AlphaAtlas
[H]ard|Gawd
- Joined
- Mar 3, 2018
- Messages
- 1,713
After uncovering some interesting court records, Motherboard wrote up an article on how law enforcement is using "network investigative techniques" to catch cybercriminals. In one particular case, attackers used a fake email address and a bit of social engineering to get a $82,000 check from Gorbel. When the criminals came around asking for more, the FBI sent them a link to a fake FedEx website, in an attempt to sniff out their IP addresses when they loaded it. And when that didn't work, the FBI sent them a Word document with a FedEx image that would phone home when loaded. Another case involving Invermar, a Chilean seafood vendor, used a similar approach, where the FBI embedded an image in a Word document that would connect to the internet. According to the report, the FBI don't believe they even need a warrant to "send a target an embedded image," but they applied for one anyway. While the end results of these two cases are unknown, Motherboard and their consultants seem to think the government is rapidly learning to use NITs. One expert noted that they're moving away from website-based attacks, as more "targeted" attacks like emails have less potential fallout from innocent users stumbling onto the NITs.
This sort of law enforcement hacking is likely to become more common. At the end of 2016, the Justice Department amended Rule 41, one of the rules around search warrants. The change meant that US judges could sign warrants to search computers outside of their district, and in particular, if law enforcement did not know where the suspect was ultimately located—exactly the issue with these two cases. "Now that Rule 41 has been amended, we can expect to see NIT warrants being used in the investigation of a range of crimes, not just the child pornography Tor Hidden Service busts that pre-dated the amendment," Pfefferkorn said.
This sort of law enforcement hacking is likely to become more common. At the end of 2016, the Justice Department amended Rule 41, one of the rules around search warrants. The change meant that US judges could sign warrants to search computers outside of their district, and in particular, if law enforcement did not know where the suspect was ultimately located—exactly the issue with these two cases. "Now that Rule 41 has been amended, we can expect to see NIT warrants being used in the investigation of a range of crimes, not just the child pornography Tor Hidden Service busts that pre-dated the amendment," Pfefferkorn said.