Pierluigi Paganini
March 30, 2016
A few weeks ago, a judge has ordered the FBI to reveal the complete source code for the TOR exploit to defense lawyers in a child porn case.
In a case involving child pornography, the FBI was ruled by a judge to provide all the code used to hack the PC of suspects and detailed information related to the procedure they have followed to de-anonymize Tor users.
Colin Fieman, a federal public defender working on the case was asked by motherborard.vice.com if the code would include exploits to bypass security features, Fieman’s reply was that the code would bypass “everything.”
“The declaration from our code expert was quite specific and comprehensive, and the order encompasses everything he identified,” he told to MotherBoard.
Fieman is defending Jay Michaud, a Vancouver public schools administration worker arrested by the FBI right after the FBI closed a popular child pornography site called “Playpen” hosted in the dark web, and where a network investigative technique (NIT)—the agency’s term for a hacking tool.
According to court documents reviewed by Motherboard, the FBI had used the NIT to identify the suspects while surfing on the Tor network.
The FBI monitored a bulletin board hidden service launched in August 2014, named Playpen, mainly used for “the advertisement and distribution of child pornography.”
The FBI was able to harvest around 1300 IPs, and until the moment 137 people have been charged. The network investigative technique used by the FBI included computers in the UK, Chile and Greece.
The defence has argued that the investigation that leveraged on the NIT was “gross misconduct by government and law enforcement agencies,” and that the Tor Exploit conducted operations out of the warrant scope.
In January, a report published by the Washington Post confirmed that in the summer of 2013 Feds hacked the TorMail service by injecting the NIT code in the mail page in the attempt to track its users.
Last month the federal judge Robert J. Bryan ordered the FBI to hand over the TOR browser exploit code in order to allow the defence to understand how the law enforcement used it.
Now, the FBI is fighting back against the federal judge’s order and with the Department of Justice (DOJ) filed a sealed motion requesting the review of the ruling.
The FBI and the DoJ sustain that it is not necessary to reveal the details of the Tor exploit.
The security expert and exploit developer Vlad Tsyrklevich who analyzed the Tor Exploit for the defense explained that he received only a portion of the NIT code, but he argued to haven’t reviewed the portion of code that link NIT identifier with a specific suspect.
“He is wrong,” Special Agent Daniel Alfin writes. “Discovery of the ‘exploit’ would do nothing to help him determine if the government exceeded the scope of the warrant because it would explain how the NIT was deployed to Michaud’s computer, not what it did once deployed.”
Security Affairs – (Tor Exploit, NIT)
