Network Investigative Technique

Last updated

Network Investigative Technique (NIT) is a form of malware (or hacking) employed by the FBI since at least 2002. It is a drive-by download computer program designed to provide access to a computer.

Contents

Controversies

Its usage has raised both Fourth Amendment concerns [1] and jurisdictional issues. [2] The FBI has to date, despite a court order, declined to provide the complete code [3] in a child sex abuse case involving the Tor anonymity network. [4] On May 12, 2016 Mozilla filed an amicus curiae brief inasmuch as the FBI's exploit against the Mozilla Firefox web browsers potentially puts millions of users at risk. It asked that the exploit be told to them before it is told to the defendant, thus raising Fifth Amendment issues as well. [5] Also, US District Judge Robert J. Bryan in Tacoma, Washington has ruled that while the defendant in United States v. Michaud has the right to review the code, the government also has the right to keep it secret (two other federal judges in related cases have ruled to suppress evidence found as a result of the NIT); [6] On May 25, 2016, however, he ruled that "For the reasons stated orally on the record, evidence of the NIT., the search warrant issued based on the NIT., and the fruits of that warrant should be excluded and should not be offered in evidence at trial..." [7]

In March 2017 the American Civil Liberties Union, Electronic Frontier Foundation, and the National Association of Criminal Defense Lawyers released a 188-page guide to enable meaningful 4th Amendment analysis. [8] In April a Minnesota judge ruled that the warrant was invalid from the moment it was signed, given that the FBI agent knew that it exceed the jurisdictional requirements of Rule 41. All evidence gathered after that warrant was served was hence the fruit of the poisonous tree. [9]

Examples of government deployed NITs

The ACLU and Privacy International successfully litigated (see [18-cv-1488]) the release of U.S. sealed court records that revealed details about a NIT deployed in 2016 on 23 separate onion services of the Tor (network). The sworn affidavit submitted by a Special Agent of the FBI (affidavit template formerly written by the NAIC) indicated the NIT had the following abilities:

"The NIT will reveal to the government environmental variables and certain registry-type information that may assist in identifying the computer, its location, and the user of the computer...."

List of Government Operations

There is a growing list of government operations that are known to have used NITS.

See also

Related Research Articles

Watering hole is a computer attack strategy in which an attacker guesses or observes which websites an organization often uses and infects one or more of them with malware. Eventually, some member of the targeted group will become infected. Hacks looking for specific information may only attack users coming from a specific IP address. This also makes the hacks harder to detect and research. The name is derived from predators in the natural world, who wait for an opportunity to attack their prey near watering holes.

<span class="mw-page-title-main">CERT Coordination Center</span>

The CERT Coordination Center (CERT/CC) is the coordination center of the computer emergency response team (CERT) for the Software Engineering Institute (SEI), a non-profit United States federally funded research and development center. The CERT/CC researches software bugs that impact software and internet security, publishes research and information on its findings, and works with businesses and the government to improve the security of software and the internet as a whole.

<span class="mw-page-title-main">Tor (network)</span> Free and open-source anonymity network based on onion routing

Tor is a free overlay network for enabling anonymous communication. Built on free and open-source software and more than seven thousand volunteer-operated relays worldwide, users can have their Internet traffic routed via a random path through the network.

<span class="mw-page-title-main">Microsoft Product Activation</span> DRM mechanism used by Microsoft

Microsoft Product Activation is a DRM technology used by Microsoft Corporation in several of its computer software programs, most notably its Windows operating system and its Office productivity suite. The procedure enforces compliance with the program's end-user license agreement by transmitting information about both the product key used to install the program and the user's computer hardware to Microsoft, inhibiting or completely preventing the use of the program until the validity of its license is confirmed.

<span class="mw-page-title-main">The Hidden Wiki</span> Defunct Tor wiki

The Hidden Wiki was a dark web MediaWiki wiki operating as a Tor hidden service that could be anonymously edited after registering on the site. The main page served as a directory of links to other .onion sites.

<span class="mw-page-title-main">Orbot</span> Free software project to provide anonymity on the Internet from an Android smartphone

Orbot is a free proxy app that provides anonymity on the Internet for users of the Android and iOS operating systems. It allows traffic from apps such as web browsers, email clients, map programs, and others to be routed via the Tor network.

<span class="mw-page-title-main">Tor Mail</span> Defunct Tor email service

Tor Mail was a Tor hidden service that went offline in August 2013 after an FBI raid on Freedom Hosting. The service allowed users to send and receive email anonymously to email addresses inside and outside the Tor network.

<span class="mw-page-title-main">Freedom Hosting</span> Defunct Tor web hosting service

Freedom Hosting was a Tor specialist web hosting service that was established in 2008. At its height in August 2013, it was the largest Tor web host.

The dark web is the World Wide Web content that exists on darknets: overlay networks that use the Internet but require specific software, configurations, or authorization to access. Through the dark web, private computer networks can communicate and conduct business anonymously without divulging identifying information, such as a user's location. The dark web forms a small part of the deep web, the part of the web not indexed by web search engines, although sometimes the term deep web is mistakenly used to refer specifically to the dark web.

HackingTeam was a Milan-based information technology company that sold offensive intrusion and surveillance capabilities to governments, law enforcement agencies and corporations. Its "Remote Control Systems" enable governments and corporations to monitor the communications of internet users, decipher their encrypted files and emails, record Skype and other Voice over IP communications, and remotely activate microphones and camera on target computers. The company has been criticized for providing these capabilities to governments with poor human rights records, though HackingTeam states that they have the ability to disable their software if it is used unethically. The Italian government has restricted their licence to do business with countries outside Europe.

<span class="mw-page-title-main">The Tor Project</span> Free and open-source software project for enabling anonymous communication

The Tor Project, Inc. is a 501(c)(3) research-education nonprofit organization based in Winchester, Massachusetts. It is founded by computer scientists Roger Dingledine, Nick Mathewson, and five others. The Tor Project is primarily responsible for maintaining software for the Tor anonymity network.

<span class="mw-page-title-main">Operation Onymous</span> International police operation targeting darknet markets

Operation Onymous was an international law enforcement operation targeting darknet markets and other hidden services operating on the Tor network.

<span class="mw-page-title-main">Doxbin (darknet)</span> Defunct document sharing website

Doxbin was an onion service. It was a pastebin primarily used by people posting personal data of any person of interest.

<span class="mw-page-title-main">Riseup</span> Tech collective

Riseup is a volunteer-run collective providing secure email, email lists, a VPN service, online chat, and other online services. This organization was launched by activists in Seattle with borrowed equipment and a few users in 1999 or 2000, and quickly grew to millions of accounts.

The use of stingrays by United States law enforcement is an investigative technique used by both federal and local law enforcement in the United States to obtain information from cell phones by mimicking a cell phone tower. The devices which accomplish this are generically known as IMSI-catchers, but are commonly called stingrays, a brand sold by the Harris Corporation.

Operation Torpedo was a 2011 operation in which the Federal Bureau of Investigation (FBI) compromised three different hidden services hosting child pornography, which would then target anyone who happened to access them using a network investigative technique (NIT).

Playpen was a notorious darknet child pornography website that operated from August 2014 to March 2015. The website operated through the Tor network which allowed users to use the website anonymously. After running the website for 6 months, the website owner Steven W. Chase was captured by the FBI. After his capture, the FBI continued to run the website for another 13 days as part of Operation Pacifier.

<span class="mw-page-title-main">Mullvad</span> VPN service based in Sweden

Mullvad is a commercial VPN service based in Sweden. Launched in March 2009, Mullvad operates using the WireGuard and OpenVPN protocols. It also supports Shadowsocks as a bridge protocol for censorship circumvention. Mullvad's VPN client software is released under the GPLv3, a free and open-source software license.

VPNFilter is malware designed to infect routers and certain network attached storage devices. As of 24 May 2018, it is estimated to have infected approximately 500,000 routers worldwide, though the number of at-risk devices is larger. It can steal data, contains a "kill switch" designed to disable the infected router on command, and is able to persist should the user reboot the router. The FBI believes that it was created by the Russian Fancy Bear group. In February 2022, the CISA announced that a new malware called Cyclops Blink produced by Sandworm had replaced VPNFilter.

Government hacking permits the exploitation of vulnerabilities in electronic products, especially software, to gain remote access to information of interest. This information allows government investigators to monitor user activity and interfere with device operation. Government attacks on security may include malware and encryption backdoors. The National Security Agency's PRISM program and Ethiopia's use of FinSpy are notable examples.

References

  1. Poulsen, Kevin. "Visit the Wrong Website, and the FBI Could End Up in Your Computer". Wired. Retrieved 2016-04-30.
  2. Franceschi-Bicchierai, Lorenzo (2016-04-21). "This Technicality Could Spoil the FBI's Dark Web Hacking Operations". Motherboard. Retrieved 2016-04-30.
  3. Paganini, Pierluigi (2016-02-22). "The FBI must provide details on the network investigative technique used to hack more than 1000 computers in a case involving child pornography". Security Affairs. Retrieved 2016-04-30.
  4. Condliffe, Jamie (2016-03-30). "FBI Refuses to Divulge How It Tracked Pedophiles on Tor". Gizmodo. Retrieved 2016-04-30.
  5. Cushing, Jim (2016-05-12). "Mozilla Asks Court To Force FBI To Turn Over Information On Hacking Tool It Used In Child Porn Case: from the only-criminals-use-patched-browsers-amirite? dept". TechDirt. Retrieved 2016-05-12.
  6. Farivar, Cyrus (2016-05-19). "Judge says suspect has right to review code that FBI has right to keep secret: At issue is Tor malware that enabled the FBI to bust child porn ring". Ars Technica. Retrieved 2016-05-20.
  7. Farivar, Cyrus (2016-05-25). "Once more, a judge rules against gov't in Tor-enabled child porn case: DOJ may appeal: "We are disappointed with the ruling and considering our options."". Ars Technica. Retrieved 2016-05-25.
  8. Farivar, Cyrus (2017-03-30). "To fight Tor hack prosecutions, activist groups offer up legal help: Guide is intended to help level the legal playing field". Ars Technica.
  9. Cushing, Tim (7 April 2017). "Judge Says FBI's NIT Warrant Invalid, Points Out FBI Agent Knew It Was Invalid When He Requested It". TechDirt (published 2017-04-07).