Judge Throws Out Evidence After FBI Refuses To Reveal Tor Vulnerability

By Lucian Armasu
published

In a recent child pornography case that involved the Firefox-based Tor browser, both the defense team and Mozilla have asked the FBI to reveal the vulnerabilities the agency used to hack Tor users. After the FBI refused, the judge canceled the warrant it initially gave the FBI and threw out all evidence the agency gathered with it.

The FBI has been using “network investigative techniques,” which is a “cleaner” way of referring to hacking. This type of hacking often happens through malware that the FBI sends to its targets to get access to their computers. The malware in this case took advantage of an undisclosed Tor browser vulnerability.

Mozilla believes the vulnerability may exist in the core Firefox code as well, considering that the Tor Browser is a customized version of the enterprise version of Firefox. That’s why the company has also been trying to get the FBI to reveal the vulnerability to Mozilla before the agency tells anyone else about it, including the defense attorneys in this case.

Mozilla thinks that if anyone else finds out about the vulnerability, it could be later used by bad actors. The FBI is also bound by the Vulnerabilities Equity Process to reveal major vulnerabilities in technology products, although it hasn’t always abided by those policies.

Because the FBI has refused to reveal how its hacking methods work, citing the need for operational secrecy, the judge felt compelled to cancel the warrant and toss the evidence. If the FBI wants the case to continue, it may have to appeal this decision.

There seems to be an increasing trend of the U.S. government trying to hide information about how it gathers evidence through new surveillance techniques. Often, the reason that it gives for hiding that information is that it doesn’t want criminals to know about its methods.

However, in many cases, such as when talking about cell site simulators, the technology or methods have been public for years. When judges do discover what these new surveillance techniques actually are and what they do, they seem to lean towards calling them illegal and throwing out the evidence obtained with them. (This may be the real reason why the government is trying to hide its methods in the first place.)

The FBI may now find it increasingly harder to hide these techniques from judges. The agency could risk losing even more cases if it doesn’t either fully disclose its methods to the judges and hope for approval, or stop using them altogether.

Lucian Armasu is a Contributing Writer for Tom's Hardware. You can follow him at @lucian_armasu. 

Follow us on FacebookGoogle+, RSS, Twitter and YouTube.

Lucian Armasu
Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.
Topics
Security
20 Comments Comment from the forums
  • turkey3_scratch
    The FBI hacking people like that, I would think, is an illegal search and seizure to begin with, would it not be? With that, any evidence obtained via illegal search and seizure cannot be held up in the court of law anyway.
    Reply
  • Honis
    They originally had a warrant to place the malware on the target computers so the use and gathering was legal. At this point, since the warrant is cancelled, if they continued to gather information then it is illegal search and seizure.
    Reply
  • ahnilated
    Well if they get a "legal" warrant it would be legal. The problem is they rarely tell the judge the truth about what they are looking for or that the person is accused of.
    Reply
  • turkey3_scratch
    18024819 said:
    They originally had a warrant to place the malware on the target computers so the use and gathering was legal. At this point, since the warrant is cancelled, if they continued to gather information then it is illegal search and seizure.

    That clears things up, thanks.
    Reply
  • syrious1
    "There seems to be an increasing trend of the U.S. government trying to hide information about how it gathers evidence through new surveillance techniques. "

    Because they're doing it illegally.
    Reply
  • vudtmere
    They originally had a warrant to place the malware on the target computers so the use and gathering was legal.

    Getting a warrant to place malware on a computer is like getting a warrant to hide spy cameras all over someone's house. It isn't legitimate.

    The police state needs to be reigned in. Thought crimes are not real crimes anyway. Unless someone directly infringes on another's life, liberty, or property then they are not guilty of any crime no matter how despicable of a person they are.
    Reply
  • bak0n
    I think this also comes to an issue of possible planted evidence as well. If they aren't going to open up to share what they've done, how do you know exactly what they did?
    Reply
  • f-14
    I think this also comes to an issue of possible planted evidence as well. If they aren't going to open up to share what they've done, how do you know exactly what they did?
    that is a good point if the FBI set up a kiddie porn site or uploaded kiddie porn then the FBI is just as guilty as their suspects, actually more so than their suspects.
    now if they set up clickbait they're in the clear. as long as it's something you could find at a beach with certain caption blocking words or ad banners over key areas then monitoring who is going to the site and what they are clicking on that the FBI uploaded is still legal, so long as the FBI didn't break the law to create entrapment.
    Reply
  • f-14
    i also think there's is alot more going on here that is being said if the FBI was using the excuse of an on going investigation to hide the vulnerability or planted evidence/clickbait and that the warrant was thrown out now due to the fact a specific name was given for the warrant and the FBI was still using that warrant as a sheild to catch others mystery people who just showed up on the FBI radar for the first time or had long ago vanished and now reappeared.
    now if their reason for doing so was to locate an abducted missing child that was being exploited and the FBI won't reveal that information so as not to let the defendant get word out and tip off the perp(s)/human traffickers who stole that child so long ago and had resurfaced....well then i would excuse that no matter what a judge said or did, i would even be glad to help out to catch them.
    Reply
  • f-14
    i also think there's is alot more going on here that is being said if the FBI was using the excuse of an on going investigation to hide the vulnerability or planted evidence/clickbait and that the warrant was thrown out now due to the fact a specific name was given for the warrant and the FBI was still using that warrant as a sheild to catch others mystery people who just showed up on the FBI radar for the first time or had long ago vanished and now reappeared.
    now if their reason for doing so was to locate an abducted missing child that was being exploited and the FBI won't reveal that information so as not to let the defendant get word out and tip off the perp(s)/human traffickers who stole that child so long ago and had resurfaced....well then i would excuse that no matter what a judge said or did, i would even be glad to help out to catch them.
    Reply