Cyber Crime

FBI hacked a US Darknet shopper who tried to purchase Mail Bomb

The FBI hacked the system of a dark web user who tried to purchase a mail bomb from an undercover investigator in the US.

According to a plea agreement, filed on April 28, 2017, Clinton Scott Bass of Georgia (US) tried in a first time to purchase a car bomb. The man, who was using two different pseudo names, contacted an undercover FBI agent on a darknet marketplace.

Later on, the man decided to acquire a mail bomb from the undercover officer. The agent agreed to sell the explosive to the suspect who paid $550 in digital currency, likely Bitcoin or Monero.

“He was keen, at first, to buy a car bomb that would explode as soon as the vehicle’s door was opened or closed. But he then decided he wanted a mail bomb, which would go off on being opened.reported Thomas Fox-Brewster from Forbes.

“The undercover agent agreed to sell him a bomb, which was in fact inert and delivered to an address provided by one of Bass’ monikers, who paid $550 in virtual currency for the service. Hidden in the fake explosive, however, was a location tracker.”

The police sent an inert device to the address provided by the suspect, they have also hidden a location tracker in the pack.

The location tracker allowed the agents to discover the real Bass’s target, they tracked the pack discovering that is was sent to someone in Hahira, Georgia on the morning of April 27, then Feds arrested the man.

Bass used an email address at the temporary mail provider Guerilla Mail while communicating with the undercover agent. The defendant used the email address to receive instructions from the vendor on how to use the mail bomb.

The FBI sent a phishing message to the Guerilla Mail address used by Bass in an attempt to locate him (i.e. tracking his IP address). The message included a weaponized attached document, which, once opened, would send target information to the FBI’s server. The FBI used the Network Investigative Technique (NIT), a method used by Feds in many other cases and that was questioned by privacy advocates that consider it a tool for dragnet surveillance.

“The message included a document, which, once opened, would send that identifying data to an FBI server, somehow overcoming the IP-masking provided by Tor. A separate document indicated the government also installed what’s known as a pen-trap tool to record all the information coming from the hack.” continues Fox Brewster.

An executed warrant document reported that the FBI retrieved 19 different IP addresses in the investigation by using the NIT, likely because the suspect was using a VPN service and the Tor network to mask his IP address. It is not clear is the NIT was useful to track the man.

Experts and privacy advocated consider legitimate the NIT usage in the specific case, it was a targeted attack that not impacted other individuals, such as the case of a watering hole attack.

“The way I see it is, the FBI has to do something to catch criminals, and at least in this case they didn’t resort to draconian methods such as mass surveillance without a warrant,” Flashmob, the administrator of Guerilla Mail, told the media. “Instead, they used a simple procedure with a warrant that doesn’t need much technical ability,” 

The Electronic Frontier Foundation (EFF) security researcher Cooper Quintin also confirmed that the FBI’s phishing in the current case was legitimate.

But what makes this hack unique is that it appears to be the first public example of the FBI legally using a controversial update to the Rule 41 , that allows searches on users of anonymizing services, including the Tor network.

Anyway, there is an element of concern about the Bass case, authorities used “Stingray” technology to spy on the suspect and track his movements,

Bass pleaded guilty in April to charges of attempting to receive and transport explosive materials with the intent to kill, injure or intimidate. The man risks 120 months in prison, the trial will be held on July 12.

[ad rotate banner=”9″]

Pierluigi Paganini

(Security Affairs – DarkWeb Black Market, FBI)

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Cisco addressed high-severity flaws in IOS and IOS XE software

Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to…

8 hours ago

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

14 hours ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

1 day ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

1 day ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

1 day ago

The DDR Advantage: Real-Time Data Defense

This is the advantage of Data Detection and Response (DDR) for organizations aiming to build…

2 days ago

This website uses cookies.