DoJ proposal wants legitimate FBI hacking ops against anonymity

DoJ proposal is trying to legitimate FBI hacking operations against Internet users that make use of any kind of anonymizing technology.

The FBI wants greater authority to hack overseas computers, according to a law professor.

The Department of Justice (DoJ) is declaring war to online anonymity, its proposal to amend Rule 41 of the Federal Rules of Criminal Procedure would make it easier for US law enforcement to hack into the computers of people which make use of anonymizing networks and tools.

The proposal wants to give greater authority to the FBI for hacking computers located everywhere on the planet, the Federal Bureau of Investigation could seize machines whose location is “concealed through technological means”.

The DoJ is worried by the use of technology such as anonymizing software, like Tor, proxies and VPN. As requested in the proposal, law enforcement are legitimate to use remote access within or outside “district when the district in which the media or information is located is not known because of the use of technology such as anonymizing software.” Pratically the DoJ is authorizing hacking on a large scale to fight used of anonymizing systems.

“Authority to Issue a Warrant. At the request of a federal law enforcement officer or an attorney for the government: (6) a magistrate judge with authority in any district where activities related to a crime may have occurred has authority to issue a warrant to use remote access to search electronic storage media and to seize or copy electronically stored information located within or outside that district if: (A) the district where the media or information is located has been concealed through technological means; or (B) in an investigation of a violation of U.S.C. § 1030(a)(5), the media are protected computers that have been damaged without authorization and are located in five or more districts.” states the DoJ proposal.

The DoJ denied that the amendment intends to authorize hacking of computer in foreign countries, but Ahmed Ghappour, a visiting professor at UC Hastings College of the Law, argues that the proposals would result in “broadest expansion of extraterritorial surveillance power since the FBI’s inception”.

Professor Ghappour has published a detailed blog post at ‪justsecurity.org‬ which analyze the DoJ’s proposal. There is also a further element of concern about the DoJ proposal, the investigations conducted by the FBI may interfere with other cyber operations run by Intelligence agencies like NSA and CIA. The uncoordinated hacking campaigns run by the FBI could have serious repercussions. We have discussed many times about the uncontrolled militarization of the cyberspace and related risks.

Anyway, it’s not the first time that the FBI used hacking techniques to track users behind anonymizing networks, let’s remind the operation against online pedophilia, which allowed law enforcement to shut down the popular hosting service Freedom Hosting.

FBI admitted publicly that the Bureau had compromised the Freedom Hosting, the most popular Tor hidden service operator company exploiting a Firefox Zero-day for Firefox 17 version that allowed it to track Tor users- The Bureau implanted a tracking cookie which fingerprinted suspects through a specific external server.

Another case in which FBI used hacking campaigns to hit foreign entities is the documented case of the hacktivist Hector Xavier “Sabu”Monsegur reportedly led cyber-attacks against foreign governments under the FBI control.

Prosecutors filed a document which reveals ex LulzSec hacker Sabu helped US authorities stop more that 300 cyber attacks against US targets.

Probably the DoJ proposal is trying to legitimate its consolidated modus operandi.

Pierluigi Paganini

(Security Affairs – FBI, DoJ)