI hacked Tor browser and caught thousands of pedophiles indicating that no one is safe on the Internet even using a VPN or Tor service itself.

Ryan De Souza

Ryan is a London-based member of the HackRead’s Editorial team. A graduate of Maths and physics with a passion for geopolitics and human rights. Ryan places integrity at the pinnacle of successful journalism and believes this is somewhat lacking in traditional media. Ryan is an educator who balances his time between family, social activism and humanitarian causes and his vice is Football and cars.