The FBI hacked into more than 8,000 computers in 120 countries during an investigation into a child pornography website with just one warrant, a court hearing transcript has shown. It represents the largest known law enforcement hacking campaign to date.
The hacking centers around an FBI investigation in February 2015, in which the bureau seized the Playpen child pornography website and ran it from a government server for 13 days. It used a piece of malware known as a network investigative technique (NIT) to break into the computer of anyone who visited certain child pornography threads on the website. It then sent the suspects’ IP addresses back to the FBI.
Over the past year, Motherboard has found that the FBI hacked computers in Australia, Austria, Chile, Colombia, Denmark, Greece, and likely the UK, Turkey, and Norway during the investigation.
However, the new transcript from a related case shows that the bureau’s campaign was far larger than previously believed, and that the FBI actually hacked into more than 8,000 computers in 120 different countries.
“The fact that a single magistrate judge could authorize the FBI to hack 8,000 people in 120 countries is truly terrifying,” Christopher Soghoian, a principal technologist at the American Civil Liberties Union (ACLU) who has testified for the defense in Playpen cases, told Motherboard.
The hacking campaign is believed to be the largest ever to be conducted by law enforcement officials.
“We have never, in our nation’s history as far as I can tell, seen a warrant so utterly sweeping,” federal public defender Colin Fieman said in a hearing at the end of October, according to the transcript. The attorney is representing several defendants connected to the child pornography investigation.
It appears, however, that the magistrate judge did not actually have jurisdiction to issue such a sweeping warrant. According to a filing from the Department of Justice, 14 court decisions have found that the warrant granted by Judge Theresa C. Buchanan in the Eastern District of Virginia was not properly issued under Rule 41 of the Federal Rules of Criminal Procedure, which determines how search warrants can be authorized.
Although such mass hacking techniques are believed to have so far been limited to child pornography investigations, critics are concerned US authorities will use the changes to Rule 41 to expand the practice to other crimes.
full story in RT.com