A new report reveals that the FBI directly employs multiple hackers who create custom surveillance software for the bureau, some of which is capable of remotely activating the microphones on cell phones and laptops, among other features.
The FBI is known for using technology shrouded in secrecy, some of which is based on legal grounds which have been questioned by critics with some maintaining that the FBI deceived judges in deploying it.
It’s also important to note that the US government is now the world’s largest buyer of malware.
Yet the government doesn’t just buy software from the private sector, anonymous former US officials told the Wall Street Journal that the FBI also “employs a number of hackers who write custom surveillance software.”
Some of this software is capable of remotely activating microphones in the many smartphones running Google’s Android operating system and recording conversations, according to one former US official.
The FBI can also remotely activate laptop microphones without the user’s knowledge, according to the same official. Unsurprisingly, Google would not comment.
The FBI “hires people who have hacking skill, and they purchase tools that are capable of doing these things,” a former official in the bureau’s cyber division said.
The former official stated that the tools are only used when other surveillance methods cannot be used.
Interestingly, the FBI does not use these tools when investigating hackers because they fear that the suspect could discover and publicize their technique.
Instead, a former US official told the Wall Street Journal that they use this type of technology “in cases involving organized crime, child pornography or counterterrorism.”
The WSJ notes that these hacking tools have been developed by the bureau for over a decade, but the techniques are very rarely disclosed in public legal cases.
One such instance occurred earlier this year when a judge denied a federal warrant application which sought to authorize the use of software to secretly extract files and take photos of a suspect using their computer’s camera.
The judge denied the warrant application and stated that he needed to see more information about how the data would actually be collected from the computer and how information on innocent people would be removed, among other concerns.
The FBI has been using “web bugs” since at least 2005, capable of gathering a computer’s IP address, a list of the programs currently in operation and other data, the WSJ reports, citing documents released in 2011.
Such technology was used in 2007 to track a person who was eventually convicted of emailing bomb threats in Washington state.
Former US officials maintain that hacking carried out by law enforcement agencies is targeted at very specific cases and is used sparingly.
Civil liberties advocates, on the other hand, maintain that clear legal guidelines need to be created in order to be certain that this kind of hacking technology is not misused.
“People should understand that local cops are going to be hacking into surveillance targets,” said Christopher Soghoian of the American Civil Liberties Union. “We should have a debate about that.”
The Remote Operations Unit at the FBI leads the bureau’s hacking efforts, former officials told the WSJ.
Agents often remotely install surveillance software by getting a target to click a link or view a document.
Sometimes the government even secretly gains physical access to the suspect’s machine where they install malware using a thumb drive, according to a former official.
While the bureau has a screening team that uses controls to ensure that only “relevant data” are gathered, according to an official, the legal authorities used to justify the searches are not all that clear.
One Justice Department official said that they determine what legal authority to seek “on a case-by-case basis.” The official pointed to the 2007 Washington state bomb-threat case where the government obtained a warrant even though they never physically touched the computer and their software only gathered “metadata.”
However, the FBI faced a great deal of criticism from civil liberties advocates in 2001 when the bureau refused to reveal how they installed a program that recorded the keystrokes of Nicodemo Scarfo Jr.
The bureau was able to capture the password Scarfo used to encrypt a document, eventually contributing to his conviction for activities related to organized crime.
According to Mark Eckenwiler, formerly the Justice Department’s primary authority on federal criminal surveillance law, a search warrant is required when files or other materials are taken from a suspect’s computer.
“Continuing surveillance would necessitate an even stricter standard, the kind used to grant wiretaps,” the WSJ reports, citing Eckenwiler.
A court order under a lower standard can suffice if the program is remotely delivered to the suspect’s computer, as is the case when it is sent through an internet link, according to Eckenwiler.
The use of this type of technology by the FBI is raising many interesting new questions in terms of the legal authorities and guidelines that the government must abide by in order to conduct surveillance on Americans. It seems that this could be a major legal battleground in the near future.