FBI accused of hacking more than 1,000 computers during child porn probe

The FBI secretly took control of a child porn website early last year and began infecting visitors with malware to identify roughly 1,300 individuals who had allegedly logged-on using software designed to browse the Internet anonymously, a new report has revealed.

Colin Fieman, a public defender who is representing several of the defendants accused of visiting the underground “Playpen” site while it was run by the FBI last year, told Vice’s Motherboard that the covert hacking campaign could ultimately allow federal prosecutors to pursue upwards of 1,500 criminal cases against individuals accused of having accessed what investigators called “the largest remaining known child pornography hidden service in the world.”

While information concerning the FBI’s campaign has routinely surfaced since investigators begin filing charges against alleged Playpen users last summer, court documents and conversations with those involved have unearthed new details about how authorities deployed a hacking tool known as a network investigative technique, or NIT, after seizing the server that ran the child porn site last February from a data center in North Carolina.

Although Playpen existed as a hidden service on the so-called “dark web” that required specialized software to gain access, the NIT exploited a vulnerability that allowed the FBI to see who was logging-on, even if their personal information was otherwise supposed to be obfuscated.

Hidden services normally requires visitors to download browsing software called Tor, which makes it difficult to identify users because it routes each person’s traffic through a chain of other computers across the world.

The NIT deployed by the FBI took advantage of Tor users who hadn’t updated their browser, however, and relied on a since-patched vulnerability to gain personal details about the computers that visited the site, including unique IP and MAC addresses that can often be instrumental in identifying a specific user.

“Basically, if you visited the homepage, and started to sign up for a membership, or started to log in, the warrant authorized deployment of the NIT,” Mr. Fieman told Motherboard.

Yet while persons familiar with the investigation told Motherboard that the hacking campaign has given the FBI enough fodder to pursue charges against others accused of frequenting child porn sites for the unforeseeable future, concerns are being raised about the legal justification that allowed investigators to deploy the NIT against more than a thousand computers.

“This kind of operation is simply unprecedented,” Christopher Soghoian, a principal technologist at the American Civil Liberties Union, told Motherboard. “We’re not talking about searching one or two computers. We’re talking about the government hacking thousands of computers, pursuant to a single warrant.”

Neither the FBI nor the Eastern District of Virginia magistrate who approved deployment of the hacking tool responded to Motherboard’s requests for comment ahead of publication this week.