Unsealed Warrant Shows FBI Malware Affected Innocent Tor Users While Agency Ran More Than 20 Child Porn Sites

from the supporting-justifications-cited:-1.-the-ends dept

Thanks to the ACLU’s push to unseal documents related to the FBI’s targeting of TorMail users and Freedom Hosting, the warrant affidavits supporting its NIT deployment have been released by the agency. Joseph Cox of Motherboard reports:

In 2013, the FBI received permission to hack over 300 specific users of dark web email service TorMail. But now, after the warrants and their applications have finally been unsealed, experts say the agency illegally went further, and hacked perfectly legitimate users of the privacy-focused service.

“That is, while the warrant authorized hacking with a scalpel, the FBI delivered their malware to TorMail users with a grenade,” Christopher Soghoian, principal technologist at the American Civil Liberties Union (ACLU), told Motherboard in an email.

The 99-page affidavit [PDF] is lightly-redacted but contains some completely uncensored and surprising admissions from the agency. Contrary to its post-release statements about the scope of the “narrowly-tailored” warrant not being exceeded, the actual contents show the deployment of the NIT to unmask Tor users is much more aligned with Soghoian’s “grenade” description.

As Cox points out, the TorMail affidavit [PDF] says the NIT would only be delivered to logged-in, specifically-targeted TorMail users.

[T]he NIT… will be deployed on the TARGET ACCOUNTS while the TARGET ACCOUNTS operate in the District of Maryland, to investigate any user who logs into any of the TARGET ACCOUNTS by entering a username and password.

In reality, the deployment occurred the moment a user landed on any site utilizing Freedom Hosting — not just the child porn sites the FBI had taken control of. And the number of sites the FBI was running during this investigation is staggering.

According to the new documents, the NIT was used against users of 23 separate websites.

If you thought the FBI’s admin efforts for two separate child porn websites (in two investigations spaced a couple of years apart) were questionable, you have to wonder about the morality (or legality) of the US government becoming one of the world’s largest distributor of child pornography. Researcher Sarah Jamie Lewis notes that, according to her numbers, the FBI could have been operating close to half (if not more) of the child porn websites in existence.

And, as for the claims the FBI didn’t exceed the scope of the warrant: that’s clearly not true. The warrant was issued in Maryland and was delivered to users all over the world. The supporting affidavit contains descriptions of one site apparently located in Hungary, but never makes any attempt to limit the FBI efforts to within US borders, much less Maryland.

The NIT violated Rule 41 limitations and then exceeded the FBI’s own assertions about targeting specific users. It continues to deploy the same malware against Tor users with a similar lack of concern for jurisdictional restrictions or its implicit invitation for foreign law enforcement agencies to engage in the same tactics against US citizens.





Filed Under: , , , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Unsealed Warrant Shows FBI Malware Affected Innocent Tor Users While Agency Ran More Than 20 Child Porn Sites”

Subscribe: RSS Leave a comment
26 Comments
Anonymoussays:

Red line

Up until this point i’ve been skeptical of the fears about government malware. At its best, when it’s authorized with a warrant and targeted narrowly, it can be a reasonable (imo) tool to defeat end-user encryption and put the backdoor argument to rest.

But what is described here is unforgivable. Users of specific services or software cannot be justified targets merely for choosing those services or software. If this proves to be the new norm, laws are not sufficient to protect our rights anymore.

That Anonymous Cowardsays:

We are more concerned with the ends, we stopped looking at the means being used… because they are only used on “Bad People”(tm)… until we figure out they think everyone who isn’t them is bad people.

We are past the point of stopping this, we need to demand that things be stopped.
We need full reviews & disclosures.
We need people held accountable.
We need punishments.
We need to make sure we don’t keep heading towards not looking any different than the dictatorships we call out around the globe.

We had a horrible problem, so we screwed innocent people and ran at least half of the places you can get the horrible things & spread more of it… by undermining the checks & balances of the law and many of our cases have fallen apart because what we did was so stupid the courts say WTF is wrong with you people!?

art guerrillasays:

Re: and ? ? ?

these things will be resolved, how, exactly ? ? ?

bear in mind (paraphrasing) freddy douglass’s quote: power never devolves voluntarily…

hmmm, ok, now what ? ? ?

voting for (t-rump/killary) will solve these problems ? ? ?
…or exacerbate ? ? ?

well, (meta-ironically) fortunately and unfortunately, at the same time, Empire is both reaching its peak and falling, at the same time…
hard rain coming…
based on a true story…

That One Guysays:

Re: Innocent TOR user? No such thing

The FBI sees TOR users hiding things…and people with things to hide are terrorists.

Almost, they see non-government people hiding things as terrorists, the government of course is not only allowed to hide things it’s their Right to do so, because of course they need to be able to keep secrets, despite insisting that the public can’t.

Violynnesays:

“you have to wonder about the morality (or legality) of the US government becoming one of the world’s largest distributor of child pornography.”

Perhaps this should be addressed by properly asking the right question of the FBI, which is:
“In the past 20 years, how many child porn producers have been arrested?”

I suggest having a box of tissue nearby, because the answer is going to make you cry.

Funding the FBI is no different than other departments. If the FBI is “doing its job”, then it means they get the lion’s share of the money.

From the agency which wastes no time in setting up fake terrorists.

Stop and think about the ramifications regarding an agency sitting on the world’s largest collection of child pornography and the surprisingly timed “arrests” of people, most of whom are consumers, not producers.

Rekrulsays:

The NIT violated Rule 41 limitations and then exceeded the FBI’s own assertions about targeting specific users. It continues to deploy the same malware against Tor users with a similar lack of concern for jurisdictional restrictions or its implicit invitation for foreign law enforcement agencies to engage in the same tactics against US citizens.

Don’t worry, Congress will soon make it retroactively legal.

LAquakersays:

Clinton started this:)

Governor Clinton’s Arkansas was the northern terminus for the importation of cocaine under Drug cZar Bush, Nixon was a lawyer for Pepsi during their Burma heroin operation, any reactor GE builds around the world, we own the waste products (weapons grade plutonium) and our FBI promulgates child exploitation images and probably targets anthrax for social engineering the american mind.
Nothing to see here.

Celeste Guarinisays:

Child Porn: It's for te children, now fortified with FBI approval and dissemination

Dissemination by the FBI….what would THAT look like? Eeeew.

Wow- how do we stop these goodguys? A few wankers who may/could/might hurt a kid aren’t enough for me to eradicate privacy of citizens, while granting a criminal gov’t child porn distribution rights. And every time there is a pedo-sweep 80% are gov’t or priests and rabbi’s; teachers and cops.

Not to mention that more kids are killed every year by their mothers in America, than kids raped by strangers ( which is shockingly rare.)

Leave a Reply to Celeste Guarini Cancel reply

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...
Older Stuff
13:40 It's Great That Winnie The Pooh Is In The Public Domain; But He Should Have Been Free In 1982 (Or Earlier) (35)
12:06 Norton 360 Now Comes With Crypto Mining Capabilities And Sketchy Removal Process (28)
10:45 Chinese Government Dragnet Now Folding In American Social Media Platforms To Silence Dissent (14)
10:40 Daily Deal: The 2022 Ultimate Cybersecurity Analyst Preparation Bundle (0)
09:29 A Fight Between Facebook And The British Medical Journal Highlights The Difficulty Of Moderating 'Medical Misinformation' (9)
06:29 Court Ruling Paves The Way For Better, More Reliable Wi-Fi (4)
20:12 Eighth Circuit (Again) Says There's Nothing Wrong With Detaining Innocent Minors At Gunpoint (15)
15:48 China's Regulatory War On Its Gaming Industry Racks Up 14k Casualties (10)
13:31 Chinese Government Fines Local Car Dealerships For Surveilling While Not Being The Government (5)
12:08 Eric Clapton Pretends To Regret The Decision To Sue Random German Woman Who Listed A Bootleg Of One Of His CDs On Ebay (29)
10:44 ICE Is So Toxic That The DHS's Investigative Wing Is Asking To Be Completely Separated From It (29)
10:39 Daily Deal: The 2022 Complete Raspberry Pi And Arduino Developer Bundle (0)
09:31 Google Blocked An Article About Police From The Intercept... Because The Title Included A Phrase That Was Also A Movie Title (24)
06:22 Wireless Carriers Balk At FAA Demand For 5G Deployment Delays Amid Shaky Safety Concerns (16)
19:53 Tenth Circuit Denies Qualified Immunity To Social Worker Who Fabricated A Mother's Confession Of Child Abuse (35)
15:39 Sci-Hub's Creator Thinks Academic Publishers, Not Her Site, Are The Real Threat To Science, And Says: 'Any Law Against Knowledge Is Fundamentally Unjust' (34)
13:32 Federal Court Tells Proud Boys Defendants That Raiding The Capitol Building Isn't Covered By The First Amendment (25)
12:14 US Courts Realizing They Have A Judge Alan Albright Sized Problem In Waco (17)
10:44 Boston Police Department Used Forfeiture Funds To Hide Purchase Of Surveillance Tech From City Reps (16)
10:39 Daily Deal: The Ultimate Microsoft Excel Training Bundle (0)
09:20 NY Senator Proposes Ridiculously Unconstitutional Social Media Law That Is The Mirror Opposite Of Equally Unconstitutional Laws In Florida & Texas (25)
06:12 Telecom Monopolies Are Exploiting Crappy U.S. Broadband Maps To Block Community Broadband Grant Requests (7)
12:00 Funniest/Most Insightful Comments Of 2021 At Techdirt (17)
10:00 Gaming Like It's 1926: Join The Fourth Annual Public Domain Game Jam (6)
09:00 New Year's Message: The Arc Of The Moral Universe Is A Twisty Path (33)
19:39 DHS, ICE Begin Body Camera Pilot Program With Surprisingly Good Policies In Place (7)
15:29 Remembering Techdirt Contributors Sherwin And Elliot (1)
13:32 DC Metro PD's Powerful Review Panel Keeps Giving Bad Cops Their Jobs Back (6)
12:11 Missouri Governor Still Expects Journalists To Be Prosecuted For Showing How His Admin Leaked Teacher Social Security Numbers (39)
10:48 Oversight Board Overturning Instagram Takedown Of Ayahuasca Post Demonstrates The Impossibility Of Content Moderation (10)
More arrow
This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it