AV-Portal 3.23.3 (4dfb8a34932102951b25870966c61d06d6b97156)

Law Enforcement Are Hacking the Planet

Video in TIB AV-Portal: Law Enforcement Are Hacking the Planet

Formal Metadata

Law Enforcement Are Hacking the Planet
How the FBI and local cops are hacking computers outside of their jurisdiction.
Title of Series
CC Attribution 4.0 International:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Release Date

Content Metadata

Subject Area
In early 2015, the Federal Bureau of Investigation hacked computers in Austria, Denmark, Chile, Colombia, Greece, and likely the United Kingdom and Turkey too. In all, the agency used a Tor Browser exploit to target over 4000 computers spread across the world based on a single, arguably illegal warrant.
Keywords Ethics, Society & Politics
Avatar (2009 film) Motherboard Digitizing Quicksort Local ring Information security Twitter
Trail Building Malware Structural load Flow separation Neuroinformatik
Multiplication sign Forcing (mathematics) Moment (mathematics) Source code Physical law Mereology Exploit (computer security) Neuroinformatik Maize Personal digital assistant Operator (mathematics) Normal (geometry) Whiteboard Local ring
Military operation Operator (mathematics) Computer worm Exploit (computer security)
Web 2.0 Uniform resource locator Server (computing) Arithmetic mean Service (economics) Software Military operation Real number Computer worm IP address
Intelligent Network Point (geometry) Server (computing) Game controller Channel capacity System administrator Dressing (medical) Web 2.0 Average Data center Website Quicksort Address space
Intelligent Network
Operations research Game controller Server (computing) Sheaf (mathematics) Computer Flow separation Neuroinformatik Uniform resource locator Web 2.0 Software Videoconferencing Website Website
Code Shared memory Web browser Vulnerability (computing)
Web page Server (computing) Inheritance (object-oriented programming) Code Structural load Uniqueness quantification Multiplication sign Virtual machine Horizon Sheaf (mathematics) IP address Computer Number Software Personal digital assistant Series (mathematics) Uniqueness quantification Normal (geometry) Website Computer worm Address space Address space
IP Common Language Infrastructure Bit rate Multiplication sign Internet service provider Website Computer network Content (media) Address space
Dialect Presentation of a group Greatest element Expert system Content (media) IP address Military operation Operator (mathematics) Personal digital assistant Uniqueness quantification Website System identification Operations research Service (economics) Link (knot theory) File format Video tracking State of matter System administrator Code Computer Correlation and dependence Complete metric space Virtual machine Personal digital assistant Convex hull Force Address space
Group action Presentation of a group Hypermedia Server (computing) Operator (mathematics) Menu (computing) Mereology IP address Traffic reporting Local ring Neuroinformatik Personal area network
Operations research Sample (statistics) Information Telecommunication Operator (mathematics) Mereology Volume Resultant Neuroinformatik
Rule of inference Satellite Hacker (term) Internet service provider Information Mereology Neuroinformatik
Trail Hacker (term) Personal digital assistant 40 (number) Remote procedure call Rule of inference Exception handling
Dependent and independent variables State of matter Computer Computer network Cartesian coordinate system Computer Area Neuroinformatik Mathematics Sign (mathematics) Fluid statics Hacker (term) Personal digital assistant Computer worm Information Office suite Message passing
Turtle graphics Connectivity (graph theory) 40 (number) Decision theory Computer Computer network Bit Client (computing) Rule of inference IP address Computer Personal digital assistant Operator (mathematics) Personal digital assistant Authorization Computer worm Information Office suite Figurate number Message passing Row (database)
Mathematics Hacker (term) Operator (mathematics) Strut Moment (mathematics) Similarity (geometry) Computer worm Quicksort Computer-assisted translation IP address
Rule of inference 40 (number) Multiplication sign Physical law Angle Parameter (computer programming) Mereology Rule of inference Neuroinformatik Sound effect Mathematics Military operation Operator (mathematics) Hill differential equation Hacker (term) Proxy server Row (database) Address space
Multiplication sign Sheaf (mathematics) Formal language Formal language Neuroinformatik Malware Googol Different (Kate Ryan album) Term (mathematics) Military operation Internet service provider Website Computer worm Quicksort Office suite Website
Military base 40 (number) Forcing (mathematics) System administrator 1 (number) Exploit (computer security) IP address Formal language Computer Neuroinformatik Web 2.0 Malware Different (Kate Ryan album) Operator (mathematics) Statement (computer science) Website Quicksort Local ring Active contour model Task (computing)
Service (economics) Link (knot theory) Computer file Information Real number Virtual machine Sound effect Motion capture Web browser Neuroinformatik Word Hacker (term) Videoconferencing Website Quicksort Website Videoconferencing Exception handling
Sheaf (mathematics) Password Mereology Rule of inference IP address Uniform resource locator Mathematics Malware Causality Computer worm System identification Website Scalable Coherent Interface Source code Raw image format Service (economics) System administrator Computer Type theory Software Internet forum Universe (mathematics) Interface (computing) Website Quicksort Hacker (term) Address space
Source code Computer icon Service (economics) Context awareness Information Sheaf (mathematics) Password Database transaction Web 2.0 Uniform resource locator Latent heat Malware Internet forum Sheaf (mathematics) Phase transition Interface (computing) Website Computer worm System identification Website Form (programming) Address space Scalable Coherent Interface
Email Queue (abstract data type) Cartesian closed category Twitter
Covering space Explosion Email Group action Arithmetic mean Inheritance (object-oriented programming) Forcing (mathematics) Moment (mathematics) Sheaf (mathematics) Cartesian closed category Website Twitter
Point (geometry) Email Code View (database) Physical law Maxima and minima Disk read-and-write head Exploit (computer security) Twitter Neuroinformatik Cartesian closed category Self-organization Quicksort
Standard deviation Process (computing) Profil (magazine) Physical law Order (biology) Website Dressing (medical) Number Neuroinformatik
Intelligent Network Email Block (periodic table) Multiplication sign Mathematical analysis Maxima and minima Mass Rule of inference IP address Twitter Number Web 2.0 Cross-correlation Process (computing) Computer configuration Single-precision floating-point format Queue (abstract data type) Cartesian closed category Website Office suite Quicksort Intercept theorem Traffic reporting
Ramification Email 40 (number) Planning Mass Multilateration Mereology Rule of inference IP address Twitter Mathematics Arithmetic mean Exterior algebra Hacker (term) Cartesian closed category Quicksort Local ring
Hypermedia Median Cartesian closed category Integrated development environment
of the. a i. i thought to be called long forsman are acting the planet but they just have cox joseph is an investigative journalist for vices motherboard covering actors data breaches digital security what i went to check them out look at his twitter account i discovered i already follow him highway which is funny. a sort of was from a little anecdote about the modern world i recognize his avatar immediately but not his name i said just something about how we live these days they were no further ado joseph like to colombia. actually i.
how would you react if the f.b.i. came over from the united states came to germany went to an apartment and say hamburg kick down the door and then started searching the apartment.
that have been invited by german law enforcement the acting on their own accord.
but then sees a load of evidence and go back to the states. you might think this isn't a great thing i mean what does the f.b.i. has to do coming soon of country and a session buildings or resting suspects.
but the searching this essentially what the f.b.i. is doing but digitally with malware and tracking tools reaching into computers in other countries extracting evidence from them and i'm sending them back to a government several virginia wherever it maybe.
to clear we're not talking about a normal intelligence agency here like the n.s.a. a g c h q they're going to have computers internationally all the time as part of espionage expects that maybe that's a good thing he were talking about an agency was predominantly folks law enforcement. hacking to countries that happened to computers and other countries as part of criminal investigations. longer talk about one f.b.i. case in particular briefly touched upon another one and then just explain the operation was led by local australian laura forsman which hacked computers that in the united states. but at the moment typically the source investigations have done to counter the child sexual exploitation of child abuse on the docket. just about me briefly journalists from other boards mentioned which is the technology and science part of ice pack is cybercrime the doctor truck traits of stuff like silk road all the usual stuff at move for the past year but the really interested in law or force.
its international the use of marijuana which brings us to. operation pacifier the f.b.i. is not very good and naming it's a child's actually the exploitation investigations.
so in august twenty four team a new doc web child abuse are just launched a playpen was tortured and service meaning that the majority of people to connect to it would do so to over the top women to network masking the real ip address. but because it ran is a in service the physical location of the server itself was also protected and meaning the the f b i couldn't just go immediately subpoena the hosting company or sees the server whatever may be because they didn't know where it was.
a few months pass and playpen is of really really big deal is the largest shopping locally site on the dock web two hundred fifteen thousand members one hundred seventeen thousand posts and on average eleven thousand unique people visiting every.
the week if the ice traffic away in the acting in the undercover capacity on the site is more forceful often do with the sort of in services. but one point a foreign law enforcement agency when we don't know which won. why did the real i p address off the plate and server to the f.b.i.. it turned out the playpens administrator has now been convicted or steven chase he missed can think it is server so the real like a dress was was exposed to normal into it so if every twenty fifteen the f.b.i. go to the north carolina data center bases the server and they take control of them plate that.
just as a side note the stephen chase even a stranger he had paid for the hosting. viral pay pal account in his own name so was incredibly easy to convict you going to run in the legal talk in service don't use pay pal. this would happen to you.
and so even though the f.b.i. is in control of the site they can see what people are doing what videos that watching as mentioned they can see where these people coming from the confidence five. something enough away and what they decide to do is hacked the computers of individual users.
the same mowbray shortly after the f.b.i. sees a server they start to run it from a government facility in virginia to the site is fully functioning except one section. that encourage people to produce more child porn is still a fully functional website the they run that and the f.b.i. deploys what it calls a network invest his technique n n i t one it or what we would probably just call a piece of metal. in short and this is a really really basic overview than it just did several things first somebody will log in to play paneling go visit a specific chop formulated for him to the exploit is an automatic lead to live into their computer this exploit certainly affected him.
and the underlying probability certainly affected the top browser we don't know if it affected him mozilla firefox as many as two of you will know torres's of the base of firefox the share much the same code base but we don't actually know much about the vulnerability of six which tool.
i'm with that we know is that used a norm publicly known them ability. and then when the export is delivered to address the code causes the target machine to phone home outside of the toll network to a government server and now the f.b.i. has a real like it. armed with that the f.b.i. just goes to the i.s.p. comcast horizon gets a name subscriber details and address kicked out the door arrests the person has not happened and presumably and in many many of the cases if not all of them find a load of child porn on the suspects mush. c.
but that's not everything the f.b.i. collectives with that knit it also got a username the hosts name the mac address and he also generated a unique code parent a unique infection i think that you could then use to correlate activity on the site with a pages. and we just remember this whole time the f.b.i. could see what people doing on the site also use a gym he went on to this section of the site and looked at this fred now we have is ip address we can link it to that the.
so if bush f.b.i. deploy says matt were thirteen days that runs the site over that amount of time hundred thousand users looking to play piano which as you notice is a lot more than eleven thousand which was apparently the average locking rate for some reason the site became a lot more popular.
when the f.b.i. was really. the room you can infer we want from the. so in the us the f.b.i. gets around one thousand three hundred ip addresses of u.s. uses the site. europol say they generated three thousand two hundred and twenty nine cases have highlighted that it's in the middle column at the bottom and thirty four of those were in denmark this is a presentation i just found alive when i found out he was called operation pacifier i search that file type p.d.f. and some.
one from law enforcement left this online so those completed.
austria staying this part of the world's think this is a letter from an m.p. to a group politicians just talking about the country's child porn investigations and it mentions racial pacifier and fifty ip addresses so the f.b.i. hacked at least fifty computers in austria.
latin america as well again this another presentation i found online law enforcement really really sloppy just leaving all the stuff alive which is great. you can just the operation classified there that's but surely it was a local media reports that just said pacifier play pan cha paula rest so it was pretty easy to have the.
the computers were hacked bears well. australia have this is part of a freedom of information request a major of the australian federal police asking for documents and communications about racial pacify this isn't actually the results of the requests this is them saying hey we have too much stuff an operation classifies we can give it to your.
which obviously already gave me enough information to confirm the pacifier has strayed there as well.
anyway get the idea from not just a little these countries our part from the uk in turkey would probably have asked as well but it turns out the f.b.i. had computers in many many more countries and this just came out an end the last month i think in total the f.b.i. hack.
that's eight thousand seven hundred computers and the hundred twenty countries. eight thousand seven hundred computers the hundred twenty countries with juan warrant. and as arguably that war was illegal. but we have to battle that to see what those.
prior to the u.s. has something called the rule forty one which dictates when a judge can all fries searches including remote searches so hacking.
a judge can only authorized to search within his or her own district so if the judges in the western district of washington he or she can only sign of war and this can search stuff with in that district. a few exceptions i think terrorism. and if there's a tracking device in the person moves out of staters still ok. well in the case a playpen judge to reserve buchanan was in the eastern district of the junior as you can see the top clearly.
the vast majority computers were not in the eastern district of virginity. the search war application which is that document at the f.b.i. percent to a judge say hey his own reasons please sign a search warrant. it said the what was going to be searched with computers looking into playpen wherever located as.
is pretty debatable how explicit that is i mean the f.b.i. did not write hey we're going to hack into computers no matter what state the rain what country they are in anything like that i'm going to happen to them would have his office he never ever using the i'm search warrant occasion some of that in mind it's kind of unclear if. the judge reason we can and will actually understood that she was signing a global hacking warrants out this isn't to castigate the judge at all it's more the these warrants applications are very explicit. and it's still unclear because just became in response to my request to come. the question what.
so whether operation pacifier violated rule forty one has probably been the central component of a legal cases that came out after the f.b.i. suggesting people defense lawyers have brought up saying hey this judge did not have authority you know only to frighten the evidence against my client.
according to the most recent figures in this might be very slightly out of date twenty one decisions have found the operation did violate rule forty will out of those judges and four cases have thrown out all evidence obtained by the f.b.i. smile or so that office think lose them a bit of evidence which the ip address. but then also everything that came after that i mean the only reason the f.b.i. found shop all peoples devices is because the ip address let them that so all that child porn was also struck from the record as well and those people are essentially free bar the huge a appeals which are ago.
when the people based outside the united states have similar sort of defence is kind of clear at the moment or the ip address could fall under something like the third by third party doctrine where as in if there's a german suspect. and they try to challenge the legality of the search the german police may say hey look we didn't do the hacking we just given a psychic just by for a party and then the defense might not have much like to stand up but i do know of one lawyer in the country outside the us who is going to challenge to the galaxy off. packing operation countryside where he is right now because they're still sorting out but that's going to be really interesting when that happens hoping the new year.
so forget everything i just talked about will force one because doesn't matter it will believe this month changes to all forty one came into place meaning the judges now cat offer i search is outside the district.
so if the playpen war was signed today it probably would not violate rule forty one and the f.b.i. will have done anything wrong with a d.j. went on the front row. i just want to emphasize that these changes the wall forty won came about in part specifically because of the problem that anonymity networks and talk present to law enforcement it's not like operation pacify was over the f.b.i. doing his thing and a d.j. was sorting out these were forty one changes the changes have come specifically in response. yes. criminal investigations on the so-called i'm dock well. if it's just a year at the justice department quota we believe technology should not create a lawless so in merely because a procedural rule has not kept up the times their argument is that the rule forty one is basically an antique and they need change of was to keep up with criminals are you. doing stuff like tall repealed. so that was pacify the largest law for some have to operation to date that we know about just very briefly in your talk about another f.b.i. one where they likely hacked into computers abroad this one school torpedo which is even worse in operation pacifier when it comes to him shop or legs.
so in twenty twelve or twenty for team at the f.b.i. take a freedom posting which is sort of the current turnkey hosting provider you sign up to service the hosts you'll dock website it doesn't matter if it's legal whatever. the f.b.i. sees it they deploy n.i.t. again a piece of malware and this time the f.b.i. trying to identify users of twenty three different term child pornography sites in the war and publication there's a section specifically about hungarian language site and.
even the f.b.i. officer i think it's f.b.i. writing it says all if you put this into google translate it means this is hungarian global glut. as mentioned in the playpen example the f.b.i. did not know where the computers that they were going to hack with located this is an interesting case because i'm going to guess that a lot of the uses of a hungarian language site are probably in hungary i'm so the f.b.i. might have some why did they were going to have computers that did the f.b.i..
they warn hungarian law enforcement did they get permission of the hungarian forty's to have computers in that country. don't know yet and i somehow doubt. and just finally get some cute.
not just the f.b.i. using happen tools to target suspected the seas a local australian police department queensland police has a specialized task force for child sexual exploitation that task force august.
and they were the ones that let the operation was any sort of the official statement from queens and policing hey look we must all of these criminals in the us it was only by piecing together pretty spread out us court documents that i could map the contours of this backing. one that everyone kind of want to keep quiet about so in twenty fourteen task force august take over another duck web child porn site called love so they run it not for thirteen day for the f.b.i. for but for six months posing as the site's administrator day. for a arrested. according to one document not this one the australians obtained at least thirty ip addresses of us bases of the site i don't know about other countries yet it's only for these us court documents like we have to figure this out and the way they did it was i'm pretty different.
to the f.b.i. what they would do as they would send a link to a suspect for a video file. the suspect would click the link they will get a warning saying warning you are opening a file on external sites you want to continue something to that effect. if the person ignore the warning one click yes a video of real child pornography played on the suspects machine and in that video phone home to australian service. i mean you can debate whether this is hacking or not mean the f.b.i. one clearly as of delivering the top browser exploit with malware exception or is this hacking i would say so if we think that fishing for government e-mails hacking shore but that's kind of the trivial debate anyway the real debate is was this a search in the legal some. most of the word did the australians obtain information from a private place namely a private computer in a private residence and didn't get a search want to do that and again we don't know because i want to.
so clearly that was all about child abuse and topalov investigations in so far this sort of international hacking as far as we know as far as i know has only been used for those also investigations.
that's the future we've rule forty won the changes there we could presumably see it to go to other types of destinations may be dock where drug markets plenty of these markets have dedicated vendor only sections that you can only log into if you are a drug dealer on the site.
i mean here this isn't from the n.y.t. oram our investigation this is when conaty mellon university attack the top network obtained ip addresses and gave those what was subpoenaed for those who gave him to the f.b.i. but the key part is that in this search warrant it's saying hey that was probable cause because this. that was looking into the drug dealer only section of so crow to so we have reason to raise hell i can easily see this sort of section being about where warrant or i t warrant as well and i suppose the m d of a more obvious example if it hasn't happened already is pushing a piece of malware.
to hack suspects internationally on a jihad the form maybe in the ministry to a moderate a section so you know you're going to be targeting high ranking members of the form. me i personally don't know that would be the f.b.i. or another agency doing that. but that's clearly somewhere web now i could use the international of context. but apart from predicting where this might go i mean clearly this is going to continue just a few weeks ago there was a firefox zero day out in the wild me my colleague lorenzo tracked it back to a specific child porn site in the dock web where that no date had been deployed to this is an active phase.
but this is still going. i'm and that's a just lasting if you have any documents data information tips on f.b.i. malware nor for some out where he's using it who's buying it how the using your these my various contact charles thanks to the house.
a. they could use of the queue.
any questions from the audience. we got one for. but thanks for the top really nice question you've presented some pretty illegal things on both sides on known.
pornography and all those things and on the are low in force or site now a question is did you intentionally. nation those really legal aspects like chuck pornography to justify the actions of the of the have been in the wake of the mean to die a specific least speak about child pornography. to justify the f.b.i. sections its know this is just.
i mean child pornography child successfully taishan is where law enforcement are using the really cool stuff this is where they using the top resurrects places were using their five folks there are days and i just attracted to where the north where the cops doing interesting things so if it was it was on drug markets i cover that. well at the moment at least to my knowledge is just localized to i'm the chopper locally investigations presumably because law enforcement feel like not many people can argue with them with may be doing a legal search for child porn because everybody finds that crime that parent that that's just how this is the main killer. let me through that do feel it's justified for them to use explodes i feel is just five twenty's exploits i don't think there's anything intrinsically wrong with nor for snacking and i.
even though child pornography is an absolutely disgusting crime and i can't find it obviously any way to justify it i also won law enforcement to follow the law on to respect the law as well. i have huge have.
the other questions anybody from higher sea. the. research into their own five died while well i want to go against probably the same question whether it's to be used from the moral point of view. i knew already answer to that you don't see the abuses understand right as the legislation can be questioned and should be rearranged there is not much had to call this question whether does should be done or not but value of are at the topic for a while to have any other proposals cold drizzle this issue may be our. brinkley from the technical point of view shop. just before us that just make a dime and like a journalist not an activist or technologist i don't think we'll be right for me to say this is how we should combat this i'm just saying hey that's where the f.b.i. did on that so fake to answer the question i think mozilla and tall. all have been working on the way to stop this sort of the the an organization attack that when the f.b.i. which hit a computer so with their exploits in the nit code would deploy that's not enough in really come into the technical details of the top my head but there is an article online that i.
i wrote then they would have then have to break out the sandbox as well more to answer the question generally that our technological solutions that people are making here and they could be live pretty soon then was the f.b.i. going to do after that they're not going to stop making now where they can do well to play in it that with them rummage through you. computer and find creative documents and then phoned home if they can get you realize the dress they going to get evidence summer. the number one was up next to the joys of hang ups.
in your background research on law enforcement using technology like this to target child porn sites so your profile the f.b.i. and how they may have screwed around some of the letter of the law and order to get on the job needed to get done by there are other long for some agencies that you found that are kind of like a gold standard in their approach to.
solving this problem that abide by the rules and maybe solve this problem a different way when you say i'm so the question was of their of a lawful since agencies who may be better all the same sort of stands as the f.b.i. this problem when you say this problem mean combating shop on the docket it clearly something needs to be done about these sites and is limited. the number of options available and i mean so the f.b.i. is kind of. i stood out and tried every single piece of technology can dissolve it but are there are others that maybe take a more restrained approach but still solve the problem. when it specifically comes to malware i haven't seen much in the wild all publicly but in the uk g c h q the country signals intelligence agency has said the report said. it is using them bulk interception so tch queues a massive aims capabilities to do traffic correlation attacks they can then a mosque dock web users and in service ip addresses that's not malware but that is an extreme you serve for. technological capability i guess and yet we could definitely more that i'm thinking the report the home office said the g c h q it got something like fifty individuals in the past eighteen months through block traffic analysis. that's not matter whether yet that's where the stuff you go to school thanks to the new one last question will be number four were here i am i was wondering because you mention bulk analysis which i consider to be significantly worse than target analysis in the way that it invites everybody's liberties.
more than specific individuals who are definitely engaging in criminal activity. and so why is it you feel that the as some kind of violation might these people they need to find these criminals and the job jurisdiction needs to be significantly wider and i understand that it's terrible that hacking as resume time these people need to be caught so how can a make. in that able to find these people legally. when it's an outside the jurisdiction and they might be targeting people if they're doing a drug now on a website by your example they going to him people that are not in a country that can limited to the people that run the country and only help those people it's technically impossible so what's the solution for this move.
so i move some senses in the us to propose to stop mass hacking act which would have blocked of rule forty one changes it was unsuccessful and in part this is just my personal opinion i think it's because they didn't present a viable alternative i mean as you say these people need to be course. i mean that's sort of thing but when the senators said yeah we need to stop all this global hacking there was no alternative presented so we don't know basically. as for legislative changes i think it's small the how it's less that hey here's a concrete wall rule that we need to fix right now it's more like there is a looming issue of what happens when the f.b.i. packs a child pornographers in russia or one of happens to be a politician enough.
the country they still going to go and then go to local law enforcement hey we got this ip address of one of your senior politicians who happens to be looking at a child porn me what the ramifications of that going to be but to answer your question we don't really know it's more just looming issue that law enforcement of firing now and ask questions later. thank you so much going on plans for jews cox.
the g.
in it.