This FBI's mass hacking campaign is related to the high-profile child pornography Playpen case and represents the largest law enforcement hacking campaign known to date.
The warrant was initially issued in February 2015 when the FBI seized the Playpen site and set up a sting operation on the dark web site, in which the agency deployed malware to obtain IP addresses from alleged site's visitors.
Cracking the Code: Learn How Cyber Attackers Exploit Human Psychology
Ever wondered why social engineering is so effective? Dive deep into the psychology of cyber attackers in our upcoming webinar.Join Now
The piece of malware used by the FBI is known as a Network Investigative Technique (NIT). The malware was used for at least 13 days to break into the computer of users who visited certain threads on Playpen and then sent their IP addresses back to the bureau.
Earlier this year, court documents related to the Playpen case revealed that the FBI hacked over 1,000 alleged visitors of Playpen in the U.S. using a single warrant, along with computers in Australia, Chile, Colombia, Austria, Denmark, Greece, the UK, Turkey, and Norway during the investigation.
However, the new federal court hearing transcript from a related case reveals that the hack went much further farther and wider than previously believed and that the bureau actually hacked into more than 8,000 users' computers across 120 different countries.
"We have never, in our nation's history as far as I can tell, seen a warrant so utterly sweeping," federal public defender Colin Fieman said in a court hearing at the end of October, according to the transcript.
According to the transcript, the FBI also hacked what has been described as a "satellite provider." "So now we are into outer space as well," Fieman said.
"The fact that a single magistrate judge could authorise the FBI to hack 8,000 people in 120 countries is truly terrifying," Christopher Soghoian, a principal technologist at the American Civil Liberties Union (ACLU), told Motherboard.
The major controversy surrounding the Playpen case has been that Virginia-based US Magistrate Judge Theresa C. Buchanan who signed the warrant did not have the authority to authorize such searches.
The fact is that the magistrate judges are a more junior type of judges who don't actually have jurisdiction to issue warrants outside their own districts. Only more senior federal judges, known as district judges, have the authority to issue such warrants under Rule 41.
However, this would likely change with the changes introduced to the Rule 41 of the Federal Rules of Criminal Procedure by the US Department of Justice.
Changes to Rule 41 will Further Expand FBI's Mass Hacking Capabilities
The changes to Rule 41 will grant the FBI much greater powers to hack into any computer within the country, and perhaps anywhere in the world, with just a single search warrant authorized by any US judge (even magistrate judges).
The changes in this rule are set to take effect on December 1, 2016.
"The US government wants to use an obscure procedure—amending a federal rule known as Rule 41— to radically expand their authority to hack," the Electronic Frontier Foundation (EFF) said. "The changes to Rule 41 would make it easier for them to break into our computers, take data, and engage in remote surveillance."However, the DoJ further defended the changes to Rule 41 in a Monday blog post.
"We believe technology shouldn't create a lawless zone merely because a procedural rule has not kept up with the times," writes Assistant Attorney General Leslie R. Caldwell of the Criminal Division.
If take into effect, privacy activists and cybersecurity experts believe that the US law enforcement will most likely use the changes to Rule 41 to further expand their capabilities of mass hacking techniques.