FBI under court order to release code used to hack 1,000+ computers in child porn sting

© Pawel Kopczynski
With a special hacking tool, the Federal Bureau of Investigations not only took over operations of a child pornography site, but also located some 1,300 visitors. Now the computer code used to hunt down suspects must be released per a court order.

What the FBI has called "the largest remaining known child pornography hidden service in the world," Playpen operated in the part of cyberspace known as the Dark Web on the browser Tor where its IP address was hidden. That is, until the FBI managed to capture control of the site in February 2015 where it proceeded not to shut it down, but rather kept the illegal content up for two weeks to catch 1,300 visitors’ IP addresses, including some in Chile, Greece, and the UK.

The estimated 137 people charged thus far by the US Department of Justice could soon find out just how the FBI identified them, thanks to a court order announced Wednesday and reported by Motherboard. One defendant’s attorney persuaded a federal judge to order the release of the FBI’s entire code used in the broad sting.

Colin Fieman, a federal public defender involved in the case, told Motherboard the judge meant “everything,” the FBI used, including an exploit, or attack, on a vulnerability in the Tor browser’s security as well as a network investigative technique (NIT) hacking tool to entangle Playpen and its users.

Wednesday’s court order follows a prior limited release of the FBI’s NIT code. Last month, the Fieman’s code expert, Vlad Tsyrklevitch, reviewed the NIT code to find it lacking a section that would have confirmed its uniqueness. What’s crucial about that is the defense’s ability to show if its client, Vancouver School District employee Jay Michaud, had his computer improperly searched or additionally compromised.

“This component is essential to understanding whether there were other components that the Government caused to run on Mr. Michaud's computer, beyond the one payload that the Government has provided,” Michaud’s lawyers wrote in an earlier filing, Motherboard reported.

Whether or not the code will be publicly released remains to be seen as the FBI and defense lawyers each have made respective requests to keep sensitive documents sealed or unsealed.

The defense has also argued that the FBI was complicit in distributing, or even itself distributed, child pornography after the takeover of Playpen. However, last month a judge found the FBI’s methods did not amount to “outrageous conduct."

Full NIT disclosure is not unprecedented. In 2012, the FBI revealed details of how it seized control of three child porn sites on the Tor browser using the hacking app Metasploit after a judge warranted a malware attack on all the sites’ visitors’ computers in order to reveal their IP addresses.