DOJ Pushes to Expand Hacking Abilities Against Cyber-Criminals

← Back to Stories (view on slashdot.org)

DOJ Pushes to Expand Hacking Abilities Against Cyber-Criminals

Posted by samzenpus on Friday March 28, 2014 @12:04AM from the give-us-an-easy-button-please dept.

Advocatus Diaboli writes with news about the DOJ's push to make it easier to get warrants to hack suspected cyber-criminals. "The U.S. Department of Justice is pushing to make it easier for law enforcement to get warrants to hack into the computers of criminal suspects across the country. The move, which would alter federal court rules governing search warrants, comes amid increases in cases related to computer crimes. Investigators say they need more flexibility to get warrants to allow hacking in such cases, especially when multiple computers are involved or the government doesn't know where the suspect's computer is physically located."

49 comments

Min score:

Reason:

Sort:

Cyber? by Anonymous Coward · 2014-03-28 00:10 · Score: 1

Criminal says it all.
1. Re: Cyber? by Anonymous Coward · 2014-03-28 01:35 · Score: 1
  
  No.
  "DOJ Pushes to Expand Hacking Abilities" says it all.
2. Re: Cyber? by Anonymous Coward · 2014-03-28 02:19 · Score: 0
  
  Sure, asl? ;)
Well SURE! by rmdingler · 2014-03-28 00:12 · Score: 5, Insightful

There's no need to protect the freedoms of a future investigative target if it is even slightly inconvenient for law enforcement.
After all, they're out there serving and protecting, right?
If you have nothing to hide, you have nothing to fear arguments are becoming more painful than a toothache.

--
Happiness in intelligent people is the rarest thing I know.
Ernest Hemingway
1. Re:Well SURE! by ShanghaiBill · 2014-03-28 00:34 · Score: 4, Insightful
  
  These changes seem reasonable to me. They are getting a warrant with judicial oversight. That is the way the system is supposed to work. If they have probable cause, then there is no reason that I can see for the warrant to specifically tie the search to a geographical location, or to require separate warrants for each machine. Car analogy: Should a search warrant for a vehicle specify that it can only be searched at the suspect's home, but not at his place of work? Should separate warrants be required for the glove compartment and trunk?
2. Re:Well SURE! by drainbramage · 2014-03-28 00:38 · Score: 1, Funny
  
  In their defense, they already have 'evidence' from the IRS that those Tea Party groups are a bunch of anti-government terrorists representing a greater danger than any previously discovered. They are like a nuke in New Yark.
  
  --
  No brain, no pain.
3. Re:Well SURE! by K.+S.+Kyosuke · 2014-03-28 00:40 · Score: 1
  
  To be honest, compared to physical search warrants, this feels a bit toothless. If you're trying to hack the government and want to prevent the government from hacking you, just secure your systems. Unlike with physical obstacles, you *can* run secure systems if you really want to.
  
  --
  Ezekiel 23:20
4. Re:Well SURE! by Anonymous Coward · 2014-03-28 00:40 · Score: 0
  
  I can't wait to see how Senator Feinstein responds to this.
5. Re:Well SURE! by CanHasDIY · 2014-03-28 01:27 · Score: 4, Informative
  
  These changes seem reasonable to me. They are getting a warrant with judicial oversight. That is the way the system is supposed to work.
  No, this is how it's supposed to work:
  
  The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
  Mind you, per the Constitution nothing can supersede this rule, outside a legally ratified Constitutional Amendment.
  
  If they have probable cause, then there is no reason that I can see for the warrant to specifically tie the search to a geographical location, or to require separate warrants for each machine.
  Really? What part of "particularly describing the place to be searched, and the persons or things to be seized" is unclear?
  
  Car analogy: Should a search warrant for a vehicle specify that it can only be searched at the suspect's home, but not at his place of work? Should separate warrants be required for the glove compartment and trunk?
  Separate warrants are required for locked compartments.
  So yes to the second question.
  
  --
  An enigma, wrapped in a riddle, shrouded in bacon and cheese
6. Re:Well SURE! by N0Man74 · 2014-03-28 01:47 · Score: 1
  
  In addition to all of those fine points, many of us here are well aware of how loosely defined 'hacker' and 'cyber terrorist' is likely to be (and is already).
7. Re:Well SURE! by CanHasDIY · 2014-03-28 01:55 · Score: 2
  
  In addition to all of those fine points, many of us here are well aware of how loosely defined 'hacker' and 'cyber terrorist' is likely to be (and is already).
  Indeed; my first thought upon reading the summary was, "Oh, you mean 'cyber-terrorists' like Aaron Schwartz and Weev?"
  They have no intention of stopping real terrorism, because real terrorism is a weapon in their toolkit against the rights of the common man. Since incarceration is now a for-profit business, I have no compunction about pointing out the easing of warrant requirements is just another way for the corporate-owned prison system to maintain profitability.
  
  --
  An enigma, wrapped in a riddle, shrouded in bacon and cheese
8. Re:Well SURE! by Anonymous Coward · 2014-03-28 02:04 · Score: 0
  
  Reasonably stated. However,
  Given the RIAA and MPAA suspect everyone of copyright infringement, warrants could be issued for every person who owns a computer or smartphone.
  Nuff said.
9. Re:Well SURE! by silas_moeckel · 2014-03-28 02:24 · Score: 1
  
  If they do not know where it is how can they know they have jurisdiction?? How can the judge? There are reasons why some places elect judges so they can be held responsible. This is an end run around any local authority.
  For your analogy should the DOJ be allowed to search a car in Mexico? Nope they could ask Mexico to do it. Other countries have different standards.
  
  --
  No sir I dont like it.
10. Re:Well SURE! by ultranova · 2014-03-28 02:32 · Score: 1
  
  That is the way the system is supposed to work. If they have probable cause, then there is no reason that I can see for the warrant to specifically tie the search to a geographical location, or to require separate warrants for each machine.
  
  Really? You know no reason why a warrant meant to search Joe BadGuy's server, likely hosted in a datacenter somewhere, shouldn't be a blanket check to search through every machine in every datacenter in the US? Because that's what not being tied to a particular machine or location means, or at least it's close enough that the DOJ will use it to justify doing just that.
  
  Car analogy: Should a search warrant for a vehicle specify that it can only be searched at the suspect's home, but not at his place of work? Should separate warrants be required for the glove compartment and trunk?
  
  No, but it shouldn't be a blanket check to set up a checkpoint anywhere the police wants and search everyone who passes through.
  
  --
  Forget magic. Any technology distinguishable from divine power is insufficiently advanced.
11. Re:Well SURE! by KingMotley · 2014-03-28 03:01 · Score: 1
  
  Problem solved. All warrants now specify earth as the location.
12. Re:Well SURE! by Anonymous Coward · 2014-03-28 03:03 · Score: 0
  
  There are unintended consequences to this. Right now, the casual user doesn't care about much in security, so a seizure or hacking will be something that will result in a usable case by law enforcement.
  However, once people realize how easy they can be targets for being hacked and locked up in a for-profit prison, there will be a time when the average Joe will be worried and start taking precautions. It might be stuff as simple as grabbing a copy of TrueCrypt, turning FileVault on, or enabling BitLocker. It might be when leaving, a user suspends or turns off their PC. A modern laptop can go from a BIOS screen to a Windows login screen in seconds.
  Once even the casual user gets worried, then the bar for police to catch real criminals (the ones hunting out kids and the ones looking to cause death tolls at any event where people are gathered) will be raised substationally. At an extreme, it wouldn't take much for users to start going back to offline media for file exchanges. Criminals know that Al Qaeda's methods work and work well. It wouldn't take much for them to move to offline computers, USB flash drives, and couriers.
  The result will be a need of a lot more physical intrusion. The computers that once were accessible now require violent raids to get at, and even then, it is trivial to put in dead man switches (BestCrypt's FDE has a key combo which drops all in-RAM disk keys and hangs the machine.)
  So, this might make it easier to hack people's PCs for now... but what it really does is hike up the arms race. At the extreme, computers are cheap, and crooks can have one machine for online use, then one that never sees the Internet for their second set of books.
13. Re:Well SURE! by Anonymous Coward · 2014-03-28 03:32 · Score: 0
  
  These changes seem reasonable to me. They are getting a warrant with judicial oversight.
  Wrong sparky. 5 minutes later, law enforcement: "We need to be able to do this with delayed judicial oversight: its taking too much time to get permission." Judge later on: "Why not ask for blanket judicial oversight?" 5 minutes after that, law enforcement "We need to do this without any judicial oversight. 5 minutes later: "Judge: done, not need for oversight." So 15 minutes from "They are getting a warrant with judicial oversight" to "You don't need judicial oversight". Just like the NSA.
14. Re:Well SURE! by edibobb · 2014-03-28 03:40 · Score: 1
  
  Computers or smartphones are not required. Be careful if you whistle a tune in public.
15. Re:Well SURE! by blue9steel · 2014-03-28 03:49 · Score: 1
  
  I suppose the question is, does an IP address constitute "a place to be searched" or is that restricted to only geographical locations?
16. Re:Well SURE! by Anonymous Coward · 2014-03-28 03:52 · Score: 0
  
  I can't wait to see how Senator Feinstein responds to this.
  She'll be the first senator to sign the legislation into law. Obama is the terrorist. Why in Hell is he still walking around? Oh right! Just as the Osama bin Laden family was flying out of the US after all airspace had supposed been closed for everyone of the 99%. Mussolini, Hitler, and Stalin couldn't dream of such massive surveillance with such ease. Imagine the world we'd live in today had those bastards had the level of surveillance capability of the modern "free and democratic" nations of today?
17. Re:Well SURE! by davester666 · 2014-03-28 05:53 · Score: 1
  
  Not even an IP address. They are talking about sending malware via email, because they have no idea where on the planet the person might be.
  
  --
  Sleep your way to a whiter smile...date a dentist!
Of course we can trust them with this by Anonymous Coward · 2014-03-28 00:22 · Score: 0

Come on. You need to vote for more taxes to keep paying for these kind of things.
Plant the evidence... by cronostitan · 2014-03-28 00:28 · Score: 5, Insightful

This will make it very easy to implicate *anyone* in a cybercrime by just planting the evidence on their computer/device as you are hacking it anyway.
Totalitarians, here we come!

--
Spelling errors were made for your amusement only...
1. Re:Plant the evidence... by avandesande · 2014-03-28 01:41 · Score: 1
  
  Not to mention that if their machine is proven to be 'hackable', then maybe it already has been hacked.
  
  --
  love is just extroverted narcissism
2. Re:Plant the evidence... by david_thornley · 2014-03-28 09:02 · Score: 1
  
  It also makes it easy for a defense attorney to object to any evidence gathered from a computer. Provided the case goes to trial, of course.
  
  --
  "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
Honeypot their "attack" by stiggle · 2014-03-28 00:33 · Score: 3

So if you were targeted by the "law enforcement" and you Honeypoted their hacking attempt would they then come at you for interfering with their investigation?
1. Re:Honeypot their "attack" by Curunir_wolf · 2014-03-28 00:48 · Score: 2
  
  So if you were targeted by the "law enforcement" and you Honeypoted their hacking attempt would they then come at you for interfering with their investigation?
  Naturally. In fact, you don't even need to be a target. Maybe their target attempted to hack one of your computers, that puts you into the pool of computers being swept up in one of these broad warrants. So your honeypot now gets you an obstruction of justice charge, and you were never even suspected of a crime.
  
  --
  "Somebody has to do something. It's just incredibly pathetic it has to be us."
  --- Jerry Garcia
International warrants? by Anonymous Coward · 2014-03-28 00:35 · Score: 0

What happens when the suspects computer isn't actually in the USA and therefore the US DoJ has no jurisdiction for allowing or ordering a search warrant?
"Team America: World Police"
F**k yeah.
1. Re:International warrants? by Anonymous Coward · 2014-03-28 00:37 · Score: 0
  
  apologies, that should either be "suspect's" or "suspects'". Don't know that you can write that as "suspect('s|s')" and have it mean the same. Or is such a warrant always in the singular, in which case it is always "suspect's"?
2. Re:International warrants? by K.+S.+Kyosuke · 2014-03-28 00:42 · Score: 1
  
  Apparently, at least according to NSA, you don't *need* a search warrant for international computers.
  
  --
  Ezekiel 23:20
3. Re:International warrants? by Anonymous Coward · 2014-03-28 04:05 · Score: 0
  
  You're rather naive. US law enforcement claims jurisdiction over the entire planet. Sovereignty of other nations be is merely a "quaint notion" much like their attitude towards the "worthless piece of paper" that is the US Constitution which US law enforcement takes an oath to uphold.
Making it easier for DOJ to hack computers .. by Anonymous Coward · 2014-03-28 00:38 · Score: 0

Just make Windows obligatory on all " computers " .. case over ... job done ....
IANAL by Anonymous Coward · 2014-03-28 00:42 · Score: 0

Would this cause an act of war or at least be seen as an act of aggression against peacetime countries? It's one thing claiming that hackers already do this, but state-sponsored attacks could be seen differently.
1. Re:IANAL by Anonymous Coward · 2014-03-28 03:24 · Score: 0
  
  China does this all the time, and it seems to be tolerated.
2. Re:IANAL by Anonymous Coward · 2014-03-28 12:32 · Score: 0
  
  How many of these attacks are from the actual government though? And even if China does admit to it, no one cares much because its a communist country and some would say; to be expected.
Use Linux by Anonymous Coward · 2014-03-28 00:44 · Score: 0

If they're 'hacking into' computers, can't those computers just be hardened against such hacking? I mean, assuming this 'hacking' is remote, then surely it can be defeated. If it's physical access, then it can be mitigated to a degree, but can't really be defeated. It could be avoided of course, by making sure the authorities never get physical access to it.
402 pages? by Anonymous Coward · 2014-03-28 00:44 · Score: 1

Seriously, 402 pages?! It is no wonder the erosion of our constitution is happening. No one has time to read and research this type of thing with a full time job.
My question about this is who are the contrators and their employed lobbyists seeking these law changes? I am no expert but the federal money available for those soliciting and being awarded government contracts for providing services to prisions/jails etc (https://www.fbo.gov/index?s=opportunity&mode=list&tab=list&keywords=bop). I question any group that advances their career and financial situation from steping on others by either changing laws to benefit their activities (such as trying to take away the 4th amendment) as well as recieving financial gains with regards to pay raises, and or career advancement by trumping up charges on hard working people because they "have a hunch".
But then again maybe I am biased.
This will be used against everyone by stewsters · 2014-03-28 01:30 · Score: 4, Insightful

If you give an agency the ability to hack, they will want to hack all US citizens. See the NSA for a recent example.

Letting the FBI change things on computers of people it is investigating is a recipe for disaster. How long before they too get a general warrant that allows them to hack any computer in the world? Remember, these are just people suspected, not people found guilty. If you don't think they could get that warrant, then you have not been following the NSA revelations closely enough.

What can they not get from the average criminal by just confiscating his computer when they arrest him? With the ability to upload and download files to people's computers, they will be able to blackmail anyone they want. If they want to eliminate a senator who is trying to cut their funds, they just hack into his computer, make some racist/sexist comments on his twitter account, and he wont be re-elected. Or they could add evidence of other activities, that even if no one can prove, would still would destroy them politically.
1. Re:This will be used against everyone by Anonymous Coward · 2014-03-28 01:59 · Score: 0
  
  If you give an agency the ability to hack, they will want to hack all US citizens. See the NSA for a recent example.
  Letting the FBI change things on computers of people it is investigating is a recipe for disaster. How long before they too get a general warrant that allows them to hack any computer in the world? Remember, these are just people suspected, not people found guilty. If you don't think they could get that warrant, then you have not been following the NSA revelations closely enough.
  What can they not get from the average criminal by just confiscating his computer when they arrest him? With the ability to upload and download files to people's computers, they will be able to blackmail anyone they want. If they want to eliminate a senator who is trying to cut their funds, they just hack into his computer, make some racist/sexist comments on his twitter account, and he wont be re-elected. Or they could add evidence of other activities, that even if no one can prove, would still would destroy them politically.
  A cynic might even suspect that this particular expansion is a way to take the heat off the NSA by moving its domestic operations to a different agency.
2. Re:This will be used against everyone by kilfarsnar · 2014-03-28 02:31 · Score: 1
  
  A cynic might even suspect that this particular expansion is a way to take the heat off the NSA by moving its domestic operations to a different agency.
  That way they could shut down the NSA program to great fanfare and quieted fears. Brillinant, I love it!
  
  --
  "What the American public doesn't know is what makes them the American public." -Ray Zalinsky (Tommy Boy)
3. Re:This will be used against everyone by Anonymous Coward · 2014-03-28 05:55 · Score: 0
  
  There is also blowback. In computer forensics, one of the first things done is to image a hard disk with a hardware write blocker. If this isn't done (the drive is just plugged in and someone fires up dd), the case might be thrown out before the defense attorney can allege that the drive and its data was tainted.
  Now, hacking suffers the same issue. Was the data on the defendant's machine altered? This could cause cases to be thrown out of court.
  Hacking in this form will open all sorts of court cases. Are computers protected by the US's Fourth Amendment, or will they fall under the exemption given vehicles? Will this apply to physical hardware, allowing LEOs to demand it be surrendered on request? This is going to be a big can of worms. Of course, the words, parallel construction will be the biggest ally for LEOs, but there is the underlying thing... are computers protected from electronic searches without warrants as houses are from physical searches?
4. Re:This will be used against everyone by DanielOom · 2014-03-28 09:14 · Score: 1
  
  Now law enforcement will effectively be cybercriminals, so it should become easier for citizens to get warrants to break into police and government computers.
I'm sure the NSA will delete this soon...but... by Anonymous Coward · 2014-03-28 01:57 · Score: 0
Good luck by ArcadeMan · 2014-03-28 02:25 · Score: 4, Funny

My computer isn't even physically connected to the Internet. I use wi-fi!

--
Get free satoshi (Bitcoin) and Dogecoins
1. Re:Good luck by Anonymous Coward · 2014-03-28 06:55 · Score: 0
  
  Eureka. Now I understand what they mean by AIR GAP. Thanks.
Cyber-Criminal, Cyber-Hacker, Cyber-Terrorist... by Anonymous Coward · 2014-03-28 03:41 · Score: 0

In addition to all of those fine points, many of us here are well aware of how loosely defined 'hacker' and 'cyber terrorist' is likely to be (and is already).
Does this new legislation mean that I can retaliate against the "law enforcement sanctioned" hacking attack on my computer system(s)? The definition of cyber-terrorist is vague as it stands...quite deliberately vague I might add. Imagine smoking a cyber-hacking police officer with a few keystrokes as she types on a computer deep within the bowels of a law enforcement agency.
Related question (serious) by Ranbot · 2014-03-28 06:04 · Score: 1

What would happen if while law enforcement was hacking into a suspect's computer, or multiple suspected computers as proposed by the DOJ in the article, evidence of a different type of criminal activity was observed than originally suspected under the warrant? I can understand that with current technology law enforcement could justify broader warrants to hack into multiple computers potentially related to a suspect, but that would also exponentially increase the chances of finding other unrelated criminal activities on those computers. It sounds like this could easily be abused into essentially cyber-fishing for criminals. Does anyone know how law enforcement would have to deal with that situation? I'm not intimately familiar with cyber-law, but I would assume there's something in the law books already for hacking into a single computer that would be a precedent. Sarcastic, flame-bait responses are unnecessary...
Would this make regular security illegal? by knorthern+knight · 2014-03-28 12:08 · Score: 1

It's not just a matter of using Linux versus Windows. I get the occasional spam with poisoned executable attachments inside zipfiles. I view zipfile headers, and often see stuff like the following 2 examples...
PK^C^D^T^@^@^@^H^@^Y^?|DT^Z^F^[Â¾`^G^@^@\236^@^U^@^@^@OrderDetails.pdf.scr
PK^C^D^T^@^@^@^H^@^\WzD~\224Â®ÂM^\^@^@^@J^@^@;^@^@^@~apbnet00~50~44b76b05-3e01-414a-8469-04f234689df3~Email.exe
".scr" is executable in Windows http://filext.com/file-extensi... so I assume that's a trojan-planting attempt. One possible legal defense is that it's impossible to tell whether you're blocking a trojan sent by police or by foreign criminals.

--

I'm not repeating myself
I'm an X window user; I'm an ex-Windows user
1. Re:Would this make regular security illegal? by Anonymous Coward · 2014-03-28 14:34 · Score: 0
  
  One possible legal defense is that it's impossible to tell whether you're blocking a trojan sent by police or by foreign criminals.
  I believe that is a cast iron defense, actually. If the court rules otherwise, then those judges and prosecuting officers have wreckless abandon for security on computer networks in general and should be disbarred from the legal system entirely before they can do any further damage.