The FBI hacked into over 8,000 computers in 120 different countries using a single warrant. Reports of the unprecedented hacking operation were detailed earlier in the year when it was believed that the agency had deployed malware to over one thousand alleged visitors of a child pornography site. It appears the scope of the investigation was much wider, going not only beyond the United States itself but apparently in outer space too.
Rule 41 and FBI's mass hacking capabilities
The latest revelations about a highly publicized child pornography Playpen case shed light on this largest law enforcement hacking campaign to date. In 2015, the FBI seized a dark web child pornography site. However, instead of shutting it down, the agency ran the site from a government server for 13 days. During this time, investigators launched a malware known as the Network Investigative Technique (NIT) that broke into the computers of anyone who visited certain threads on the site. Using this, the agency was able to get the real IP addresses of visitors who were using TOR to mask their identities.
All of this was done using a single warrant. The warrant was issued by Magistrate Judge Theresa C. Buchanan in the Eastern District of Virginia, who did not have the authority to allow searches outside of her own district. Because of this violation, some courts decided to throw out all evidence obtained by the malware. At least fourteen court decisions found that the warrant was not properly issued.
Going forward, it is expected that the Rule 41 of the Federal Rules of Criminal Procedure, which governs how search warrants can be authorized, will be changed. These upcoming changes will allow magistrate judges to authorize warrants similar to the one used in the Playpen investigation.
Concerns over how the investigation was carried out
Alleged crimes of the Playpen case are some of the most vile acts, to say the least. As a result, not much attention was paid to significant legal questions that this unprecedented hacking case raises. But, this investigation only lays the foundation for future expansion of law enforcement hacking in domestic and foreign criminal investigations. It also severely impacts user privacy.
In several reports following the investigation, many have asked how the FBI used victims of child pornography to investigate the case. Similar to drug stings, where cops pose as dealers to catch buyers, FBI ran the child pornography site to catch the visitors. However, unlike the drug stings, the agency wasn't just "posing," it was actually distributing content - a federal crime.
During the two weeks of the operation, over 100,000 people visited the site, accessing at least 200 videos and 48,000 photos of victims, allowing thousands of images to be downloaded. Not only that, the agency also made the site more popular by making it faster and more easily accessible. During the operation, the site attracted over 50,000 visitors a week, in contrast to 11,000 before the government takeover.
This essentially means that the crimes the government was trying to prosecute, it was committing them itself, revictimizing the children during those 2 weeks.
But, that is not the only concern of this unprecedented investigation. It also speaks volumes of how future investigations could be carried out with little or no concern about the victims, or the boundaries of a region. "We have never, in our nation's history as far as I can tell, seen a warrant so utterly sweeping," federal public defender Colin Fieman said in a court hearing.
A court transcript reveals the FBI also hacked a satellite provider. "So now we are into outer space as well," Fieman added.