FBI Hackers Targeted Users in 120 Countries, Including Russia, China & Iran
During the largest known law enforcement hacking campaign, the FBI reportedly hacked into thousands of computers around the world and implanted malware that allowed them to gather personal data, according to court documents.
The FBI’s international hacking efforts stem from an investigation called “Operation Pacifier.”
Launched in 2014, the FBI conducted an investigation into a child pornography website called Playpen after they obtained the IP address associated with the site. The site operated on the onion router (Tor) network, which masks IP addresses and other identifying information.
According to court documents, the FBI obtained a warrant from a magistrate judge in the Eastern District of Virginia to search and seize “property located in the Eastern District of Virginia.” The warrant also authorized the FBI to send malware from the Playpen server to computers that logged on to the site with a username and password.
After the FBI seized Playpen’s servers, they decided not to shut the site down, but moved it to a government facility, where they operated the site for 15 days from February 19 to March 5, 2015.
During this time, the FBI operated Playpen as an undercover website and targeted thousands of computers that tried to access the site with a type of malware called a “network investigative technique” (NIT).
The FBI used an “exploit” that took advantage of a vulnerability in the Tor browser, which allowed them to breach a computer’s operating system. The NIT also had a “payload” component that allowed the FBI to search a computer’s files and operating system and allowed them to send the data back to the FBI, where it was stored on their servers.
The application for the warrant stated that the malware “may cause an activating computer – wherever located – to send to a computer controlled by or known to the government, network level messages containing information that may assist in identifying the computer.”
However, Robert Goldsmith, who is representing several other defendants in affected cases, argued in a hearing last year that “nowhere in any of the warrant documents, the application, the warrant face itself, do they use that word ‘international.’”
The FBI seized 8,713 IP addresses and other data from computers located in the US and 120 other countries around the world, including Russia, China and Iran, as well as data from an entity the Government described as “a satellite provider.”According to an evidentiary hearing in the case last year, 7,281 of those IP addresses were obtained from foreign computers.
According to the appeal, the way the FBI implanted the malware meant they would not have known the country of origin of a computer before they had collected the user’s data.
"We have never, in our nation's history as far as I can tell, seen a warrant so utterly sweeping," federal public defender Colin Fieman, who is representing defendants said at a hearing last year.
In April 2016, a judge ruled that the warrant was “issued without jurisdiction.” It marked the first time that a judge threw out evidence obtained by a hacking operation.
“It follows that the resulting search was conducted as though there were no warrant at all,” Judge William Young of the District of Massachusetts wrote. "Since warrantless searches are presumptively unreasonable, and the good-faith exception is inapplicable, the evidence must be excluded.”
The court documents come from an appeal filed by David Tippens, the site's original administrator, who asked the court to dismiss his case and reverse his conviction. His attorneys argue that “the Government committed outrageous misconduct during the undercover operation” in violation of his Fourth Amendment rights.