How the FBI hacks You

In a recent Wired.com expose’, they expose how the FBI has been secretly hacking civilian computers for about 20 years, but thanks to Rule 41, their ability to hack has been expanded.

Nevertheless, effective record keeping for these hacking incidents doesn’t exist. For instance, search warrants that permit hacking are issued using elusive language, and this makes it difficult to keep track of when the feds hack.

Also, it’s not required for the FBI to submit any reports to Congress that track the FBI’s court-sanctioned hacking incidents—which the FBI would rather term “remote access searches.”

So how do we know this then? Because every so often, bits of information are revealed in news stories and court cases.

Carnivore

• Carnivore, a traffic sniffer, is the FBI’s first known remote access tool that Internet Service Providers allowed to get installed on network backbones in 1998.
• This plan got out in 2000 when EarthLink wouldn’t let the FBI install Carnivore on its network.
• A court case followed, and the name “Carnivore” certainly didn’t help the feds’ case.
• Come 2005, Carnivore was replaced with commercial filters.

The FBI had an issue with encrypted data that it was taking. Thanks to the advent of keyloggers, this problem was solved, as the keylogger records keystrokes, capturing them before the encryption software does its job.

The Scarfo Case

• In 1999 a government keystroke logger targeted Nicodemo Salvatore Scarfo, Jr., a mob boss who used encryption.
• The remotely installed keylogger had not yet been developed at this time, so the FBI had to break into Scarfo’s office to install the keylogger on his computer, then break in again to retrieve it.
• Scarfo argued that the FBI should have had a wiretap order, not just a search warrant, to do this.
• The government, though, replied that the keylogger technology was classified.

Magic Lantern

• The Scarfo case inspired the FBI to design custom hacking tools: enter Magic Lantern, a remotely installable keylogger that arrived in 2001.
• This keylogger also could track browsing history, passwords and usernames.
• It’s not known when the first time was that Magic Lantern was used.