Agence France-Presse/Getty Images
A view of the J. Edgar Hoover Building, the headquarters for the Federal Bureau of Investigation in Washington, DC.
Law-enforcement officials in the U.S. are expanding the use of tools routinely used by computer hackers to gather information on suspects, bringing the criminal wiretap into the cyber age.
Federal agencies have largely kept quiet about these capabilities, but court documents and interviews with people involved in the programs provide new details about the hacking tools, including spyware delivered to computers and phones through email or Web links—techniques more commonly associated with attacks by criminals.
Law-enforcement officials in the U.S. are expanding the use of tools routinely used by computer hackers to gather information on suspects, bringing the criminal wiretap into the cyber age. Danny Yadron explains on Digits. Photo: Getty Images.
People familiar with the Federal Bureau of Investigation's programs say that the use of hacking tools under court orders has grown as agents seek to keep up with suspects who use new communications technology, including some types of online chat and encryption tools. The use of such communications, which can't be wiretapped like a phone, is called "going dark" among law enforcement.
A spokeswoman for the FBI declined to comment.
The FBI develops some hacking tools internally and purchases others from the private sector. With such technology, the bureau can remotely activate the microphones in phones running GoogleInc.'s GOOG +0.45% Android software to record conversations, one former U.S. official said. It can do the same to microphones in laptops without the user knowing, the person said. Google declined to comment.
The bureau typically uses hacking in cases involving organized crime, child pornography or counterterrorism, a former U.S. official said. It is loath to use these tools when investigating hackers, out of fear the suspect will discover and publicize the technique, the person said.
The FBI has been developing hacking tools for more than a decade, but rarely discloses its techniques publicly in legal cases.
Related
Earlier this year, a federal warrant application in a Texas identity-theft case sought to use software to extract files and covertly take photos using a computer's camera, according to court documents. The judge denied the application, saying, among other things, that he wanted more information on how data collected from the computer would be minimized to remove information on innocent people.
Since at least 2005, the FBI has been using "web bugs" that can gather a computer's Internet address, lists of programs running and other data, according to documents disclosed in 2011. The FBI used that type of tool in 2007 to trace a person who was eventually convicted of emailing bomb threats in Washington state, for example.
The FBI "hires people who have hacking skill, and they purchase tools that are capable of doing these things," said a former official in the agency's cyber division. The tools are used when other surveillance methods won't work: "When you do, it's because you don't have any other choice," the official said.
Surveillance technologies are coming under increased scrutiny after disclosures about data collection by the National Security Agency. The NSA gathers bulk data on millions of Americans, but former U.S. officials say law-enforcement hacking is targeted at very specific cases and used sparingly.
Still, civil-liberties advocates say there should be clear legal guidelines to ensure hacking tools aren't misused. "People should understand that local cops are going to be hacking into surveillance targets," said Christopher Soghoian, principal technologist at the American Civil Liberties Union. "We should have a debate about that."
Mr. Soghoian, who is presenting on the topic Friday at the DefCon hacking conference in Las Vegas, said information about the practice is slipping out as a small industry has emerged to sell hacking tools to law enforcement. He has found posts and resumes on social networks in which people discuss their work at private companies helping the FBI with surveillance.
A search warrant would be required to get content such as files from a suspect's computer, said Mark Eckenwiler, a senior counsel at Perkins Coie LLP who until December was the Justice Department's primary authority on federal criminal surveillance law. Continuing surveillance would necessitate an even stricter standard, the kind used to grant wiretaps.
But if the software gathers only communications-routing "metadata"—like Internet protocol addresses or the "to" and "from" lines in emails—a court order under a lower standard might suffice if the program is delivered remotely, such as through an Internet link, he said. That is because nobody is physically touching the suspect's property, he added.
An official at the Justice Department said it determines what legal authority to seek for such surveillance "on a case-by-case basis." But the official added that the department's approach is exemplified by the 2007 Washington bomb-threat case, in which the government sought a warrant even though no agents touched the computer and the spyware gathered only metadata.
In 2001, the FBI faced criticism from civil-liberties advocates for declining to disclose how it installed a program to record the keystrokes on the computer of mobster Nicodemo Scarfo Jr. to capture a password he was using to encrypt a document. He was eventually convicted.
A group at the FBI called the Remote Operations Unit takes a leading role in the bureau's hacking efforts, according to former officials.
Officers often install surveillance tools on computers remotely, using a document or link that loads software when the person clicks or views it. In some cases, the government has secretly gained physical access to suspects' machines and installed malicious software using a thumb drive, a former U.S. official said.
The bureau has controls to ensure only "relevant data" are scooped up, the person said. A screening team goes through all of the data pulled from the hack to determine what is relevant, then hands off that material to the case team and stops working on the case.
The FBI employs a number of hackers who write custom surveillance software, and also buys software from the private sector, former U.S. officials said.
Italian company HackingTeam SRL opened a sales office in Annapolis, Md., more than a year ago to target North and South America. HackingTeam provides software that can extract information from phones and computers and send it back to a monitoring system. The company declined to disclose its clients or say whether any are in the U.S.
U.K.-based Gamma International offers computer exploits, which take advantage of holes in software to deliver spying tools, according to people familiar with the company. Gamma has marketed "0 day exploits"—meaning that the software maker doesn't yet know about the security hole—for software including Microsoft Corp.'s Internet Explorer, those people said. Gamma, which has marketed its products in the U.S., didn't respond to requests for comment, nor did Microsoft.
Fed Activate Smartphone Microphones and Laptop Cameras
The federal government is remotely activating the microphones and cameras in Android smartphones and Windows laptops, according to a report published by the Wall Street Journal.
Citing a “former US official,” the Journal says court documents reveal that that the FBI is using a variety of “hacking” tools to ramp up the scope of the surveillance of millions of Americans, keeping many unwittingly under the watchful eye of Washington.
When contacted by The New American, a media spokesperson for Google had no comment.
One of the Journal's anonymous sources described a part of the FBI called the "Remote Operations Unit." Agents in this specialized unit prefer, if possible, to install the remote control software by uploading to the target’s computer using a USB flash drive. When the g-men-come-hackers can’t get access to the target’s computer, they install the surveillance software over the Internet “using a document or link that loads software when the person clicks or views it."
Readers should understand that it is not only possible for the federal government to listen to your conversations using the microphone in your Android smartphone and watch you while you sit in your own home on your own computer, but they do so regularly and can do so very easily.
Purportedly, the FBI has been using these methods of surveillance “for over a decade,” but their use has come to light only recently by way of “court documents and interviews” with people familiar with the programs.
The Journal relates one such document that shed light on the computer and cellphone hacking methods used by the federal government:
Earlier this year, a federal warrant application in a Texas identity-theft case sought to use software to extract files and covertly take photos using a computer's camera, according to court documents. The judge denied the application, saying, among other things, that he wanted more information on how data collected from the computer would be minimized to remove information on innocent people.
This frightening remote control of computers and cellphones by federal agents is nothing new, however.
Just over a year ago, the Ninth Circuit of Appeals ruled federal snoops may use a cellphone as a microphone and record the conversations overheard even when the phone itself is not being used otherwise.
This baffling bit of judicial lawmaking came as part of the decision in the case of the United States v. Oliva, 2012 WL 2948542 (9th Cir. July 20, 2012).
For a bit of background, Oliva was convicted by a jury of drug-related crimes involving the distribution of methamphetamine, cocaine, and marijuana. He appealed a decision by a district court denying his motion to suppress evidence obtained from a series of electronic surveillance orders authorizing interception of communications over cellular phones associated with him and his alleged co-conspirators.
Oliva argued that the orders authorizing these wiretaps were not standard intercept orders and did not meet the “specificity” requirement of the applicable federal law.
In its decision, the Ninth Circuit has upheld the lower court’s ruling, essentially allowing the federal government to convert cellphones into “roving bugs” so long as the government makes it clear that it will be using the target’s cellphone in that manner. Notice, the Ninth Circuit — a court created under the authority granted to Congress in Article III of the Constitution — did not throw out the matter as a violation of the defendant’s Fourth Amendment right against “unreasonable searches and seizures.” Instead, it simply informed the government that it needs to get permission before doing so.
There are, of course, far-reaching implications of such a decision. As we reported last summer, a person will not know, and perhaps will never know, if he has been the target of surveillance on the part of the domestic spying apparatus. Assuming, as many a savvy American would, that the federal government is liable to eventually want to monitor and record your personal electronic communication, is there not an expectation that when the cellphone is off the surveillance is suspended?
Not anymore. In the wake of the Ninth Circuit’s ruling in Oliva and in light of the testimony of the insiders interviewed by the Wall Street Journal, “roving bugs” have apparently become a potent weapon in the already impressive arsenal of the branches of the surveillance state.
Some of the dictum in the Oliva decision is almost as disturbing as the ruling itself. For example, in one part of its discussion of the various technological tools available to federal agents, the court describes how one such advance allows the agents to remotely upload software into a target’s cellphone that converts it into the “roving bug” mentioned above. Again, this sort of power is undoubtedly only the tip of the surveillance iceberg.
A person’s expectation of privacy when sitting at home talking to a friend is ridiculous in the face of the judicially upheld fact that government snoops may now use powerful surveillance technology to use your idle mobile phone as a very active mobile microphone or to use a laptop’s built-in camera to take pictures of any American at any time for any reason.
Now that it is indisputable that the courts, Congress, and the president have formed an unholy alliance bent on obliterating the Constitution and establishing a country where every citizen is a suspect and is perpetually under the never-blinking eye of the government, it would be well to remember the words written by Alexander Hamilton in The Federalist, No. 33. In that letter, Hamilton explained that acts of the federal government exceeding its constitutional powers and violating the inherent rights of the people are not law, but are “merely acts of usurpation, and will deserve to be treated as such.”
The Intercept: The Secret Surveillance Catalogue
Concerned about the militarization of law enforcement, a source within the intelligence community has provided The Intercept with a secret, internal U.S. government catalogue of dozens of cellphone surveillance devices used by the military and by intelligence agencies. Some of the devices are already in use by federal law enforcement and local police forces domestically, and civil liberties advocates believe others will eventually find their way into use inside the U.S. This product catalogue provides rare insight into the current spy capabilities of local law enforcement and offers a preview of the future of mass surveillance of mobile communications.
The product descriptions contained in this catalogue were taken verbatim from the text of the original government documents and may include typos and other errors.
This comment has been removed by a blog administrator.
ReplyDeleteAlways so interesting to visit your site.What a great info, thank you for sharing. this will help meso much in my learning
ReplyDeleteVery nice blog and articles. I am realy very happy to visit your blog. Now I am found which I actually want. I check your blog everyday and try to learn something from your blog. Thank you and waiting for your new post.
ReplyDelete