Advertisement

ERA Forum

pp 1–16 | Cite as

Hacking for evidence: the risks and rewards of deploying malware in pursuit of justice

  • Steven David BrownEmail author
Article
  • 42 Downloads

Abstract

Law enforcement use of hacking techniques has become well-established and is an inevitable consequence not only of endemic anonymization used by computer-based criminals, but also of the increasing dominance of cloud-based computing models that challenge traditional notions of jurisdiction. Whilst recognising the many and legitimate concerns of privacy watchdogs this article explores how and why law enforcement uses malware to target criminals who would otherwise operate with virtual impunity.

Keywords

Hacking Law enforcement Electronic evidence N.I.T.s Cyber 

Notes

References

  1. 1.
    ACLU: Challenging government hacking in criminal cases (2017). Available at https://www.aclu.org/sites/default/files/field.../malware_guide_3-30-17-v2.pdf. Accessed 9 July 2018
  2. 2.
    Altvater, B.J.: Combatting Crime on the Dark Web (2016). Available at http://www.ndaa.org/dyk/20161219-Dark%20Web_FINAL.pdf. Accessed 10 July 2018 Google Scholar
  3. 3.
    Bell, C.: Surveillance technology and graymail in domestic criminal prosecutions. Georgetown J. Law Public Policy 16, 537 (2018). Available at https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3269915. Accessed 6 March 2019 Google Scholar
  4. 4.
    Bellovin, S., et al.: Lawful hacking: using existing vulnerabilities for wiretapping on the Internet. Northwest. J. Technol. Intellect. Prop. 12, 1 (2014) Google Scholar
  5. 5.
    Big Brother Watch: Equipment interference (14 March 2016). Available at https://bigbrotherwatch.org.uk/?s=equipment+interference. Accessed 8 July 2018
  6. 6.
    British Broadcasting Corporation: Snowden leaks: GCHQ ’attacked anonymous’ hackers (2014). Available at https://www.bbc.co.uk/news/technology-26049448. Accessed 8 July 2018
  7. 7.
    Brunker, M.: Judge OKs FBI hack of Russian computers (2001). Available at https://www.zdnet.com/article/judge-oks-fbi-hack-of-russian-computers/. Accessed 4 July 2018
  8. 8.
    Bundtzen, S.: Why you should know about Germany’s new surveillance law (2017). Available at https://www.opendemocracy.net/digitaliberties/sara-bundtzen/why-you-should-know-about-germanys-new-surveillance-law. Accessed 5 March 2018
  9. 9.
    Coleman, G.: Hacker, Hoaxer, Whistleblower, Spy: The Many Faces of Anonymous. Verso, New York (2013) Google Scholar
  10. 10.
    Cornell Law SchoolFederal Rules of Criminal Procedure (2018). Available at https://www.law.cornell.edu/rules/frcrmp/rule_41. Accessed 8 July 2017
  11. 11.
    Corte di Cassazione: Penale Sent. Sez. 6, Num. 45486, Anno 2018 (2018). Available at www.italgiure.giustizia.it/xway/application/nif/clean/hc.dll?verbo=attach&db=snpen&id=./20181009/snpen@s60@a2018@n45486@tS.clean.pdf. Accessed 18 May 2019
  12. 12.
    Council of Europe T-CY assessment report (T-CY(2013)17rev): The mutual legal assistance provisions of the Budapest Convention on Cybercrime Para 5.1.1. Conclusion 1 (2013). Available at http://rm.coe.int/CoERMPublicCommonSearchServices/DisplayDCTMContent?documentId=09000016802e726c. Accessed 10 July 2018
  13. 13.
    Cox, J.: Australian dark web hacking campaign unmasked hundreds globally (2017). Available at https://motherboard.vice.com/en_us/article/4xezgg/australian-dark-web-hacking-campaign-unmasked-hundreds-globally. Accessed 5 March 2018
  14. 14.
    Cox, J.: In a First, Judge Throws Out Evidence Obtained from FBI Malware (2016). Available at https://motherboard.vice.com/en_us/article/gv5yqj/in-a-first-judge-throws-out-evidence-obtained-from-fbi-malware. Accessed 5 July 2018
  15. 15.
    Cox, J.: Second judge argues evidence from FBI mass hack should be thrown out (2016). Available at https://motherboard.vice.com/en_us/article/78kxkx/second-judge-argues-evidence-from-fbi-mass-hack-should-be-thrown-out. Accessed 5 July 2018
  16. 16.
    Cox, J.: The FBI hacked over 8,000 computers in 120 countries based on one warrant (2016). Available at https://motherboard.vice.com/en_us/article/53d4n8/fbi-hacked-over-8000-computers-in-120-countries-based-on-one-warrant. Accessed 7 March 2018
  17. 17.
    Cox, J.: Hacker dumps iOS cracking tools allegedly stolen from cellebrite (2017). Available at https://motherboard.vice.com/en_us/article/5355ga/hacker-dumps-ios-cracking-tools-allegedly-stolen-from-cellebrite. Accessed 3 July 2018
  18. 18.
    Deutsche Welle: Things to know about Germany’s recent surveillance laws (2017). Available at https://www.dw.com/en/things-to-know-about-germanys-recent-surveillance-laws/a-39421060. Accessed 18 May 2019
  19. 19.
    DOJ: US DoJ/OLA letter to Senator Grassley (14 July 2015). Available at https://www.judiciary.senate.gov/download/justice-department-to-grassley_-dea-spyware. Accessed 10 February 2018
  20. 20.
    EU Parliament LIBE Committee: Legal frameworks for hacking by law enforcement: identification, evaluation and comparison of practices (2017). Available at http://www.europarl.europa.eu/thinktank/en/document.html?reference=IPOL_STU(2017)583137. Accessed 8 March 2018
  21. 21.
    Europol: Are you sharing the same IP address as a criminal? Press release (12 October 2017). Available at https://www.europol.europa.eu/newsroom/news/are-you-sharing-same-ip-address-criminal-law-enforcement-call-for-end-of-carrier-grade-nat-cgn-to-increase-accountability-online. Accessed 28 June 2018
  22. 22.
    Fox-Brewster, T.: An NSA cyber weapon might be behind a massive global ransomware outbreak (2017). Available at https://www.forbes.com/sites/thomasbrewster/2017/05/12/nsa-exploit-used-by-wannacry-ransomware-in-global-explosion/#64d7f487e599. Accessed 3 July 2017
  23. 23.
    FBI: Playpen creator sentenced to 30 years. Press release (5 May 2017). Available at https://www.fbi.gov/news/stories/playpen-creator-sentenced-to-30-years. Accessed 6 July 2017
  24. 24.
    FBI: Going dark (2018). Available at https://www.fbi.gov/services/operational-technology/going-dark. Accessed 16 July 2018
  25. 25.
    Ghappour, A.: Searching places unknown: law enforcement jurisdiction on the dark web. Stanf. Law Rev. 69, 1075 (2017) Google Scholar
  26. 26.
    Goodin, D.: NSA-leaking shadow brokers just dumped its most damaging release yet (2017). Available at https://arstechnica.com/information-technology/2017/04/nsa-leaking-shadow-brokers-just-dumped-its-most-damaging-release-yet/. Accessed 3 July 2017
  27. 27.
    Government of the Netherlands: new law to help fight computer crime (2019). Available at https://www.government.nl/topics/cybercrime/news/2019/02/28/new-law-to-help-fight-computer-crime. Accessed 18 May 2019
  28. 28.
    Greenberg, A.: Global web crackdown arrests 17, seizes hundreds of dark net domains (2014). Available at https://www.wired.com/2014/11/operation-onymous-dark-web-arrests/. Accessed 11 July 2017
  29. 29.
    Justia: US Law Rule 41 Search and Seizure (2018). Available at https://law.justia.com/codes/us/2001/title18/app/federalru/dup1/rule41. Accessed 8 July 2018
  30. 30.
    Kerr, O.S., Murphy, S.D.: Government hacking to light the dark web: what risks to international relations and international law? 70 Stan. L. Rev. Online 58 (2017) Google Scholar
  31. 31.
    Kim, S.: Privacy international’s work on hacking (2017). Available at https://medium.com/privacy-international/privacy-internationals-work-on-hacking-153a0565e1ce. Accessed 9 July 2018
  32. 32.
    Legislation.gov.uk: Investigatory Powers Act 2016 (2018). Available at http://www.legislation.gov.uk/ukpga/2016/25/contents/enacted. Accessed 11 July 2018
  33. 33.
    Lemos, R.: FBI “hack” raises global security concerns (2002). Available at https://www.cnet.com/news/fbi-hack-raises-global-security-concerns/. Accessed 4 July 2018
  34. 34.
    Leyden, J.: Russians accuse FBI agent of hacking (2002). Available at https://www.theregister.co.uk/2002/08/16/russians_accuse_fbi_agent/. Accessed 4 July 2018
  35. 35.
    Mason, J.: Are VPNs legal in your country? Thebestvpn.com (2018). Available at https://thebestvpn.com/are-vpns-legal-banned-countries/. Accessed 11 July 2018
  36. 36.
    Murch, R.S.: FBI files brief on Scarfo Keylogger (2001). Available at https://yro.slashdot.org/:story/01/10/10/161256/fbi-files-brief-on-scarfo-keylogger. Accessed 4 July 2018
  37. 37.
    Norton.com: Malware (2017). Available at https://us.norton.com/internetsecurity-malware.html. Accessed 28 June 2017
  38. 38.
    Oerlemans, J.: Hacking without a legal basis (2014). Available at http://leidenlawblog.nl/articles/hacking-without-a-legal-basis. Accessed 20 November 2016
  39. 39.
    Privacy International: Italy’s Supreme Court decision limits hacking powers and applies safeguards (2 November 2018). Available at https://www.privacyinternational.org/blog/2423/italys-supreme-court-decision-limits-hacking-powers-and-applies-safeguards. Accessed 18 May 2019
  40. 40.
    Privacy International: Privacy International’s analysis of the Italian hacking reform, under DDL Orlando (2017). Available at www.privacyinternational.org/sites/default/files/2018-01/PI_hacking_DDL%20Orlando.pdf. Accessed 18 May 2019
  41. 41.
    Regev, D.: WhatsApp’s security breach: made in Israel. implemented worldwide (17 May 2019). Deutsche Welle. https://www.dw.com/en/whatsapps-security-breach-made-in-israel-implemented-worldwide/a-48740524
  42. 42.
    Rumold, M., Playpen: The story of the FBI’s unprecedented and illegal hacking operation (2016). Available at https://www.eff.org/deeplinks/2016/09/playpen-story-fbis-unprecedented-and-illegal-hacking-operation. Accessed 7 March 2018
  43. 43.
    Schroeder, S.: The Lure (2012). Course Technology, Boston Google Scholar
  44. 44.
    Steifel, K.: Bundestrojaner geknackt Wiener Zeitung (10 October 2011). Available at https://www.wienerzeitung.at/themen_channel/wz_digital/digital_news/403092_Bundestrojaner-geknackt.html. Accessed 8 July 2018
  45. 45.
    Times of Israel: Israel reached out to US hackers for ‘Zero Days’ tools (2016). Available at https://www.timesofisrael.com/israel-reached-out-to-us-hackers-for-zero-days-exploits/. Accessed 30 June 2018
  46. 46.
    Tor Blog: Did the FBI pay a university to attack Tor users? (11 November 2015). Available at https://blog.torproject.org/did-fbi-pay-university-attack-tor-users. Accessed 11 July 2017
  47. 47.
    Tor Blog: Tor security advisory: “relay early” traffic confirmation attack (30 July 2014). Available at https://blog.torproject.org/tor-security-advisory-relay-early-traffic-confirmation-attack. Accessed 11 July 2017
  48. 48.
    UNODC: Comprehensive study on cybercrime (2013). Available at https://www.unodc.org/documents/organized-crime/UNODC_CCPCJ_EG.4_2013/CYBERCRIME_STUDY_210213.pdf. Accessed 6 June 2018
  49. 49.
    Vitaris, B.: Australian DarkWeb pedo site admin sentenced to 35 years in jail. www.deepdotweb.com (11 August 2015). Available at https://www.deepdotweb.com/2015/08/11/australian-darkweb-pedo-site-admin-sentenced-to-35-years-in-jail/ Accessed 5 March 2018
  50. 50.
    Vitaris, B.: Third judge rules FBI’s playpen warrant invalid. www.deepdotweb.com (29 September 2016). Available at https://www.deepdotweb.com/2016/09/29/third-judge-rules-fbis-playpen-warrant-invalid/. Accessed 11 July 2016
  51. 51.
    Wikipedia: Hacking team (2018). Available at https://en.wikipedia.org/wiki/Hacking_Team. Accessed 11 July 2018
  52. 52.
    Zetter, K.: Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon (2014). Crown Publishers, USA Google Scholar
  53. 53.
    Zoetekouw, M.: Ignorantia Terrae Non Excusat Conference Paper Crossing Borders: Jurisdiction in Cyberspace Conference (March 2016). Available at https://c.ymcdn.com/sites/www.iisfa.net/resource/resmgr/Slide_seminari/Convegno_Milano/c-mzoetekouw-ignorantia-terr.pdf. Accessed 12 July 2018

Copyright information

© Europäische Rechtsakademie (ERA) 2019

Authors and Affiliations

  1. 1.ViennaAustria

Personalised recommendations