An FBI Hacking Campaign Targeted Over a Thousand Computers

derekmead writes: In order to fight what it has called one of the largest child pornography sites on the dark web, the FBI hacked over a thousand computers, according to court documents reviewed by Motherboard and interviews with legal parties involved.

Just a month after launch, a bulletin board called Playpen had nearly 60,000 member accounts. By the following year, this number had ballooned to almost 215,000, with over 117,000 total posts, and an average of 11,000 unique visitors each week. Many of those posts, according to FBI testimony, contained some of the most extreme child abuse imagery one could imagine, and others included advice on how sexual abusers could avoid detection online.

But after Playpen was seized, it wasn't immediately closed down, unlike previous dark web sites that have been shuttered by law enforcement. Instead, the FBI ran Playpen from its own servers in Newington, Virginia, from February 20 to March 4, reads a complaint filed against a defendant in Utah. During this time, the FBI deployed what is known as a network investigative technique (NIT), the agency's term for a hacking tool.

Re:Not hacking

They used some form of malware/trojan to extract certain information. That's the greypoint from the FA:

“Basically, if you visited the homepage, and started to sign up for a membership, or started to log in, the warrant authorised deployment of the NIT,” Fieman said. From here, the NIT would send a target's IP address, a unique identifier generated by the NIT, the operating system running on the computer and its architecture, information about whether the NIT had already been deployed to the same computer, the computer's Host Name, operating system username, and the computer's MAC address."

They had a warrant...

[gQuigs]

The issue was did this one warrant let the government hack into everyone who tried to use Tor to connect this hidden site. Tor prevented the FBI from determining their IP address without further attacks on individual computers. The other issue is if the Judge knew they were authorizing this many computers to possibly be hacked.

I believe they waited until the user tried to login, create an account, or something like that, so just accidentally browsing to the site shouldn't have triggered the attack.

From the facts I have from this article, I think the FBI did the right thing.

Re:They had a warrant...

[Gr33nJ3ll0]

They took over a known child pornography site, and continued to operate it. They used an existing service (not set up a new one) and monitored existing users (nothing about enticing new ones). I don't see this as being hugely different from sitting outside an business known for selling drugs, and writing down the info of everybody who goes in, or tapping the lines, and recording phone numbers. Further they got a warrant to do exactly that.

Re:Not hacking

[RenderSeven]

They apparently had a warrant, so it probably doesnt matter if its hacking or not. However as to what they can collect without a warrant, IANAL but expectation of privacy would almost certainly be the litmus test or at least a factor. A conversation in public is fair game but a conversation in your home is privileged even though "flaws" in your home allow exploits like laser microphones to listen. Some of it comes down to deciding if consuming online media is "speech" and thus (arguably) protected (loss of anonymity can be considered "chilling effect"). Without SCOTUS guidelines it seems to depend on the judge, and what he had for breakfast.

Re:Not hacking

[gweihir]

Except when your software (TOR) does not give out your IP address willingly. Then some kind of hacking/cracking/compromise technique is used and that is highly problematic. In a sane legal system it would also compromise any and all evidence found on the target computers as it typically comes with the ability to change things on the target and do so without trace.

This cure here may well be much, much worse than the disease. If the targeted group were a different one, this might be called "state-sponsored terrorism." Anybody that believes these techniques are only used against child pornographers is kidding themselves. Just have a look at the history of the FBI.