Slashdot Mirror
Judge OKs FBI Hack Of Russian Computers
SilentChris writes: "A U.S. judge recently ruled that the FBI could obtain hackers' passwords and data, through the use of sniffer programs, despite the hackers being overseas. A couple of notes: the judge ruled the hackers should have had "no expectation of privacy" when they sat down to the (covert) FBI terminals, and the investigators needed a warrant to view the data -- but they didn't need one to copy it."
I've got a friend going to Queen's University. She went down to Washington D.C. last year for some sort of model-U.N. thing, and she decided that while she was there, she'd like to go do some reading at the Library of Congress.
Anyhow, to do that, she had to fill out some sort of application. Apparently, when she missed a couple of fields on the application, the person processing it did a quick search, and asked, "Were you born in Edmonton?"
My friend, understandably, was rather shocked, but said yes, she was.
The Americans already have a ton of data on Canadian citizens. I don't think my friend was really exceptional: eighteen at the time, a student, just out of high school. Despite being fairly average in most respects, they had all her basic information, and only who knows what else (maybe the fact that she's got some rather strong left-wing views? who knows).
I'm not a paranoid person. I don't have anything to hide, but at the same time, there's something a little worrisome about all this. Oh, and about your e-mail? Chances are that they've already archived it.
The judge did not rule that the FBI is not subject to Russian law, only that the evidence could not be excluded.
That is, in essence, exactly what he ruled. You can't enter evidence that was illegally obtained, therefore the judge considers this legal. Since they did violate a Russian law, they must not be subject.
they had no reasonable expectation to Fourth Amendment privacy.
Several people have brought that up... I don't see what that has to do with anything (other than that it was mentioned in the article.) So they have no expectation, fine. The FBI knows what their password is. That gives them no right to *use* it, though. You can bet that if I shoulder-surf someone's password when they are using my machine, and then use their password to get into their account, I'd be arrested. I'd be charged with illegal possesion of an access device (the password) and computer trespassing (no permission to be on that machine.)
The feds can hack the Russian computers because the Russian laws don't apply to them. They were after the Russian hackers because they had broken into US computers. Their laws don't apply to us, but ours apply to them.
I hope the FBI agents don't fall for the "lure them into Russia and arrest them" trick.
Very smart move. If possible, I would like to congratulate the judge for his wise decision in person.
You see, America's traditional values are being completely laughed at by the commies. In the past, there was fun, pro-market hacking. That happy situation changed when access to the U.S. Online Network was opened to development countries. Teenage commies and their relatives now have the opportunity to put in risk our way of life, the safety of our children, and everything else we fought for over hundreds of years, by displaying offensive and satanic material over the Internet. It is something that abhores me and my family.
These soviet hackers are a direct threat to the safety of your family. Don't let them takeover America. Support foreign prosecution of hackers.
--
I have no sig at all.
Seriously, people, grow up. Life is not a big huge conspiracy, what the FBI did was reasonable. They had good reason to suspect these guys, they then set them up and caught them.
Do you really think that they could do this any other way? Of course not, the evidence would most likely disappear before they could get their hands on it, just as the parent poster pointed out.
With that said, there is PLENTY of other things to complain about concerning the FBI. Personally, I would like to see the FBI, NSA, and CIA dissolved and create new organizations for the security of this nation, with input from the public and complete disclosure of how things will work. But please, complain about the things that are worth complaining about, in this case, the FBI was trying to do the right thing.
Sticking feathers up your butt does not make you a chicken - Tyler Durden
First, consider the sniffer. You go to another country, at an unknown company, where they say they want to watch how you crack systems, and you demonstrate how. I have to agree with the judge that you have no reasonable expectation of privacy.
Second, the abnormal sequence of penetrate, copy, then get warrant, then read is reasonable by analogy to other warrant exceptions. After arresting someone the police are permitted to seize or protect items that might reasonably be expected to be destroyed during the wait for a warrant. It is like seizing the automobile of a fleeing suspect. You can't get the warrant in advance because you do not know what car will be used. So you seize the car at the time of arrest, then get the warrant, then inspect the car. This abnormal sequence shows such care, and is reasonable considering that knowledge of the arrests might quickly trigger destruction of data. Penetrate and copy must be done fast. Then they can wait for the warrant before reading.
The option of warrant before arrest was not reasonable because prior to the arrest they lacked sufficient information to identify what they wanted to seize. It would have been an unacceptably generic and wide ranging warrant.
It's tough for Federal computers to be THAT covert; whichever computers they hacked into in the first place probably said this:
- -----
U.S. GOVERNMENT COMPUTER
If you are not authorized to access this
system, disconnect now.
YOU SHOULD HAVE NO EXPECTATION OF PRIVACY
By continuing, you consent to your
keystrokes and data content
being monitored.
Seems pretty straight forward to me.
--------------------------------------------
Let's see, the FBI is chartered for which type of surveillence..
a) domestic
b) international
for those of you who guessed 'b' go watch Sneakers again, the FBI is only chartered for DOMESTIC surveillance.. Granted this isn't a true CIA type of operation but then again maybe it is. We aren't in the Cold War with Russia anymore because it doesn't exist! I wouldn't be the least bit suprised if this was a russian mob outfit. I wouldn't be suprised if these guys were incredibly guilty, however; I don't thing our offices have any f'scking clue as to how to deal with this kind of crime.
Fact is if it's an international problem we had a whole team (CIA) to deal with it and they were well versed on how to deal with international law. If Russia were still unified and had a ton of nuke's still pointed at us with a grim determination to preserve it's stance we would be scared shiteless right now.
Might doesn't make right, we have no right treating them as we are. the lowest common denominator needs to apply. What? No search and seizure protection in your country?? well we have it so by default it should apply to you guys.
Just wait until this same scenario happens an it's China on the other side, then GW will be over there pretending not to apologize while politely apologizing as our stealth recon planes scan to make sure a hailstorm of ICBM's aren't suddenly heading our way.
ne0
all your servers are belong to us!
So by extension, is Carnivore allowed to copy and archive all of my email in case at some point in time the FBI gets a court order allowing them ro read it?
I mean, I'm canadian on @Home and my email passes through primarily american co-located servers, so I'm sure my privacy will be respected to the utmost by the american investigators, right?
"So on one hand, honey is an amazingly sophisticated and efficient food source. On the other hand it's bee backwash."
Taken from the ZD-Net article:
The judge noted that investigators then obtained a search warrant before viewing the vast store of data--nearly 250 gigabytes, according to court records. He rejected the argument that the warrant should have been obtained before the data was downloaded, noting that "the agents had good reason to fear that if they did not copy the data, (the) defendant's co-conspirators would destroy the evidence or make it unavailable."
This opens a particularly nasty can of worms. Let's say I have a computer, and for whatever reason a law enforcement agency is told that my computer may have something they want. They could storm into my home and take my personal posessions, and there is nothing I could do about it, since they have not viewed the data yet. I would have no right to ask what they needed the equipment for, or why, or when I would get the hardware back.
I understand the argument (but do not condone it) of "if we don't get it now, it may be gone", but if "good reason" takes precedence over written law, law becomes powerless.
"Jesus saves, but everyone else in a 10 foot radius takes full damage from the fireball."
These two were bright enough to hack into CD Universe and Western Union but they weren't bright enough to consider that their keystrokes might be recorded? And apparently they weren't bright enough to use different passwords for their different accounts (or did the FBI have them demonstrate their hacking skills by hacking into their own accounts?)
Onorio Catenacci
--
"And that's the world in a nutshell -- an appropriate receptacle."
--
"And that's the world in a nutshell -- an appropriate receptacle."
-- Stan Dunn
On the one hand: But then also: So then what? Perhaps Martian law applies? Certainly there is some set of laws that cover access to this property of a Russian national that existed on Russian soil... Well perhaps not... This is some scary stuff...Remind me never to get on the bad side of the FBI...
--CTH
--Got Lists? | Top 95 Star Wars Line
Anyone who's read Cryptonomicon will find this scenario familiar:
The FBI agent has the data copied to his hard drive. Now, he can't view it legally, but he still wants to know what it contains. What does "viewing" constitute?
The easiest approach might be grepping the data for interesting bits. But in this case he actually views parts of the data, so I guess that's out.
How about a more sophisticated program which analyzes the data and prints a summarized version of what the interesting bits contain? Given that the FBI agent probably has some idea what sort of data he's dealing with, such a program shouldn't be too hard to write.
Finally, straight from the book, the agent could write a script which greps and/or analyzes the data, converts the output to morse code, and beeps it out from the PC speaker. No viewing involved at all :)
-- If no truths are spoken then no lies can hide --
I can't say I feel sorry for these guys - they had it coming.
Besides, if you actually read the article you'll see that the FBI went to a lot of trouble to get those passwords - by setting up a fake business, luring them with job offers, flying them to America from Russian, and then sniffing their passwords while they demonstrated their cracking ability (presumably an illegal act in itself). Needless to say it's not something they would have the resources to do to just anyone.
cryptochrome
---If you can't trust a nerd, who can you trust?
Wouldn't it make us all better off if those guys had just sold programming services instead? They had plenty of expertise in several areas, but they decided to engage in crime. I have no sympathy.
--
Scientists restrict study to entire physical universe; creationist
Excellent! So it's okay to copy mp3's as long as we don't view them.
RC
RC
Whether Russia is considered a lawless place as compared to the US by US citizens or not is of very little concern for international law. If it's on their soil, it's their responsibility. If they don't live up to what you think their responsibility is, the only thing you're allowed to do is to complain. No nuking, no computer intrusions, no covert police actions.
The notion of whether somewhere is a lawless place is a highly subjective notion, don't you think? Compared to Somalia, Russia is a pretty lawful place. The sheer number of laws in effect in Russia is probably comparable to the US. What you describe as it being a lawless place is more precisely a certain chaos in how they are enacted and executed. However, the FBI will have to be asked for aid by the Russians prior to intruding in order for the whole thing to be compliant to international law.
Also, there is the issue of "intrusion". The fact that the FBI obtained the passwords in a fashion that was legal against US law dows not lessen the intrusion. If it was legal in Iran to torture people, could the Iranians torture some Americans, get their passwords to some American servers and happily go downloading away just because they don't have to hack into the machine, after all, because they've got the passwords? The danger of hypocrisy is rather evident.
There is absolutely no reason to panic.
Define "bend the law a little bit".
According to law, a law enforcement agency must operate within the law. Everything else is unlawful by definition. If we allow law enforcement agencies to behave unlawfully, then we can go back to torturing prisoners and concentration camps: in the substance, there's no difference. And the FBI is allowed by law to request tax files.
Admittedly, your point is better than your last one. But imagine borrowing a friend's car, then getting crashed into by a drunk truck driver. Should you not be guaranteed personal safety in spite of the car you're driving not being yours? Shouldn't I be guaranteed privacy when walking on a public road that isn't mine? Is the government allowed to confiscate my friend's laptop and see through his files when I walk into a public building that isn't mine? What would the FBI have done if the Russians had used their own computers? Shrugged and said "Well, we can't act here?"
This time, you are really dangerously mistaken. Even if I have nothing to hide, the law enforcement ageny might think I had something to hide and do all sorts of nasty things to me, for example. And just because someone acts in a fashion that you (or the law enforcement agency) consider strange doesn't mean they've got something to hide, and this completely subjective notion should definitely not suffice for them to start hacking into my computer, even if I haven't got a warezed version of Photoshop. What if they hack into it, find my legal copies of Jack B. Nymble and PGP and decide that I'm a potential criminal, hence I'm probably a criminal, hence I am a criminal, hence they can take action against me because they've bent the law a little bit?
In a free, civil society, every individual must be allowed to worry about privacy, about individual security and about law enforcement agencies. Just because I question the police's behaviour doesn't mean I'm a criminal.
There is absolutely no reason to panic.