Unsealed Court Docs Show FBI Used Malware Like 'A Grenade' (vice.com)

← Back to Stories (view on slashdot.org)

Unsealed Court Docs Show FBI Used Malware Like 'A Grenade' (vice.com)

Posted by BeauHD on Monday November 7, 2016 @01:25PM from the frag-out dept.

An anonymous reader quotes a report from Motherboard: In 2013, the FBI received permission to hack over 300 specific users of dark web email service TorMail. But now, after the warrants and their applications have finally been unsealed, experts say the agency illegally went further, and hacked perfectly legitimate users of the privacy-focused service. "That is, while the warrant authorized hacking with a scalpel, the FBI delivered their malware to TorMail users with a grenade," Christopher Soghoian, principal technologist at the American Civil Liberties Union (ACLU), told Motherboard in an email. The move comes after the ACLU pushed to unseal the case dockets in September. The Department of Justice recently decided to publish redacted versions of related documents. In 2013, the FBI seized Freedom Hosting, a service that hosted dark web sites, including a large number of child pornography sites and the privacy-focused email service TorMail. The agency then went on to deploy a network investigative technique (NIT) -- a piece of malware -- designed to obtain the real IP address of those visiting Freedom Hosting sites. According to the new documents, the NIT was used against users of 23 separate websites. As for TorMail, officials have maintained that the government obtained a warrant to deploy the NIT against specific users of the service. Now, we do know that to be true: recently unsealed affidavits include a total of over 300 redacted TorMail accounts that the FBI wanted to target. All of these accounts were allegedly linked to child pornography-related crimes, according to court documents. Importantly, the affidavits say that the NIT would only be used to "investigate any user who logs into any of the TARGET ACCOUNTS by entering a username and password." But, according to sources who used TorMail and previous reporting, the NIT was deployed before the TorMail login page was even displayed, raising the question of how the FBI could have possibly targeted specific accounts.

37 of 59 comments (clear)

Min score:

Reason:

Sort:

And these are the people picking... by Anonymous Coward · 2016-11-07 13:36 · Score: 2, Funny

the next President of the United States?
It's time to clean house by Anonymous Coward · 2016-11-07 13:43 · Score: 4, Insightful

From the director to the janitors, the FBI needs to be cleaned up. It's gotten to a point where J. Edgar is looking like a boy scout.
1. Re:It's time to clean house by bmo · 2016-11-07 14:36 · Score: 5, Funny
  
  I'm pretty sure he preferred to look like a girl scout.
  --
  BMO
2. Re:It's time to clean house by fustakrakich · 2016-11-07 14:43 · Score: 2
  
  We can't clean house without cleaning the House. Tomorrow is our big chance to squander the opportunity. Since we can expect to see at least 95% of the same old faces, don't hold out any hope for any changes in the FBI, or any other part of the government. The election is the nation's reflection. Not exactly pretty, is it?
  
  --
  “He’s not deformed, he’s just drunk!”
3. Re:It's time to clean house by drinkypoo · 2016-11-07 16:02 · Score: 3, Insightful
  
  We can't clean house without cleaning the House. Tomorrow is our big chance to squander the opportunity. Since we can expect to see at least 95% of the same old faces, don't hold out any hope for any changes in the FBI, or any other part of the government. The election is the nation's reflection. Not exactly pretty, is it?
  I was hardly offered anything other than Rs and Ds in general, so substantive change is miles away in any case from my perspective.
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
4. Re:It's time to clean house by fustakrakich · 2016-11-07 17:35 · Score: 1
  
  All ballots are determined by the voters. There is no one else to blame. The process is clearly spelled out.
  
  --
  “He’s not deformed, he’s just drunk!”
5. Re:It's time to clean house by drinkypoo · 2016-11-07 23:27 · Score: 1
  
  All ballots are determined by the voters. There is no one else to blame. The process is clearly spelled out.
  Yes, but not by me. There's a small matter of hundreds of millions of other people. So yes, there is someone else to blame, and it's not me.
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
6. Re:It's time to clean house by fustakrakich · 2016-11-08 02:09 · Score: 1
  
  Just as long as you're not one of those blaming the 'money'. And chances are there are alternatives to vote for. If you're playing the 'lesser evil' game, then yes, you too, are to blame. 'Lesser evil' is what created the situation we are in. Even abstention becomes a better option in such a case.
  
  --
  “He’s not deformed, he’s just drunk!”
7. Re:It's time to clean house by drinkypoo · 2016-11-08 03:41 · Score: 1
  
  Just as long as you're not one of those blaming the 'money'. And chances are there are alternatives to vote for.
  I vote for third parties and independents every time I get a chance, unless they are stark raving loony.
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
G-men, T-men, revenuers, too. by turkeydance · 2016-11-07 13:44 · Score: 1

it's an old song and an old story. upset the apple cart for the one that's rotten.
Real IP address? by TechyImmigrant · 2016-11-07 14:07 · Score: 1

My PC's real IP address is 192.168.0.101.
Presumably the malware was sending ip packets home, via a path other than tor, so the feds could see the IP address of the local NAT router.
This is a gaping privacy hole in the interwebz that could be fixed several ways in the local stack. E.G. by sandboxing a VM in which the browser sits and preventing its traffic going by a path other than tor. You'd need to prevent sandbox escape malware too, which is not so easy given the way that big software is built.

--
I should use this sig to advertise my book ISBN-13 : 978-1501515132.
1. Re:Real IP address? by fustakrakich · 2016-11-07 14:47 · Score: 1
  
  Not all software is 'big' software
  
  --
  “He’s not deformed, he’s just drunk!”
2. Re:Real IP address? by drinkypoo · 2016-11-07 15:40 · Score: 1
  
  There's nothing preventing you running an egress firewall. We used to have software firewalls for Windows that provided egress control, but then we got one from Microsoft that only pretends to — and gives you a false sense of security by sometimes asking for permission before an application is allowed to talk on the interwebs.
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
3. Re:Real IP address? by dbIII · 2016-11-07 16:03 · Score: 2
  
  There's nothing preventing you running an egress firewall
  Correct, all those years stuffing about with ipchains and iptables were wasted since the cheapest and nastiest *DSL: router lets you have almost as much control just ticking a few boxes on a web form. Going from zero knowledge to a decent firewall takes minutes now.
  Don't trust the world with your PC or vice versa, stop it where the line comes in.
4. Re: Real IP address? by Anonymous Coward · 2016-11-07 20:07 · Score: 1
  
  Your router is compromised, from the factory, by design.
5. Re:Real IP address? by AHuxley · 2016-11-07 22:38 · Score: 1
  
  Most people would whitelist the site they wanted. A fake ad running would be enough to get a ip. Then its back down the network with malware.
  
  --
  Domestic spying is now "Benign Information Gathering"
6. Re:Real IP address? by wbr1 · 2016-11-07 22:42 · Score: 1
  
  Its called Whonix. Look it up.
  
  --
  Silence is a state of mime.
Why is the government using malware at all? by Anonymous Coward · 2016-11-07 14:09 · Score: 1

You'd think the government would team with vendors to patch every exploit so our computers are more secure and less likely to be hacked by bad guys. It is perfectly logical that the sheriffs across the USA do not have a master key to everyone's backdoor. If that key got out, the crooks could enter everyones house too. Why is it so hard to see backdoors for computers is just as bad and the same thing? With the government wanting to exploit computers, the bad guys can exploit them too.
1. Re:Why is the government using malware at all? by BlueStrat · 2016-11-07 14:17 · Score: 2
  
  You'd think the government would team with vendors to patch every exploit so our computers are more secure and less likely to be hacked by bad guys. It is perfectly logical that the sheriffs across the USA do not have a master key to everyone's backdoor. If that key got out, the crooks could enter everyones house too. Why is it so hard to see backdoors for computers is just as bad and the same thing? With the government wanting to exploit computers, the bad guys can exploit them too.
  The various LEAs would love a master house key as you suggest. First things first, however, The other thing you're missing is that all too often these days the "bad guys" *are* the government, so of course they'd love easy access, to your computer/phone and/or to your house. They simply realize that they need to have the former before they can achieve the latter.
  Strat
  
  --
  Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
2. Re:Why is the government using malware at all? by ATMAvatar · 2016-11-07 14:21 · Score: 2
  
  It is perfectly logical that the sheriffs across the USA do not have a master key to everyone's backdoor. If that key got out, the crooks could enter everyones house too. Why is it so hard to see backdoors for computers is just as bad and the same thing?
  Remember we live in an era where TSA certified luggage does have master keys, and as one would expect, they were eventually leaked.
  
  --
  "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety."
3. Re:Why is the government using malware at all? by dbIII · 2016-11-07 16:08 · Score: 1, Flamebait
  
  Do you have to pile anarchist shit on everything?
  Yes your enemy built your roads, supplies clean water and ... hang on, maybe they are not really your enemy but a bunch you can change by getting off your lazy arse and voting as is your duty as a citizen?
  Guns won't free you. A lot of people working together was what freed you.
  Don't be a lazy whiny prick - vote.
4. Re:Why is the government using malware at all? by Anonymous Coward · 2016-11-07 17:28 · Score: 1
  
  lol the same government that starts wars, bullies and spies on our allies, confiscates people's lands in the name of eminent domain, violates the Fourth Amendment on a daily basis.
  lol voting in a flawed system where you have two sides of the same coin as a choice.
5. Re:Why is the government using malware at all? by BlueStrat · 2016-11-07 20:12 · Score: 2, Insightful
  
  Do you have to pile anarchist shit on everything?
  Wanting a government that obeys it's constitution and it's laws is "anarchist shit"? Just...wow. Extreme, much?
  
  Yes your enemy built your roads, supplies clean water and...
  Wrong. Government builds nothing, buys nothing, sells nothing, and owns nothing. The people do, have, and own all that. Those things you mention were all done by the people despite government greed, incompetence, corruption, cronyism, and general ham-handedness, not because of it. Government makes laws, collects taxes, and directs large armed men to imprison, kill, and/or destroy enemies of the nation and lawbreakers. That is all.
  
  Guns won't free you.
  Guns have freed every people who have thrown off a government since guns became widespread. Of course, guns alone won't overthrow a government but they are essential when it does become necessary. They also act as a deterrent to overreaching authority attempting to go too far. As the warning WW2 Japan's Emperor received from his generals regarding a possibly invasion of the US and being met with 'a rifle behind every window...and blade of grass' demonstrates, they are also a deterrent to foreign aggression and thus prevent war and promote peace.
  If you want to ban guns change the Constitution, there's a procedure in it to do that. By using the sort of tactics that have been employed to 'end-run' around 2nd Amendment protections, you legitimize the very same tactics being used against other Amendments, some of which you may actually care about.
  Strat
  
  --
  Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
6. Re:Why is the government using malware at all? by AHuxley · 2016-11-07 22:35 · Score: 1
  
  Its hard work getting and ip and MAC back from at lot of different computer networks. The court documents, papers work to get logs.
  Malware reports it back for you from the users computer often getting around browsers with ip altering networks.
  Its also court friendly as telling lawyers their client clicked something and they got discovered is a lot more easy that a sealed court to protect methods.
  
  --
  Domestic spying is now "Benign Information Gathering"
7. Re:Why is the government using malware at all? by dbIII · 2016-11-07 23:46 · Score: 1
  
  Guns don't free people. A shitload of people working together either with guns or not frees people.
  One anarchist with a gun is just a red stain on the ground waiting to happen.
8. Re:Why is the government using malware at all? by dbIII · 2016-11-08 00:10 · Score: 2
  
  Of course you fixated on the least important bit instead of the most important bit that was mentioned TWICE.
  You do have a say in your own destiny without being a sad red stain on the ground next to a gun you never had a chance to fire - VOTE.
9. Re:Why is the government using malware at all? by AmiMoJo · 2016-11-08 00:40 · Score: 1
  
  Not even leaked, the damn TSA decided to show them off for some publicity photos that were then printed and widely distributed.
  Unbelievable incompetence, and it affects people who have never even been to the US but who find that most of the available luggage has these useless TSA locks.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
10. Re:Why is the government using malware at all? by Anonymous Coward · 2016-11-08 00:50 · Score: 1
  
  I always wonder why Americans vote only republicans or democrats, when it is clear that their candidates are chosen and guided (controlled) by the establishment machine and therefore cannot change anything important. Other candidates always get minimal amount of votes, yet I often notice such comments that there are only two.
11. Re:Why is the government using malware at all? by Stealthey · 2016-11-08 06:47 · Score: 1
  
  Guns won't free you.
  Guns have freed every people who have thrown off a government since guns became widespread.
  The world's largest democracy is the result of "NO GUNS". Gandhi/Civil disobedience/Non Violence movement was no match for Guns?
  Today's society has no place for guns. Public unrest is what topples governments. Guns rebellions nowadays are replied by bombings. Guns are simply an answer to low self esteem.
  
  --
  I am at loss with words...
12. Re:Why is the government using malware at all? by BlueStrat · 2016-11-08 08:12 · Score: 1
  
  I'm sorry, but the rebellion of India against the British was partly *caused* by Britain attempting to enforce a gun ban in India.
  Mahatma Gandhi was very much opposed to gun bans, as evidenced by one of his quotes:
  "Among the many misdeeds of British rule in India, history will look upon the Act depriving a whole nation of arms as the blackest." - Mahatma Gandhi
  "Hence also do I advocate training in arms for those who believe in the method of violence. I would rather have India resort to arms in order to defend her honor than that she should in a cowardly manner become or remain a helpless witness to her own dishonor," Mahatma Gandhi - The Doctrine of the Sword
  
  Today's society has no place for guns.
  You are laughably naive and have swallowed all the crap fed you by your professors and other leftists/Progressives. As long as basic human nature remains relatively unchanged, the natural right & ability to defend oneself and their family & property will always have a lofty place among a free people. It is only criminals and those in government who wish to rule over a people against their will who wish to ban guns.
  Strat
  
  --
  Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
13. Re:Why is the government using malware at all? by dbIII · 2016-11-08 14:03 · Score: 1
  
  What a waste of time with a pointless hair splitting grammarfest as a distraction anarchist. They didn't use guns in an armed revolt so your implication that they did is nothing other than a lie. Even if they had it does not prove your point, since the big deal is a lot of people working together to get stuff done instead of a lone gunman becoming a red smear on the ground and being forgotten due to achieving nothing other than suicide by government.
No Tor, Freenet. by BigBuckHunter · 2016-11-07 14:16 · Score: 1

No Tor, Freenet. That's all that needs to be said.
none to fear by liquid_schwartz · 2016-11-07 14:19 · Score: 1

I'm sure no reasonable prosecutor will bring a case against this. They are a sad, pathetic department, even by government standards.
They are happy now by AndyKron · 2016-11-07 14:44 · Score: 1

So they all got raises and job promotions for this, correct?
So, the FBI does illegal things by fustakrakich · 2016-11-07 15:11 · Score: 2

Kind of helps to understand why they won't go after politicians who do illegal things. In other words, *What do they call it when the assassin accuses the assassin?* This is a good example of 'Capoeira'. Everybody remains untouchable, but the spectacle is supreme.

--
“He’s not deformed, he’s just drunk!”
J Edgar is still in charge of the FBI by Required+Snark · 2016-11-07 15:41 · Score: 1, Offtopic

His body is in suspended animation, but he has telepathic control over the entire organization.
Actually it makes no difference if he is dead, alive or none of the above. Nothing has changed since Hoover was in charge of the FBI. They don't care about the Constitution and are lawless, which means they act as if no law applies to what they do. Their agenda, which includes expected areas like going after bank robbers, kidnappers and organized crime also includes suppressing and criminalizing any attempt to alter the current political order, even if it is totally legitimate. This activity is rarely targeted to any right wing movement, but the mere existence of a left wing or minority organization brings the hammer down.,
Compare and Contrast: Occupy Wall Street and the take over of the Oregon wildlife facility by armed Christian terrorists. Law enforcement, including the FBI, sent in provocateurs to incite violence, infiltrated to gather (illegal) intelligence, and engaged in intimidation during and after Occupy events. Just sending an FBI agent to do "routine" interviews with employers, co-workers or neighbors is a way of punishing a person for using their right to express their opinion, and the FBI takes great advantage of that, and they did a lot of it
Now look at the Oregon armed takeover. For weeks right wing Cowboys with Guns were wandering into town for a hot meal or a warm bed. There was no perimeter established. Local and Federal law enforcement (i.e. the FBI) stayed as far away as possible. The didn't want to cause an "incident". It was only after the press stated to take notice of the absence of law enforcement and the Governor of Oregon wrote a letter of complaint that law enforce showed up.
The FBI always takes sides. They only go after right wingers after events become so extreme they can't be swept under the rug. They go after anyone else just for opening their mouths. So J Edgar continues to assert his rule.

--
Why is Snark Required?
I see what happened here. by SuricouRaven · 2016-11-07 19:21 · Score: 3, Insightful

FBI: We want to hack a ton of computers belonging to people who are probably innocent.
Judge: Sorry, I can't issue a warrant for that.
FBI: We need to do this in order to catch monsters who sexually abuse children.
Judge: Fucking scum like that have no rights! You have my warrant, do whatever it takes!