Post by: John E Dunn | Sophos Naked Security | Published on: 11/28/2016
Users of the darkweb sometimes do dark things and law enforcement is constantly searching for new ways to catch them.
But how far should police be allowed to go to, and what safeguards are there against unwarranted intrusion?
It’s an issue raised by the downing of a large and deeply unpleasant site on the darkweb called Playpen, used to distribute large numbers of child abuse images and videos between August 2014 and March 2015.
In February 2015, the FBI seized the US-based server hosting the site but kept it running for 13 days as part of a dragnet to identify as many of its users as it could.
Because Playpen was accessed using the Tor anonymity system that masks IP addresses, this wasn’t straightforward so the FBI employed a network investigative technique (NIT), a type of police malware, to identify them.
Court documents and exchanges made public as part of prosecutions against alleged US Playpen users are starting to reveal the impressive power of NITs.
The NIT communicated with the computers of users logged into the site (possibly exploiting a flaw in the Tor browser), capturing their real IP address, hardware MAC address and other identifying data.
When the first prosecutions hit the courts early this year it was believed that 1,000 users had been unmasked but new court exchanges reveal that this was more like 8,000 IP addresses in 120 countries.
This makes it one of the largest police operations ever conducted against a site on the darkweb pushing child abuse content, but privacy campaigners have expressed concern at some details of the operation.
There are two views on this. The first is that this was a horrible website and the users caught red-handed had all logged into it (the police could only target users who had logged in). Catching these people means using every technique available.
The second is that the FBI targeted thousands of people – including many in countries beyond the US – after obtaining a single warrant from a Virginia-based judge who, say defending attorneys, acted beyond her authority.
This matters because NIT-obtained evidence has been thrown out in four cases. However, changes to something called Rule 41 which come into force on December 1 will make it possible for judges at this level to authorise warrants, campaigners claim.
Christopher Soghoian of the American Civil Liberties Union (ACLU) told Motherboard:
“We should expect to see future operations of this scale conducted not just by the FBI, but by other federal, state and local law enforcement agencies, and we should expect to see foreign law enforcement agencies hacking individuals in the United States, too.”
Not surprisingly, this might bother some people.
The case is one part of an expanding mesh of cases where the FBI is accused of getting carried away. So far at least, the agency shows no signs of slowing down its use of NITs to peer deeper into Tor and the darkweb.
Reference Article: https://nakedsecurity.sophos.com/2016/11/28/concern-over-fbi-operation-to-catch-users-of-darkweb-site/