Judge tosses evidence obtained by FBI malware planted on dark website

fbi-malware

A US federal judge has thrown out evidence in a child abuse imagery case obtained by the FBI’s use of a hacking tool.

Although civil libertarians have praised the judge’s ruling to suppress the evidence, the ruling doesn’t inhibit the FBI’s ability to use so-called “network investigative techniques” (NIT) to plant code (i.e., malware) on a suspect’s computer.

Instead, the judge ruled that the FBI’s NIT warrant was improperly granted by a federal magistrate judge for a case outside her jurisdiction.

The case involves a defendant, Alex Levin of Massachusetts, who allegedly visited a child abuse imagery website on the dark web in early March 2015.

The FBI had taken control of the website in February 2015 and, in an effort to identify users of the website, hosted the website from a server in Virginia for two weeks, according to the judge’s ruling:

Rather than immediately shutting it down, agents opted to run the site out of a government facility in the Eastern District of Virginia for two weeks in order to identify – and ultimately, to prosecute – users of Website A.

The FBI then obtained a warrant from a magistrate judge in Virginia granting the FBI to use an NIT to “covertly transmit code” to the defendant’s computer.

The NIT captured information from the defendant’s computer, including his IP address, allowing the FBI to pursue a warrant to search the defendant’s home and computers.

Judge William G. Young, of the US District Court of Massachusetts, ruled that the NIT warrant was granted without proper jurisdiction, and therefore the evidence seized by the FBI should be suppressed and can not be used at trial.

Christopher Soghoian, a senior technologist at the ACLU, told Motherboard that this is “the first time a court has ever suppressed anything from a government hacking operation.”

Soghoian also tweeted that the ruling could imperil the federal government’s use of evidence obtained from the use of the dark website as a “watering hole” in prosecuting a total of 1300 cases.

However, as noted by USA Today investigative reporter Brad Heath, the judge’s ruling hinged not on the legality of government hacking, but rather the type of judge granting the NIT warrant.

According to Judge Young, the FBI’s use of hacking techniques is “legitimate,” although it raises ethical and legal concerns.

In a sense, Judge Young wrote, when the FBI took control and hosted the child abuse imagery website for a period of two weeks, the government was itself distributing the imagery, “continuing harm to the victims of this hideous form of child abuse.”

Unlike other government stings, such as in drug cases where government agents buy drugs to catch the dealers, here the government was acting as the dealer, Judge Young wrote:

… here the government disseminated the child obscenity to catch the purchasers – something akin to the government itself selling drugs to make the sting.

The government’s use of NIT warrants has been challenged in other cases.

In 2013, a judge denied the government’s request for such a warrant to plant malware on a suspect’s computer because the FBI’s techniques could have ensnared innocent users of a public or shared computer.


Image of computer virus courtesy of Shutterstock.com.