When FBI Went on a Blind Hacking Spree, It Hacked Hundreds of Computers in Russia, Iran and China Too
The Federal Bureau of Investigation infiltrated computers in more than a hundred countries in 2015, with targets including Iran, China and Russia. The operation wasn’t about sabotaging the governments or spying on them but to take down a child porn ring. However, that might not be enough for the Bureau to justify going on an international mass hacking spree with suspects in countries hostile to the United States.
One warrant that allowed FBI to hack over 8,000 computers
During FBI’s Operation Pacifier in 2015 that involved taking down the notorious child pornography site called Playpen, the agency broke into a number of targets without first learning about the location of their suspects (which isn’t always possible). During this investigation, the US agency “broke into thousands of computers around the world to investigate child pornography,” The Daily Beast reports.
However, experts warn that accessing computers in countries that aren’t allies could lead to geopolitical issues. These hacks are “essentially opening the door for other countries to unilaterally hack devices located in the U.S. in the law-enforcement context,” Scarlet Kim of Privacy International told TDB.
This revelation isn’t new as previous reports had suggested that the agency had broken into over 8,000 computers in over 120 countries. What is different now, however, is that the previous reports of the investigation hadn’t disclosed if the agency also targeted people in countries that the United States isn’t really “happy” with, including Russia and Iran. “Those risks are especially potent in the hacking context because the identity of the attacker and the purpose of the hack may not be immediately clear,” Kim added. This means that those countries without ever receiving a notification from the FBI could consider such a hack as a criminal attack.
But those in the Department of Justice continue to suggest that there is no way out of this. “We’ve gone to the Russian prosecutors and said can you help us with this investigation, and years later the individual becomes a source for the Russian government,” Megan Stifel of Atlantic Council and a former attorney in the DoJ’s national security division said.
“It’s not to say that we need to have a new global treaty around cyber crime. We’re not going to get any better than we have.”
The 2015 Playpen investigation has so far raised several concerns, not only internationally but locally, as well. We reported last year that the agency was able to go on this mass hacking spree based on a single warrant issued by a magistrate judge of the Eastern District of Virginia, who did not have the authority to allow searches outside of their own district. As we reported earlier:
Because of this violation, some courts decided to throw out all evidence obtained by the malware. At least fourteen court decisions found that the warrant was not properly issued.
While the investigation was looking into crimes that are some of the most vile acts, the agency’s routine bypassing of the due legal process ends up raising more questions about its surveillance powers. The operation led to hundreds of arrests according to the agency itself, however, lawyers of defendants pushed back against the evidence questioning the legality of the search. Some had even suggested that the Bureau deliberately carried out this investigation in a way that the evidence would be useless but will help it push the government to legitimize such an investigation without any oversight. [Which, by the way, it managed to achieve as the government introduced new changes to Rule 41 last November that basically enable one judge with one warrant to authorize hacking of millions of devices.]
Last year when the first numbers of the investigation were publicly disclosed, this unprecedented hacking case raised concerns among the privacy community for laying the foundation for future expansion of similar uncontrolled hacking operations. However, targeting suspects in countries with hostile relationships could legitimize or even welcome similar efforts from those countries and the United States may not like that.