In August, we wrote about the FBI’s hacking tool that hacked computers in Austria. Throughout 2016, judges made decisions on the validity of the data obtained via the hack. A judge, without jurisdiction, allowed the FBI to hack 1000 computers. Now, court documents from a recent trial revealed that 8,000 computers got hacked.
According to the recent transcript, the FBI hacked at least 8,000 computers. They hacked computers in 120 different countries too. We knew the FBI hacked far beyond the scope outlined in the warrant. But illegal hacking of this scale was hardly considered a possibility.
Federal public defender Colin Fieman said, following the October hearing: “We have never, in our nation’s history as far as I can tell, seen a warrant so utterly sweeping.”
The warrant and following hack was part of the FBI’s PlayPen take-down. FBI agents took control of the child pornography website in late 2015. Despite having control of the site, the FBI was still unable to identify users. They deployed a network investigative technique (NIT) to expose users.
Legal issues spouted from the way the FBI handled the case. The judge who signed the NIT warrant had jurisdiction Eastern District of Virginia. She was not allowed to permit hacking beyond her district. Yet, the FBI hacked PlayPen members across the US.
Federal judges ruled against the FBI several times, acknowledging the abuse of power.
Motherboard found, earlier this year, nine countries the FBI hacked—Australia, Austria, Chile, Colombia, Denmark, Greece, UK, Turkey, and Norway.
Now, though, that list has become pale when compared to the countries in the new transcript.
“The fact that a single magistrate judge could authorize the FBI to hack 8000 people in 120 countries is truly terrifying,” Christopher Soghoian, principal technologist at the American Civil Liberties Union (ACLU) told Motherboard in a phone call.
This type of hacking has become somewhat of a commonplace in the modern world. Australia’s Taskforce Argos hacked US computers during their investigation into The Love Zone. And after December 1, 2017, the changes to Rule 41 could make this far worse.
On November 21, The DoJ published a blog post referencing said Rule 41 changes. The assistant attorney general titled the post “Ensuring Tech-Savvy Criminals Do Not Have Immunity From Investigation.” And it explained the motivation behind the changes planned. We pointed out that the FBI’s mass-hacking would be completely legal post-change.
As far as is publicly known, these mass hacking techniques have been limited to child pornography investigations. But with the changes to Rule 41, there is a chance US authorities will expand their use to other crimes too.
The full transcript is on DocumentCloud, thanks to Joseph Cox. Link.