Documents Show FBI Deployed Software Exploits To Break Encryption Back In 2003

from the and-privacy-and-security-for-none... dept

Documents FOIA'ed by Ryan Shapiro and shared with the New York Times shed some new light on previous FBI efforts to break encryption. Back in 2003, the FBI was investigating an animal rights group for possibly sabotaging companies that used animals for testing. The FBI's Department of Cutesy Investigation Names dubbed this "Operation Trail Mix," which I'm sure endeared it to the agents on the case. At the center of the investigation were emails the FBI couldn't read. But it found a way.

They persuaded a judge to let them remotely, and secretly, install software on the group’s computers to help get around the encryption.



That effort, revealed in newly declassified and released records, shows in new detail how F.B.I. hackers worked to defeat encryption more than a decade before the agency’s recent fight with Apple over access to a locked iPhone.

“This was the first time that the Department of Justice had ever approved such an intercept of this type,” an F.B.I. agent wrote in a 2005 document summing up the case.

An appeals court upheld the convictions in 2009, and said that the use of encryption, among other things, was “circumstantial evidence of their agreement to participate in illegal activity.”

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

The documents don't detail what the exploit was, but it targeted PGP -- the encryption method used to keep the group's communications private. The FBI was able to obtain a "full access" warrant to grab every communication, but that did nothing to decode the scrambled emails. The documents don't specify what the FBI used, but language suggests it either copied the decryption keys or deployed a keylogger to snag passwords.Either way, it apparently was the first time the FBI had deployed its own malware.The secrecy surrounding the FBI's tactics was nearly absolute. The wiretap order was disclosed to the defense but not the use of an exploit/keylogger. On top of that, the DOJ never mentioned the FBI's efforts in its 2002 and 2003 annual reports, despite being required to report any instance where it runs across encryption during a wiretap investigation.Not that the DOJ and FBI's lack of transparency harmed their case. It resulted in six convictions, and a higher court basically said the use of encryption was suspicious in and of itself.What the documents do show is that the FBI has been in the fight against encryption for a long time and in the business of deploying malware and exploits without judicial oversight for about as long. What has changed is that it's now openly fighting encryption by trying to force compliance throught the use of All Writs Acts . It's also deploying a variety of exploits that can -- with a single warrant -- access info aboutcomputer/device visiting a website.It may be more open about its intents and tool usage now, but that's not because it's gained new respect for things like due process and accurate warrant applications. It's doing this now because itan upper-level court ruling in its favor to basically excuse the things it's been doing in secret for years, as well as give it the permission it needs to continue to undermine encryption in the future.

Filed Under: animal rights, cracking, encryption, fbi, hacking