The Federal Bureau of Investigation, or FBI, controls a hacker team, which uses malware to keep tabs on suspects, and has the ability to secretly turn on a webcam, according to a report about the agency’s search of a man called “Mo,” who is said to have used different forms of Internet communication to issue bomb threats across the United States last year.
Court documents showed that Mo, allegedly an Iranian, used to communicate through e-mail, video chat and Internet-based phone services without revealing his true identity, and was adept at covering his tracks. To zero in on such suspects, the FBI decided to call on its hackers to put together a piece of malware that was then delivered to Mo’s Yahoo e-mail account. The goal was to obtain information about Mo’s Internet usage and help investigators find his location, the Washington Post reported.
“We have transitioned into a world where law enforcement is hacking into people’s computers, and we have never had public debate,” Christopher Soghoian, principal technologist for the American Civil Liberties Union, told the Post. “Judges are having to make up these powers as they go along.”
According to the Post, the most common delivery mechanism is a simple phishing attack. When the suspect hits a link sent to his inbox by the FBI, it connects to a computer at the agency’s offices in Quantico, Va., and downloads the malicious software that allows the authorities to spy on the suspect through his webcam even without its indicator light turning on.
In Mo’s case, however, the FBI-backed hackers could not turn up much about him. Mo did click on the link that was sent to him, but the tool malfunctioned and “never actually executed as designed.” The only key information that the investigators managed to obtain was that Mo appeared to be in Tehran.
Meanwhile, as the Post noted, such types of online surveillance have pushed the boundaries of the constitutional limits on searches and seizures. According to the report, critics compare it to a physical search that seizes the entire contents of a home, rather than just those items that could be linked to a particular crime.
“You can’t just go on a fishing expedition,” Laura K. Donohue, a Georgetown University law professor who reviewed the court ruling on FBI surveillance software in Mo’s case, told the Post. “There needs to be a nexus between the crime being alleged and the material to be seized. What they are doing here, though, is collecting everything.”
While a federal magistrate in Denver approved sending the malware to Mo’s computer last year, another federal magistrate in Houston rejected an FBI plan in April to send surveillance software to a suspect in a different case, on grounds that it was “extremely intrusive” and could violate the Fourth Amendment.