FBI may have used mass malware in dark web child porn bust

© Zachary Fagenson
The FBI’s prolific 2013 attack on dark web servers that hosted child pornography was seen by many as a win. However, unsealed documents show the FBI may have taken some massive liberties with its warrants for dark web service TorMail.

In 2013, the FBI was given a warrant to hack 300 users of TorMail. The agency used a type of malware known as a network investigative technique (NIT) to exploit a browser flaw and reveal users’ internet protocol (IP) address. As a result, many were arrested for child pornography. But newly unsealed documents show that this may not have been the only result.

The FBI may have used its malware on significantly more than the 300 people the warrant covered, Motherboard found.

While the warrant authorized hacking with a scalpel, the FBI delivered their malware to TorMail users with a grenade,” Christopher Soghoian, principal technologist at the American Civil Liberties Union, told Motherboard.

The FBI confiscated FreedomMail, the host of TorMail and other secret emails, in the summer of 2013. While the dark web can certainly be used for illicit activities, its secure mail service has also been used by journalists and others not engaging in illegal operations. However, the FBI’s method of collecting data may have resulted in their locations being picked up in a large dragnet that was not covered by the warrant.

The NIT that the FBI was authorized to use was meant to “investigate any user who logs into any of the TARGET ACCOUNTS by entering a username and password,” the affidavits said. However, TorMail users claimed that the NIT was in use before they even logged into TorMail.

Some users are even unsure how the FBI could have used its NIT to attack specific accounts. The account that the FBI delivered to the courts left out important information. The FBI had to halt its NIT early, due to it being discovered and shut down by TorMail users.

What remains unclear is if the court was ever told that the FBI had exceeded the scope of the warrant, or whether the FBI agents who hacked innocent users were ever punished,” Soghoian said.

However, the FBI denies any wrongdoings. FBI spokesman Christopher Allen told Motherboard in an email that, “As a matter of practice the FBI narrowly tailors warrants, and we do not exceed the scope of those warrants.”