Network Investigative Technique (NIT) is a form of malware (or hacking) employed by the FBI since at least 2002. It is a drive-by download computer program designed to provide access to a computer.
Its usage has raised both Fourth Amendment concerns [1] and jurisdictional issues. [2] The FBI has to date, despite a court order, declined to provide the complete code [3] in a child sex abuse case involving the Tor anonymity network. [4] On May 12, 2016 Mozilla filed an amicus curiae brief inasmuch as the FBI's exploit against the Mozilla Firefox web browsers potentially puts millions of users at risk. It asked that the exploit be told to them before it is told to the defendant, thus raising Fifth Amendment issues as well. [5] Also, US District Judge Robert J. Bryan in Tacoma, Washington has ruled that while the defendant in United States v. Michaud has the right to review the code, the government also has the right to keep it secret (two other federal judges in related cases have ruled to suppress evidence found as a result of the NIT); [6] On May 25, 2016, however, he ruled that "For the reasons stated orally on the record, evidence of the NIT., the search warrant issued based on the NIT., and the fruits of that warrant should be excluded and should not be offered in evidence at trial..." [7]
In March 2017 the American Civil Liberties Union, Electronic Frontier Foundation, and the National Association of Criminal Defense Lawyers released a 188-page guide to enable meaningful 4th Amendment analysis. [8] In April a Minnesota judge ruled that the warrant was invalid from the moment it was signed, given that the FBI agent knew that it exceed the jurisdictional requirements of Rule 41. All evidence gathered after that warrant was served was hence the fruit of the poisonous tree. [9]
The ACLU and Privacy International successfully litigated (see [18-cv-1488]) the release of U.S. sealed court records that revealed details about a NIT deployed in 2016 on 23 separate onion services of the Tor (network). The sworn affidavit submitted by a Special Agent of the FBI (affidavit template formerly written by the NAIC) indicated the NIT had the following abilities:
"The NIT will reveal to the government environmental variables and certain registry-type information that may assist in identifying the computer, its location, and the user of the computer...."
There is a growing list of government operations that are known to have used NITS.
Watering hole is a computer attack strategy in which an attacker guesses or observes which websites an organization often uses and infects one or more of them with malware. Eventually, some member of the targeted group will become infected. Hacks looking for specific information may only attack users coming from a specific IP address. This also makes the hacks harder to detect and research. The name is derived from predators in the natural world, who wait for an opportunity to attack their prey near watering holes.
The CERT Coordination Center (CERT/CC) is the coordination center of the computer emergency response team (CERT) for the Software Engineering Institute (SEI), a non-profit United States federally funded research and development center. The CERT/CC researches software bugs that impact software and internet security, publishes research and information on its findings, and works with businesses and the government to improve the security of software and the internet as a whole.
Tor is a free overlay network for enabling anonymous communication. Built on free and open-source software and more than seven thousand volunteer-operated relays worldwide, users can have their Internet traffic routed via a random path through the network.
Microsoft Product Activation is a DRM technology used by Microsoft Corporation in several of its computer software programs, most notably its Windows operating system and its Office productivity suite. The procedure enforces compliance with the program's end-user license agreement by transmitting information about both the product key used to install the program and the user's computer hardware to Microsoft, inhibiting or completely preventing the use of the program until the validity of its license is confirmed.
The Hidden Wiki was a dark web MediaWiki wiki operating as a Tor hidden service that could be anonymously edited after registering on the site. The main page served as a directory of links to other .onion sites.
Orbot is a free proxy app that provides anonymity on the Internet for users of the Android and iOS operating systems. It allows traffic from apps such as web browsers, email clients, map programs, and others to be routed via the Tor network.
Tor Mail was a Tor hidden service that went offline in August 2013 after an FBI raid on Freedom Hosting. The service allowed users to send and receive email anonymously to email addresses inside and outside the Tor network.
Freedom Hosting was a Tor specialist web hosting service that was established in 2008. At its height in August 2013, it was the largest Tor web host.
The dark web is the World Wide Web content that exists on darknets: overlay networks that use the Internet but require specific software, configurations, or authorization to access. Through the dark web, private computer networks can communicate and conduct business anonymously without divulging identifying information, such as a user's location. The dark web forms a small part of the deep web, the part of the web not indexed by web search engines, although sometimes the term deep web is mistakenly used to refer specifically to the dark web.
HackingTeam was a Milan-based information technology company that sold offensive intrusion and surveillance capabilities to governments, law enforcement agencies and corporations. Its "Remote Control Systems" enable governments and corporations to monitor the communications of internet users, decipher their encrypted files and emails, record Skype and other Voice over IP communications, and remotely activate microphones and camera on target computers. The company has been criticized for providing these capabilities to governments with poor human rights records, though HackingTeam states that they have the ability to disable their software if it is used unethically. The Italian government has restricted their licence to do business with countries outside Europe.
The Tor Project, Inc. is a 501(c)(3) research-education nonprofit organization based in Winchester, Massachusetts. It is founded by computer scientists Roger Dingledine, Nick Mathewson, and five others. The Tor Project is primarily responsible for maintaining software for the Tor anonymity network.
Operation Onymous was an international law enforcement operation targeting darknet markets and other hidden services operating on the Tor network.
Doxbin was an onion service. It was a pastebin primarily used by people posting personal data of any person of interest.
Riseup is a volunteer-run collective providing secure email, email lists, a VPN service, online chat, and other online services. This organization was launched by activists in Seattle with borrowed equipment and a few users in 1999 or 2000, and quickly grew to millions of accounts.
The use of stingrays by United States law enforcement is an investigative technique used by both federal and local law enforcement in the United States to obtain information from cell phones by mimicking a cell phone tower. The devices which accomplish this are generically known as IMSI-catchers, but are commonly called stingrays, a brand sold by the Harris Corporation.
Operation Torpedo was a 2011 operation in which the Federal Bureau of Investigation (FBI) compromised three different hidden services hosting child pornography, which would then target anyone who happened to access them using a network investigative technique (NIT).
Playpen was a notorious darknet child pornography website that operated from August 2014 to March 2015. The website operated through the Tor network which allowed users to use the website anonymously. After running the website for 6 months, the website owner Steven W. Chase was captured by the FBI. After his capture, the FBI continued to run the website for another 13 days as part of Operation Pacifier.
Mullvad is a commercial VPN service based in Sweden. Launched in March 2009, Mullvad operates using the WireGuard and OpenVPN protocols. It also supports Shadowsocks as a bridge protocol for censorship circumvention. Mullvad's VPN client software is released under the GPLv3, a free and open-source software license.
VPNFilter is malware designed to infect routers and certain network attached storage devices. As of 24 May 2018, it is estimated to have infected approximately 500,000 routers worldwide, though the number of at-risk devices is larger. It can steal data, contains a "kill switch" designed to disable the infected router on command, and is able to persist should the user reboot the router. The FBI believes that it was created by the Russian Fancy Bear group. In February 2022, the CISA announced that a new malware called Cyclops Blink produced by Sandworm had replaced VPNFilter.
Government hacking permits the exploitation of vulnerabilities in electronic products, especially software, to gain remote access to information of interest. This information allows government investigators to monitor user activity and interfere with device operation. Government attacks on security may include malware and encryption backdoors. The National Security Agency's PRISM program and Ethiopia's use of FinSpy are notable examples.
