FBI ‘Hacked 8,700 Users’ In Tor Sting

Court documents reveal US investigators hacked thousands of suspects’ computers around the world

The FBI hacked personal computers belonging to more than 8,500 individuals around the world as part of an operation to track down users of an illegal website, according to newly released court documents.

In the case, which involved tracking down alleged users of a child pornography website called Playpen, the FBI had previously been known to have hacked more than 1,000 computers in the US.



International investigation

But the the total is about 8,700 around the world, according to federal public defender Colin Fieman, who revealed the figure in newly released transcripts of a hearing that took place at the end of October.

The website distributed to 120 countries, meaning users in any of those regions could have been hacked, Fieman said in the transcript, which was earlier mentioned in a report by computer industry publication Motherboard.

He said the investigation resulted in at least 1,152 investigations and about 214 arrests.

“We have never, in our nation’s history as far as I can tell, seen a warrant so utterly sweeping,” he stated.

Using its hacking tools the FBI obtained more than 1,000 IP addresses individuals in the US as well as an unknown number from Australia, Austria, Chile, Colombia, Denmark, Greece and possibly also the UK, Tukey and Norway, according to previous reports.

‘Government hacking’

The figures are likely to fan a debate over the legitimacy of warrants in such investigations, where law enforcement officials are authorised to access computers used by suspects.

Civil liberties activists have warned that cross-border hacking by law enforcement bodies is likely to become more common as Internet-based crime continues to spread.

The warrant in the case in question was issued by a judge in the Eastern District of Virginia who did not have the authority to grant searches outside her own district.

However, legal changes in the US set to take effect on 1 December mean magistrate judges are to be given broader authority for such warrants.

Previously magistrate judges could only approve computer search warrants if they knew the location of the computer in question, to ensure it was located in their jurisdiction.

The changes, approved by the US Supreme Court in May, mean searches can be approved for computers using tools such as Tor that mask their location – meaning the systems could be located in other countries around the world.

Botnet investigations

The changes also allow investigators to search computers that have been compromised by botnets, which allow those controlling the botnet to order affected computers to carry out malicious actions.

In the Playpen case, FBI investigators took control of the site and continued to operate it from government servers for two weeks, during which time they monitored who accessed it.

Because visitors generally made use of the Tor anonymisation network, investigators deployed a tool that exploited a security flaw in Tor’s software to implant code on the user’s system. That code then discovered the system’s real IP address and sent it to the FBI.

Civil liberties campaigners have said the Supreme Court’s ruling in May means hacking by government investigators is likely to become increasingly common.

“What we’re talking about is government hacking, and this obscure rule change would authorise a whole lot more of it,” said Kevin Bankston, director of the Open Technology Institute, earlier this year.

The US Department of Justice argued such changes are necessary to combat the use of anonymisation technologies by criminals.

“We believe technology should not create a lawless zone merely because a procedural rule has not kept up with the times,” wrote assistant attorney general Leslie R. Caldwell of the DOJ’s Criminal Division in a blog post.

How much do you know about privacy? Try our quiz!