As the controversy surrounding the extent of civilian surveillance conducted by government agencies continues to rage, Motherboard has released details of an “unprecedented” hacking campaign that saw the FBI spy on over 1,000 computers as part of a crackdown on child pornography. While the ultimate objective of the operation will be welcomed by many, the tactics employed have sparked a number of concerns.
The blue touch-paper for the debate over the U.S. government’s intrusion on civilians’ privacy was lit by Edward Snowden in 2013, and has never been far from the headlines since the former CIA employee leaked classified documents regarding the activities of the National Security Agency (NSA). On the one hand, these operations have been attacked for being overly-invasive, although others have pointed to the necessity of government surveillance for national security purposes.
For instance, the FBI’s use of spyware software called a computer and internet protocol address verifier (CIPAV) has enabled the bureau to thwart a number of potential attacks, and was widely reported to have played a vital role in tracking bomb threats sent to a Washington state high school in 2007. However, the scale of the latest campaign far exceeds all previous known surveillance operations.
The campaign was designed to catch users of a child pornography website called Playpen, which launched in 2014 using Tor software. This supposedly enables anonymous communication by diverting internet traffic through a complicated network of global relays, making users untraceable. However, in February 2015, law enforcement officials seized the computer server that was running the site in Lenoir, North Carolina.
Rather than shutting down the site, the FBI took over the server and allowed it to continue running, while implementing a hacking tool known as a network investigative technique (NIT). The bureau did so after obtaining a warrant for the NIT, the precise details of which have not made public. However, Christopher Soghoian, principal technologist at the American Civil Liberties Union, told Motherboard that the nature of the permit would have resulted in “the government hacking thousands of computers, pursuant to a single warrant.”
The exact specifications of the NIT used by the FBI are not known, although court documents reviewed by Motherboard have revealed that the software enabled the bureau to obtain information such as users’ IP address, operating system username, Mac address and Host Name.
These documents indicate that “approximately 1,300 true internet protocol (IP) addresses were identified,” although federal public defender Colin Fieman told Motherboard that the number may in fact be higher than 1,500.
Several Playpen users have been criminally charged as a direct result of this operation, indicating the potential of this type of spyware to help the authorities clamp down on child pornography. However, it has also attracted critics, with Soghoian pointing out that the episode marks a “scary new frontier of surveillance.”