FBI Tracked People Across The Dark Web

The FBI are known to by active in the digital world, having recently admitting to the use of Stingrays to monitor mobile communications and to use zero-day exploits to gain access to systems. It would now seem that there is nowhere that is safe for those who break the law as the extent of the FBI’s digital prowess is revealed by Joseph Cox of Motherboard.vice.

The FBI are reported to have hacked over a thousand computers as part of their action to help track down and identify individuals who were viewing or responsible for indecent child images on the Dark Web, a variation of the internet that is designed to be accessed through in secret using encrypted and rerouted traffic.

A bulletin board was created on the dark web in August 2014 allowing users to sign up and upload a variety of images, the site was later confirmed to be known as “Playpen”. After gaining nearly 60,000 in the first month, within a year of this, the site had exploded to include almost 215,000 posting over 117,000 posts. There was just one problem for people that wanted to use this site at this point, a month before this explosion of users, the server was obtained by law enforcement in North Carolina. This didn’t stop the service, the site was continued from a server in Virginia, one of the FBI’s servers none the less.

While the site was being run on the FBI’s servers, they used the opportunity to deploy a network investigative technique (NIT) also known as a hacking tool to the public. This tool was said to have been used in the identification of approximately 1300 IP addresses.

This is not the first time that actions of this kind have been used by law enforcement or even the FBI in particular, but it is the first time that such a large-scale has been made public. With all these actions covered under a single warrant, with no specific targets, some are even stating that this way of tracking, hacking and identifying is illegal no matter the warrant it uses.

Find below a section of the affidavit that was used in support of the search warrant application, showing just how much information going on a website could have revealed.

The basic idea behind their warrant was that if you visited the site and started to log in or even sign up it authorised the deployment of the NIT. The question is then raised that did the Judge who authorised the action knew what they were authorising, or if they were even informed about the scope and the methods that were going to be used as part of the action.

More and more the use of technology and government use of it within the real world is being questioned as practises and methods used for years are brought to light and identified as legally questionable.