nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

FBI's Tor pedo torpedoes torpedoed by United States judge

Need a district court warrant to infect suspects? How did the Feds NIT see that coming?

By Shaun Nichols, 21 Apr 2016

A ruling by a US federal judge could unravel as many as 1,200 criminal prosecutions of alleged pedophiles by the FBI.

Massachusetts District Court Judge William Young today declared that the magistrate judge who issued a warrant authorizing the FBI to infect suspects' PCs with tracking malware lacked the proper authority to do so.

In early 2015, the Feds had used the warrant to install a so-called NIT – a Network Investigative Technique – on the computers of people who visited a website hidden in the Tor network that hosted a huge archive of photos and videos of child sex abuse.

The agents commandeered the website's server, and before shutting it down, configured it to deliver the NIT to perverts' PCs for a couple of weeks, allowing investigators to unmask and identify the website's visitors even though they were connecting via the anonymizing Tor network. Each NIT, once in place on a computer, was able to ping an outside FBI-controlled system to reveal a suspect's true public IP address, which could be traced back to their home with their ISP's help.

Hundreds of machines visiting the hidden Playpen website were infected by the FBI's NIT. However, it turns out that the warrant was invalid, and that this mass installation and monitoring was effectively an unlawful search.

"It follows that the resulting search was conducted as though there were no warrant at all," Judge Young said in his ruling [PDF].

"Since warrantless searches are presumptively unreasonable, and the good-faith exception is inapplicable, the evidence must be excluded."

The warrant was one of three that FBI investigators used to gather evidence related to their takedown of the illegal Playpen darknet site. The site was believed to have more than 200,000 users at the time the FBI took it over and began collecting details. This, in turn, led to the identification of as many as 1,300 suspected pedophiles.

According to Judge Young, the problem with the warrant was that it was signed by a US magistrate judge, who only had the jurisdiction to authorize warrants in his local area in Virginia. Collecting evidence outside of that area, which the FBI surely did with the NIT, can only be done with the authorization of a district judge.

This is where things will be particularly frustrating for the Feds, as it turns out the federal judges – who may have been able to authorize the search – were likely just yards away when the NIT warrant was signed.

"The magistrate judge who issued this warrant sits primarily in Alexandria, Virginia," Judge Young noted, adding: "Four district judges and three senior judges sit routinely in that courthouse."

Judge Young's ruling came in response to a motion filed by Massachusetts resident Alex Levin, one of the thousand-odd people accused of viewing child pornography on the hidden Playpen site. Levin asked for evidence against him to be thrown out of his trial as a result of the dodgy warrant issued in Virginia, a request that Judge Young granted.

With hundreds of other prosecutions in the hopper, Judge Young's interpretation of events – and decision to effectively throw out evidence collected by US government malware – could land a significant blow to the FBI's campaign. ®

The Register - Independent news and views for the tech community. Part of Situation Publishing