The stakes are hotting up in the digital law sphere regarding the FBI’s involvement in various hacks targeting criminals using Tor to access the deep web.
The main issue is in determining whether the feds are acting within the law when they are catching criminals, or whether they are going beyond the scope of their powers.
The FBI and authorities have become increasing aggressive in their methods used to uncover information on the web, especially via Tor, with many techniques being thrown into doubt, and the agencies themselves being accused of warrantless access.
The latest incident – Playpen
Following a string of 137 arrests in taking down the largest source of child exploitation online, Playpen (accessed via Tor), the fedsare now in some hot water over the techniques they employed in busting pedophiles the world over.
After a defendant’s attorney was granted restricted access in viewing how the FBI exploited the Tor browser using a Network Investigative Technique (NIT), the judge in the case ordered the FBI to reveal how they managed to hack and exploit the Tor browser and identify the defendant’s locations from Playpen. The FBI has now urged the judge to reconsider.
The FBI vs. Apple
While not a Tor issue, security and privacy are hot topics over at Apple, too.
The FBI and Apple were involved in a bitter dispute recently over iPhone security when the FBI demanded that Apple unlock the San Bernadino killer’s iPhone.
When a judge ordered that Apple assist the authorities, they protested fiercely against the ruling, arguing that hacking the phone wasn’t covered by law, that security was an important aspect of the device, and that they weren’t able to do it anyway.
The feds dropped the case when they managed to hack the phone themselves anyway, possibly with the help of an Israeli business.
The Carnegie Mellon University Tor case
It has recently come to light that Carnegie Mellon University was involved in exploiting vulnerability in the Tor browser while under funding from the US Department of Defense.
The university’s Computer Emergency Response Team is involved in federally funded research operations.
The project was able to track Tor users and their IP addresses, and when the feds became aware of this information they subpoenaed the university to hand over their findings – despite speculations that they actually paid the university for the Tor data.
The data was used to uncover traders in illicit goods on the Silk Road 2.0 marketplace, which was accessible via Tor.
Silk Road and Ross Ulbricht
The FBIs most famous Tor related bust to date involved taking down the notorious online black market Silk Road, along with its mastermind, Ross Ulbricht.
Ulbricht is now serving out a life sentence.
Ulbricht’s counsel has asked for a retrial, throwing doubt onto the investigative methods used by the FBI in uncovering the location of the Silk Road servers in Iceland.
While the FBI alleges they stumbled across security vulnerability in the Tor accessed Silk Road login page, the defense argues that it is likely the FBI was involved in a series of hacks against the site via Tor, and possibly even obtained information from the servers illegally.
What does it all mean?
The fact that the fedsare able to subpoena businesses and individuals for their data makes it a very scary security landscape, especially when we are using Tor to protect our privacy.
Whereas people may be working towards exposing vulnerabilities so that the security community can work towards patching and improving their services, if the FBI get wind of it they can seize the data and use it for their own purposes.
This effectively allows the FBI to obtain a backdoor to data that nobody else has.
While many people would claim “I’ve got nothing to hide,” the fact that the FBI would effectively have a complete record of your online activities is fairly terrifying – and not only a hack of your data but a massive invasion of privacy.
The secrecy involved in the operations allows them to hide their activities, also throwing into doubt whether the methods they use to uncover data are within the law or not.
Obviously, the fedsare keen to hide their activities so they can continue using the same methods to target others.
The latest order of the judge to reveal how the FBI exploited the Tor browser to reveal the users of Playpen is a key win for the security community.
While it remains to be seen if the FBI will actually reveal the source code after arguing that it isn’t necessary to the case, it is interesting in the current climate of security, surveillance, and of the bounds of the law when it comes to the digital sphere.
Latest posts by Richard (see all)
- Wide Range of Job Ads Available on the Dark Web - November 5, 2018
- Continuous Exploit of RDP Pushes FBI to Issue Warning to Potential Targets - October 29, 2018
- Ross Ulbricht’s Fifth Year in Jail - October 10, 2018