Motherboard reports that two New York men arrested on charges of online child pornography, allegedly on the Tor hidden service, were brought down by a Federal Bureau of Investigation (FBI) hacking tool used to identify the “true IP addresses” of the accused.
The FBI argues that, in order to bring down a major pornography site, it had jurisdiction to hack more than a thousand computers in what’s been termed a “bulk hacking campaign.”
“In order to fight what it has called one of the largest child pornography sites on the dark web, the FBI hacked over a thousand computers,” Motherboard detailed.
Christopher Soghoian, principal technologist at the American Civil Liberties Union (ACLU), told Motherboard the news was “simply unprecedented.”
According to court documents, a new bulletin board site titled Playpen appeared in August 2014 online for the explicit purpose of “the advertisement and distribution of child pornography.”
Playpen gained almost 60,000 member accounts one month after launch, though it isn’t clear how many of these were throwaway accounts and how many people actually used the site. According to the FBI, many of the sites posts “contained some of the most extreme child abuse imagery one could imagine, and others included advice on how sexual abusers could avoid detection online.”
The FBI described the site in a complaint as “the largest remaining known child pornography hidden service in the world.”
In February 2015, law enforcement seized a web host in Lenoir, North Carolina. They didn’t close the site down. Instead, they ran it from February 20 to March 4. The FBI used a “network investigative technique.”
The FBI complaint revealed that “approximately 1300 true internet protocol (IP) addresses were identified during this time.” Others posit a higher number.
“Fifteen-hundred or so of these cases are going to end up getting filed out of the same, underlying investigation,” Colin Fieman, a federal public defender involved in several related cases, told Motherboard in a phone interview.
“There will probably be an escalating stream of these [cases] in the next six months or so,” Fieman added. “There is going to be a lot in the pipeline.”
Fieman calls the FBI investigation an “extraordinary expansion of government surveillance and its use of illegal search methods on a massive scale.”
Because Tor Browser Bundle lacked an auto-update mechanism in August 2013 only users who patched their versions were safe from surveillance. Thanks to this vulnerability, anyone who logged into Playpen was breached by the FBI during the time the agency ran the website. Details about the FBI NIT are unclear, such as how it was deployed and used.
“Although the application for the NIT in this case isn’t public, applications for NITs in other cases are,” said Soghoian. “Time and time again, we have seen the Department of Justice is very vague in the application they’re filing. They don’t make it clear to judges what they’re actually seeking to do. They don’t talk about exploiting browser flaws, they don’t use the word ‘hack.’”
What’s known is that the FBI has set a new standard in what sorts of breaching campaigns it embarks upon.
Featured image from Shutterstock.