Warrant For FBI's Hacking Technique Makes No Mention Of Hacking Or Malware

from the just-a-big-ol'-auto-scoop,-but-delivered-secretly dept

Motherboard has obtained a copy of the warrant used by the FBI to deploy its NIT (Network Investigative Tool) to obtain information about visitors to child porn site "Playpen." This site was seized by the FBI and left running for two weeks while it gathered information.



The prosecutions tied to this investigation have been interesting, to say the least. The FBI's short run as child porn site hosts received a judicial shrug -- something courts have done in the past when confronted with disturbing government behavior in service of combating crime. These have also led to the government arguing -- and the court echoing -- that Tor users have no expectation of privacy, as sooner or later, everything comes down to an IP address.



The warrant itself is slightly redacted, but that's hardly a surprise. More surprising is the fact that it has been released at all, as the FBI usually argues for the sealing of documents related to its investigations, especially in cases where law enforcement tech and methods are discussed.



As far as the details contained within, most of what's known about the FBI's NIT has already been discussed. As Motherboard's Joseph Cox points out, there are a few interesting aspects to the warrant request. For one, it makes it clear the FBI will be running a child porn site for the duration of the "search."

“While the TARGET WEBSITE operates at a government facility, such request data associated with a user's actions on the TARGET WEBSITE will be collected,” the affidavit, signed by Douglas Macfarlane, an FBI special agent, reads.

In the normal course of operation, websites send content to visitors. A user's computer downloads that content and uses it to display web pages on the user's computer. Under the NIT authorized by this warrant, the TARGET WEBSITE, which will be located in Newington, Virginia, in the Eastern District of Virginia, would augment that content with additional computer instructions. When a user's computer successfully downloads those instructions from the TARGET WEB SITE..., the instructions, which comprise the NIT, are designed to cause the user's "activating" computer to transmit certain information to a computer controlled by or known to the government. That information is described with particularity on the warrant (in Attachment B of this affidavit), and the warrant authorizes obtaining no other information. The NIT will not deny the user of the "activating" computer access to any data or functionality of the user's computer.

Critics are worried that the language of NIT applications is too vague for judges to grasp what exactly it is they are authorizing; the words "malware" or "hacking" are never used, for example. (Magistrate Judge Theresa C. Buchanan, who signed off on the NIT, has repeatedly declined to answer questions from Motherboard.) The NIT was used to access computers in the US, Greece, Chile, and likely elsewhere.

In December of 2014, a foreign law enforcement agency advised the FBI that it suspected IP address 192.198.81.106 , which is a US-based IP address, to be associated with the TARGET WEBSITE. A publicly available website provided information that the IP Address 192.198.81.106 was owned by [REDACTED] a server hosting company headquartered at [REDACTED] Through further investigation, FBI verified that the TARGET WEBSITE was hosted from the previously referenced IP address. [...] Further investigation has identified a resident of Naples, FL, as the suspected administrator of the TARGET WEBSITE, who has administrative control over the computer server in Lenoir, NC, that hosts the TARGET WEBSITE.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

While the document claims the FBI has no other way to ascertain the IP addresses and locations of users connecting to the website, it also goes light on the details of what it plans to do. The NIT is discussed in terms of what it'sof gathering, but goes very, very light on technical details. Nowhere in the document does the FBI refer to its NIT in terms more applicable to its function, like "malware," "spyware" or "hacking." The FBI describes its NIT this way:This lack of details could be problematic.Speaking of foreign nations, the FBI apparently had some outside assistance in this case.The fact that documents from sealed cases related to the FBI's Playpen investigation are being released publicly shows that even opposed forces can sometimes arrive at the same plan of actions, even if their motivations are completely different.In Washington, the lawyer for a defendant captured with the assistance of the FBI's NIT is hoping to put the FBI's apparent overreach on display by requesting the unsealing of documents. The FBI, on the other hand, isn't putting up much of a fight to keep these sealed. The affidavit in this related case contains graphic descriptions of child porn images found on the site. People who generally don't believe the ends justifies the means often make exceptions for more heinous criminal activity like this. The public outing of sealed docs could persuade fence-sitters to come down on the side of the FBI, even if the agency's use of NITs is hardly limited to cases involving crime the public overwhelmingly finds completely repugnant.

Filed Under: darknet, doj, fbi, hacking, malware, network investigative tool, nit, playpen, tor, transparency, warrants