Unsealed Warrant Shows FBI Malware Affected Innocent Tor Users While Agency Ran More Than 20 Child Porn Sites

Legal Issues

from the supporting-justifications-cited:-1.-the-ends dept

Thanks to the ACLU’s push to unseal documents related to the FBI’s targeting of TorMail users and Freedom Hosting, the warrant affidavits supporting its NIT deployment have been released by the agency. Joseph Cox of Motherboard reports:

In 2013, the FBI received permission to hack over 300 specific users of dark web email service TorMail. But now, after the warrants and their applications have finally been unsealed, experts say the agency illegally went further, and hacked perfectly legitimate users of the privacy-focused service.

“That is, while the warrant authorized hacking with a scalpel, the FBI delivered their malware to TorMail users with a grenade,” Christopher Soghoian, principal technologist at the American Civil Liberties Union (ACLU), told Motherboard in an email.

The 99-page affidavit [PDF] is lightly-redacted but contains some completely uncensored and surprising admissions from the agency. Contrary to its post-release statements about the scope of the “narrowly-tailored” warrant not being exceeded, the actual contents show the deployment of the NIT to unmask Tor users is much more aligned with Soghoian’s “grenade” description.

As Cox points out, the TorMail affidavit [PDF] says the NIT would only be delivered to logged-in, specifically-targeted TorMail users.

[T]he NIT… will be deployed on the TARGET ACCOUNTS while the TARGET ACCOUNTS operate in the District of Maryland, to investigate any user who logs into any of the TARGET ACCOUNTS by entering a username and password.

In reality, the deployment occurred the moment a user landed on any site utilizing Freedom Hosting — not just the child porn sites the FBI had taken control of. And the number of sites the FBI was running during this investigation is staggering.

According to the new documents, the NIT was used against users of 23 separate websites.

If you thought the FBI’s admin efforts for two separate child porn websites (in two investigations spaced a couple of years apart) were questionable, you have to wonder about the morality (or legality) of the US government becoming one of the world’s largest distributor of child pornography. Researcher Sarah Jamie Lewis notes that, according to her numbers, the FBI could have been operating close to half (if not more) of the child porn websites in existence.

And, as for the claims the FBI didn’t exceed the scope of the warrant: that’s clearly not true. The warrant was issued in Maryland and was delivered to users all over the world. The supporting affidavit contains descriptions of one site apparently located in Hungary, but never makes any attempt to limit the FBI efforts to within US borders, much less Maryland.

The NIT violated Rule 41 limitations and then exceeded the FBI’s own assertions about targeting specific users. It continues to deploy the same malware against Tor users with a similar lack of concern for jurisdictional restrictions or its implicit invitation for foreign law enforcement agencies to engage in the same tactics against US citizens.

Filed Under: 4th amendment, child porn, doj, fbi, malware, nit, playpen, warrant