Unsealed Warrant Shows FBI Malware Affected Innocent Tor Users While Agency Ran More Than 20 Child Porn Sites

from the supporting-justifications-cited:-1.-the-ends dept

Thanks to the ACLU’s push to unseal documents related to the FBI’s targeting of TorMail users and Freedom Hosting, the warrant affidavits supporting its NIT deployment have been released by the agency. Joseph Cox of Motherboard reports:

In 2013, the FBI received permission to hack over 300 specific users of dark web email service TorMail. But now, after the warrants and their applications have finally been unsealed, experts say the agency illegally went further, and hacked perfectly legitimate users of the privacy-focused service.

“That is, while the warrant authorized hacking with a scalpel, the FBI delivered their malware to TorMail users with a grenade,” Christopher Soghoian, principal technologist at the American Civil Liberties Union (ACLU), told Motherboard in an email.

The 99-page affidavit [PDF] is lightly-redacted but contains some completely uncensored and surprising admissions from the agency. Contrary to its post-release statements about the scope of the “narrowly-tailored” warrant not being exceeded, the actual contents show the deployment of the NIT to unmask Tor users is much more aligned with Soghoian’s “grenade” description.

As Cox points out, the TorMail affidavit [PDF] says the NIT would only be delivered to logged-in, specifically-targeted TorMail users.

[T]he NIT… will be deployed on the TARGET ACCOUNTS while the TARGET ACCOUNTS operate in the District of Maryland, to investigate any user who logs into any of the TARGET ACCOUNTS by entering a username and password.

In reality, the deployment occurred the moment a user landed on any site utilizing Freedom Hosting — not just the child porn sites the FBI had taken control of. And the number of sites the FBI was running during this investigation is staggering.

According to the new documents, the NIT was used against users of 23 separate websites.

If you thought the FBI’s admin efforts for two separate child porn websites (in two investigations spaced a couple of years apart) were questionable, you have to wonder about the morality (or legality) of the US government becoming one of the world’s largest distributor of child pornography. Researcher Sarah Jamie Lewis notes that, according to her numbers, the FBI could have been operating close to half (if not more) of the child porn websites in existence.

And, as for the claims the FBI didn’t exceed the scope of the warrant: that’s clearly not true. The warrant was issued in Maryland and was delivered to users all over the world. The supporting affidavit contains descriptions of one site apparently located in Hungary, but never makes any attempt to limit the FBI efforts to within US borders, much less Maryland.

The NIT violated Rule 41 limitations and then exceeded the FBI’s own assertions about targeting specific users. It continues to deploy the same malware against Tor users with a similar lack of concern for jurisdictional restrictions or its implicit invitation for foreign law enforcement agencies to engage in the same tactics against US citizens.





Filed Under: , , , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Unsealed Warrant Shows FBI Malware Affected Innocent Tor Users While Agency Ran More Than 20 Child Porn Sites”

Subscribe: RSS Leave a comment
26 Comments
Anonymoussays:

Red line

Up until this point i’ve been skeptical of the fears about government malware. At its best, when it’s authorized with a warrant and targeted narrowly, it can be a reasonable (imo) tool to defeat end-user encryption and put the backdoor argument to rest.

But what is described here is unforgivable. Users of specific services or software cannot be justified targets merely for choosing those services or software. If this proves to be the new norm, laws are not sufficient to protect our rights anymore.

That Anonymous Cowardsays:

We are more concerned with the ends, we stopped looking at the means being used… because they are only used on “Bad People”(tm)… until we figure out they think everyone who isn’t them is bad people.

We are past the point of stopping this, we need to demand that things be stopped.
We need full reviews & disclosures.
We need people held accountable.
We need punishments.
We need to make sure we don’t keep heading towards not looking any different than the dictatorships we call out around the globe.

We had a horrible problem, so we screwed innocent people and ran at least half of the places you can get the horrible things & spread more of it… by undermining the checks & balances of the law and many of our cases have fallen apart because what we did was so stupid the courts say WTF is wrong with you people!?

art guerrillasays:

Re: Re: and ? ? ?

these things will be resolved, how, exactly ? ? ?

bear in mind (paraphrasing) freddy douglass’s quote: power never devolves voluntarily…

hmmm, ok, now what ? ? ?

voting for (t-rump/killary) will solve these problems ? ? ?
…or exacerbate ? ? ?

well, (meta-ironically) fortunately and unfortunately, at the same time, Empire is both reaching its peak and falling, at the same time…
hard rain coming…
based on a true story…

That One Guysays:

Re: Re: Innocent TOR user? No such thing

The FBI sees TOR users hiding things…and people with things to hide are terrorists.

Almost, they see non-government people hiding things as terrorists, the government of course is not only allowed to hide things it’s their Right to do so, because of course they need to be able to keep secrets, despite insisting that the public can’t.

Violynnesays:

“you have to wonder about the morality (or legality) of the US government becoming one of the world’s largest distributor of child pornography.”

Perhaps this should be addressed by properly asking the right question of the FBI, which is:
“In the past 20 years, how many child porn producers have been arrested?”

I suggest having a box of tissue nearby, because the answer is going to make you cry.

Funding the FBI is no different than other departments. If the FBI is “doing its job”, then it means they get the lion’s share of the money.

From the agency which wastes no time in setting up fake terrorists.

Stop and think about the ramifications regarding an agency sitting on the world’s largest collection of child pornography and the surprisingly timed “arrests” of people, most of whom are consumers, not producers.

Rekrulsays:

The NIT violated Rule 41 limitations and then exceeded the FBI’s own assertions about targeting specific users. It continues to deploy the same malware against Tor users with a similar lack of concern for jurisdictional restrictions or its implicit invitation for foreign law enforcement agencies to engage in the same tactics against US citizens.

Don’t worry, Congress will soon make it retroactively legal.

LAquakersays:

Clinton started this:)

Governor Clinton’s Arkansas was the northern terminus for the importation of cocaine under Drug cZar Bush, Nixon was a lawyer for Pepsi during their Burma heroin operation, any reactor GE builds around the world, we own the waste products (weapons grade plutonium) and our FBI promulgates child exploitation images and probably targets anthrax for social engineering the american mind.
Nothing to see here.

Celeste Guarinisays:

Child Porn: It's for te children, now fortified with FBI approval and dissemination

Dissemination by the FBI….what would THAT look like? Eeeew.

Wow- how do we stop these goodguys? A few wankers who may/could/might hurt a kid aren’t enough for me to eradicate privacy of citizens, while granting a criminal gov’t child porn distribution rights. And every time there is a pedo-sweep 80% are gov’t or priests and rabbi’s; teachers and cops.

Not to mention that more kids are killed every year by their mothers in America, than kids raped by strangers ( which is shockingly rare.)

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Report this ad??|??Hide Techdirt ads
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...
Older Stuff
12:25 Australian Privacy Commissioner Says 7-Eleven Broke Privacy Laws By Scanning Customers' Faces At Survey Kiosks (6)
10:50 Missouri Governor Doubles Down On 'View Source' Hacking Claim; PAC Now Fundraising Over This Bizarrely Stupid Claim (45)
10:45 Daily Deal: The All-in-One Microsoft, Cybersecurity, And Python Exam Prep Training Bundle (0)
09:43 Want To Understand Why U.S. Broadband Sucks? Look At Frontier Communications In Wisconsin, West Virginia (8)
05:36 Massachusetts College Decides Criticizing The Chinese Government Is Hate Speech, Suspends Conservative Student Group (71)
19:57 Le Tigre Sues Barry Mann To Stop Copyright Threats Over Song, Lights Barry Mann On Fire As Well (21)
16:07 Court Says City Of Baltimore's 'Heckler's Veto' Of An Anti-Catholic Rally Violates The First Amendment (15)
13:37 Two Years Later, Judge Finally Realizes That A CDN Provider Is Not Liable For Copyright Infringement On Websites (21)
12:19 Chicago Court Gets Its Prior Restraint On, Tells Police Union Head To STFU About City's Vaccine Mandate (158)
10:55 Verizon 'Visible' Wireless Accounts Hacked, Exploited To Buy New iPhones (8)
10:50 Daily Deal: The MacOS 11 Course (0)
07:55 Suing Social Media Sites Over Acts Of Terrorism Continues To Be A Losing Bet, As 11th Circuit Dumps Another Flawed Lawsuit (11)
02:51 Trump Announces His Own Social Network, 'Truth Social,' Which Says It Can Kick Off Users For Any Reason (And Already Is) (100)
19:51 Facebook AI Moderation Continues To Suck Because Moderation At Scale Is Impossible (26)
16:12 Content Moderation Case Studies: Snapchat Disables GIPHY Integration After Racist 'Sticker' Is Discovered (2018) (11)
13:54 Arlo Makes Live Customer Service A Luxury Option (8)
12:05 Delta Proudly Announces Its Participation In The DHS's Expanded Biometric Collection Program (5)
11:03 LinkedIn (Mostly) Exits China, Citing Escalating Demands For Censorship (14)
10:57 Daily Deal: The Python, Git, And YAML Bundle (0)
09:37 British Telecom Wants Netflix To Pay A Tax Simply Because Squid Game Is Popular (32)
06:41 Report: Client-Side Scanning Is An Insecure Nightmare Just Waiting To Be Exploited By Governments (35)
20:38 MLB In Talks To Offer Streaming For All Teams' Home Games In-Market Even Without A Cable Subscription (10)
15:55 Appeals Court Says Couple's Lawsuit Over Bogus Vehicle Forfeiture Can Continue (15)
13:30 Techdirt Podcast Episode 301: Scarcity, Abundance & NFTs (0)
12:03 Hollywood Is Betting On Filtering Mandates, But Working Copyright Algorithms Simply Don't Exist (66)
10:45 Introducing The Techdirt Insider Discord (4)
10:40 Daily Deal: The Dynamic 2021 DevOps Training Bundle (0)
09:29 Criminalizing Teens' Google Searches Is Just How The UK's Anti-Cybercrime Programs Roll (19)
06:29 Canon Sued For Disabling Printer Scanners When Devices Run Out Of Ink (41)
20:51 Copyright Law Discriminating Against The Blind Finally Struck Down By Court In South Africa (7)
More arrow